Down the road, CSPM and CWPP will merge
CSPM technology analyzes a company's cloud workloads, both in the build pipeline and in production, with a view to detecting whether any of them have moved away from the prescribed best practices, representing a security risk or a potential compliance shortfall. The former situation is sometimes referred to as going outside the guardrails for secure development, while the latter is often called compliance drift.
CSPM is primarily for infrastructure- and platform-as-a-service (IaaS and PaaS), though it has also moved into the software-as-a-service (SaaS) world in recent times, with several cloud access security broker (CASB) vendors adding CSPM functionality through internal development or OEM contracts. Another development is that while CSPM started out as an alerting mechanism for IT departments to rectify perceived drift, over time, many vendors have added autocorrect capabilities to ease the burden on these teams.
There are a multitude of CSPM vendors, most of them dedicated startups, and Ovum sees a logical trend toward the technology merging with another major cloud security category, CWPP, so that customers have fewer providers to deal with and more functionality within enlarged portfolios to choose from.
This acquisition fits that mold, while allowing Trend Micro to consolidate its position in cloud security and broaden its offering there. Sydney-based Cloud Conformity was founded in 2016 and brings some 130 enterprise customers to the acquisition, including the likes of Qantas and Virgin. Trend Micro is a leader in CWPP, its Deep Security product having come from defending on-premises virtual machines and expanded into the cloud, containers, and applications. Both vendors partner with cloud market leader AWS: Trend Micro has been an advanced technology partner for many years, while Cloud Conformity was named an AWS Technology Partner of the Year for 2019.