What CSPM does
CSPM tools automate the process of evaluating your cloud configurations – Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) – for potential security weaknesses. They scan for misconfigurations, ‘drift’ (unauthorised changes to your environment), and generate reports comparing your setup against established benchmarks like the CIS Critical Controls, NIST Cybersecurity Framework, and the Australian Signals Directorate’s Information Security Manual (ISM). This provides visibility into your overall cloud security posture.
CSPM in Australian tenants today
Microsoft Defender for Cloud offers a foundational CSPM tier at no additional cost, alongside a paid Defender CSPM plan with advanced capabilities. For AU mid-market organisations, leveraging Defender for Cloud’s CSPM capabilities can assist with demonstrating compliance against the ACSC Essential Eight Maturity Levels, ASD ISM controls, and potentially PCI-DSS requirements, particularly if processing cardholder data in the cloud. Consider the ongoing costs of remediation and the potential penalties under the Notifiable Data Breaches scheme when evaluating CSPM investment.