Chat with your cloud in Turbot Pipes →
HomeHomeWhat is PSPM?Core Capability 1: Prevention Posture Visibility

Core Capability 1: Prevention Posture Visibility

This is one of five core capabilities PSPM platforms provide to enable prevention at scale. These capabilities work together to make the five prevention practices achievable across complex multi-cloud environments.

PSPM creates unified visibility into preventive controls across all four prevention layers:

Build layer visibility shows IaC scanning coverage across repositories. Which repos have scanning enabled? What frameworks (Terraform, CloudFormation, ARM, Pulumi) get scanned? What rules run in each scanner? What issues get blocked versus flagged as warnings?

Access layer visibility maps organization policies across cloud accounts. What Service Control Policies (SCPs), Azure Policies, and GCP Organization Policies exist? Where do they apply? What actions do they block? How do policies interact across organizational hierarchies?

Config layer visibility documents secure defaults across accounts and services. Which accounts have default encryption enabled? What public access restrictions apply? What security configurations automatically apply to new resources?

Runtime layer visibility catalogs continuous monitoring and auto-remediation. What runtime tools scan for drift? What misconfigurations trigger automatic remediation? How quickly do runtime controls detect and fix issues?

This unified visibility answers critical questions:

  • What prevention exists today and where does it apply?
  • Which services and resources have prevention coverage?
  • Where do prevention gaps create risk?
  • How does prevention coverage vary across accounts, clouds, and teams?

Prevention posture visibility enables the Discover practice - understanding current preventive capabilities before expanding coverage.