This topic answers common questions about the Cloud Security Posture Management (CSPM) feature in Security Center.
Why does CSPM matter?
Most cloud attacks stem from misconfigurations — not zero-day exploits. Misconfigured Object Storage Service (OSS) bucket permissions expose sensitive data; leaked AccessKey pairs from Alibaba Cloud accounts create financial and compliance risk. As cloud environments grow more automated and self-service, misconfigurations accumulate faster than teams can catch them manually.
CSPM continuously checks your cloud service configurations across three dimensions: Cloud Infrastructure Entitlement Management (CIEM), security risk management, and compliance risk management. When issues are found, it typically provides automated remediation so you can fix risks at scale. For details, see Overview.
How do I improve database configuration security with Security Center?
Security Center provides two complementary features for database security:
| Feature | What it checks | What it provides |
|---|---|---|
| CSPM | Database configurations on a server from multiple dimensions: network access control, data security, log audit, access control policies, automatic backup settings, allowlists | Fixing solutions |
| Baseline check | Database configurations on a server for configuration and application risks: weak passwords on login accounts, compliance with Alibaba Cloud best practice standards | Alerts and fixing suggestions |
Use CSPM to harden database configurations from the cloud control plane. Use baseline check to catch configuration gaps at the OS and application layer.
How do I use CSPM to check and fix cloud service configurations?
Purchase CSPM and complete authorization. See Purchase and authorization.
Add the cloud services to check. See Add cloud services.
Configure check policies, review results, and remediate detected risk items. See Overview.
How do I disable CSPM?
The steps differ by edition and billing method.
Basic edition
No action needed. The Basic edition provides limited CSPM detection with no restrictions on the number of scans or verifications, but does not support the remediation feature.
Anti-virus, Advanced, Enterprise, and Ultimate editions — subscription billing
Disable CSPM by downgrading your order. See Downgrade.
Anti-virus, Advanced, Enterprise, and Ultimate editions — Pay-as-you-go billing
Go to Risk Governance > CSPM. On the Configuration Check tab, click Suspended in the Used Quota section.