Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Chris Ray
- About GigaOm
- Copyright
1. Summary
Too often security teams struggle to make do with suboptimal, legacy, on-premises architectures. These architectures are filled with bolt-on security solutions that may perform well enough, but aren’t able to provide the depth of insight or degree of security that organizations require today.
The widespread—and accelerating—adoption of the public cloud can be a catalyst for change and an opportunity for security teams to start anew. Many security teams are finding that engineering and product teams are looking to them for guidance when shifting processes and workloads to the cloud and architecting and creating public cloud services.
While cloud security posture management (CSPM) solutions can’t provide proactive architectural guidance for engineering teams, they can provide invaluable insights into the chosen architecture, the services in use in the public cloud, the identities (users) managing the public cloud, and even the workloads running in the cloud.
CSPM offerings are typically cloud-native security solutions that leverage the numerous application programming interfaces (APIs) available through public cloud providers to collect data. The data gathered through these APIs is sorted and then analyzed in various ways to identify risks, such as misconfigurations and vulnerabilities. A CSPM solution’s ability to gather public cloud configuration data and workload events allows it to provide detailed visualizations of the cloud architecture. CSPM solutions also enable users to identify relationships among cloud services, workloads, and other various cloud assets.
Together, these features provide deep visibility into a technology that is often regarded as opaque.
CSPM solutions started as simple API monitoring and data visualization solutions meant to give security teams visibility into cloud infrastructure. However, these solutions quickly grew beyond that use case and now include identity and access management (IAM) and workload monitoring. And soon, they might include forms of application security like static application security testing (SAST) or source code analysis (SCA) as vendors attempt to build one-stop-shops for cloud security.
This GigaOm Radar report highlights key CSPM vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating CSPM Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.