The 6 Postures of Cybersecurity

Article 2 of 9 in Building Your Cybersecurity Posture on Medium

After you understand your assets, then it’s off to determine how you want to continuously monitor the risk of each type of asset. These 6 postures align with the technologies you need to protect. Each technology needs governance, policies, and guardrails to help your people appropriately act within your organizations defined policies.

What is a Cybersecurity Posture?

A security posture is a collection of key risk indicators that collectively measure your organizations exposure to potential risk. The intention of a cybersecurity posture is to provide a high level indicator to general risk categories. I use 5 levels to map a typical security posture.

1. The first level is a single consolidated number that represents the overall cyber risk that exists within an entire organization.
2. The second level of detail is the cybersecurity categories of cloud, applications, data, network, devices, and identities.
3. In the third level of detail, I separate out the category into sub-categories that are specific to the category.
4. In the fourth level of detail, each of these parts are broken out into individual business units dependent on the organizational structure of the enterprise.
5. In a very mature organization, a fifth level is possible. In the fifth level of detail, I separate out the risk measurements into the different value streams specific to that business unit.

The 6 Postures of Cybersecurity

Cloud Security Posture Management

The most common security posture tool in the marketplace is Cloud security Posture Management (CSPM). Cloud security posture management is a compliance tool that manages cloud security policies, identifies configuration drift, detects misconfigurations, reports vulnerabilities, and integrates with workflow software to ensure redemption of issues. There are a bunch of tools that capture many of the features, but this tool space is still evolving. Right now, many of the tools are incorporating some of the other postures I talk about…It’s not necessarily important to have a 1 to 1 matching of tool to capability, but instead to make sure you cover all of your postures somehow.

Application Security Posture Management

Application Security Posture Management is the developer side of posture management. CSPM monitors your operations environments, and I expect the markers to build ASPM tools as an extension of security from the operations environment into the development process. I see ASPM as a tool that provide an application risk score to measures your enterprise’s risk to open source dependency vulnerabilities, static code vulnerabilities, credentials & secrets in code vulnerabilities, and container vulnerabilities in your binary repositories. A tool like take information from your source code repositories, continuous integration tool, binary repository, and security scanning tools, and approximate a risk to you application, business unit, and enterprise.

Data Security Posture Management

Data Security is important enough that I separate it from CSPM and IAM tools. Enterprises have data in the cloud, on premise, and on devices. It’s imperative to manage and detect unregulated personal identifiable information, data encrypting configurations, and role based access management policies. It’s not enough to just know where all your data is stored in your organization, it’s imperative to be able to ensure that data governance policies are application to all of your data store assets and continuously monitor them for access differences between your data store and you identify access control process. After all, developers and rogue scripts can alter privileges without going though the proper channels.

Identity Access Posture Management

Identity and access management its a key focus of all our assets. There is usually not one IAM system to rule them all. It’s therefore important to monitor that each follows enterprise policy and standards. The policies for how we implement identities and access management throughout out SaaS solutions, applications, data stores, and legacy tools must be monitored and reviewed for privileged access, separation of duty, and excess access.

Network Security Posture Management

Managing networks in a multi-cloud environment is complex due to the differences the major cloud vendors. Cloud network security posture management tools locate misconfigurations and enforce policy’s across the multi-cloud landscape. Issues can then be quick remediated by routing issues to an engineer or by using an auto-remediation service. This is a very important posture to manage as the configuration of your network devices and firewalls are the first line of defense to unauthorized access to your cloud.

Devise Security Posture Management

In today’s world, our IT assets are spread out as widely as our workers. It has become important to manage the assets, the assets configuration, the applications, and applications configurations. All of these items need to be auditable and reviewed periodicity.

What’s Next

Now it’s time to deep dive into each of the categories of cybersecurity posture’s…please consider checking our my other articles on cybersecurity posture management.

Articles in my Medium series “Building Your Cybersecurity Posture”

Article 1 — “13 Asset types to Build Your Cybersecurity Around”

Article 2 — “The 6 Categories of Cybersecurity Posture”

Article 3 — “Posture One: The Three Streams of a Cloud Security Posture”

Article 4 — “Posture Two: Application Security Posture”

Article 5 — “Posture Three: Data Security Posture”

Article 6 — “Posture Four: The Three Focuses Enterprises Need for an Identity Access Management Posture”

Coming soon…

Article 7 — “Posture Five: Network Security Posture”

Article 8 — “Posture Six: Device Security Posture”

Article 9 — “The Future of Securing Your Assets in a Decentralized Cloud”

As my daughter says, if you are interested in “what-ever-this-is,” then please consider following me on Medium.