Zscaler Cloud Security Posture Management
A tool for maintaining secure and compliant cloud infrastructure in multicloud environments.
| Category | Security Posture Management |
|---|---|
| Last page update | 19 days ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Organizations using multicloud environments looking for security posture management. |
Zscaler Cloud Security Posture Management (CSPM) manages maintaining a secure and compliant cloud infrastructure in multicloud environments. This tool collects actual configurations from various cloud service providers (such as AWS, Azure, Office 365, and Google Cloud) using APIs and, where necessary, agents to ensure comprehensive coverage.
The technical architecture of Zscaler CSPM involves integrating with cloud providers through control plane APIs and, in some cases, installing agents to gather metadata. This data is then compared against a robust set of built-in security policies and compliance frameworks, including over 1,500 security policies and 13 compliance frameworks like PCI DSS and HIPAA. The system identifies misconfigurations and policy violations, providing a detailed mapping of security policies within these frameworks.
Operational considerations include the need for high scalability, especially in large environments with over 10,000 cloud resources. Zscaler CSPM is designed to handle this scale by efficiently collecting and storing configuration metadata, minimizing scan times, and quickly displaying security posture data on intuitive dashboards. The tool also supports multiple deployment options, including public SaaS and private SaaS, to meet data sovereignty requirements.
Key technical details include the use of REST APIs for integration with CI/CD toolchains, enabling real-time assessments and automated remediation of security issues. The system allows for risk-based prioritization of security posture, policy management with overrides and exceptions, and the configuration of private benchmarks tailored to specific organizational needs. Remediation steps are provided for each security policy, with auto-remediation available for critical policies.
However, there are limitations to consider, such as soft restrictions on the number of resources within a cloud account (e.g., up to 500 resources in Azure and AWS, and up to 1,000 users in Office 365). Additionally, the onboarding process involves granting read-only access permissions, which may require careful management to ensure proper access control.