Hybrid Cloud Security Auditing: Enhancing Posture through Integrated Use of Native and Open-Source CSPM Tools

Mbuthia, Jacklyne Wamaitha

Hybrid Cloud Security Auditing: Enhancing Posture through Integrated Use of Native and Open-Source CSPM Tools

Tools

Mbuthia, Jacklyne Wamaitha (2025) Hybrid Cloud Security Auditing: Enhancing Posture through Integrated Use of Native and Open-Source CSPM Tools. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (1MB) \| Preview
Preview	PDF (Configuration Manual) Download (937kB) \| Preview

Abstract

As cloud adoption accelerates, organizations increasingly adopt multi-cloud models, facing pressure to maintain strong security postures under constrained budgets. Cloud Security Posture Management (CSPM) tools play a critical role in identifying missing configurations, misconfigurations and compliance violations. However, many security teams cannot afford premium commercial CSPM solutions or paid tiers of cloud-native tools. The potential of hybrid CSPM approaches strategically combining open-source tools like Prowler with free tier of Microsoft Defender for Cloud (MDC) remains largely unexplored.

This thesis investigates the feasibility, effectiveness and strategic implications of a unified hybrid CSPM framework integrating Prowler with MDC’s free tier. A Python-based deployment framework was developed to enable deployment and automation. The research evaluates complementary detection capabilities, operational overlaps and the scalability of hybrid CSPM across multi-cloud environments.

This study employs a mixed method approach combining systematic literature review, practical implementation and industry validation. Results show that hybrid CSPM architectures outperform single-platform solutions across several metrics. The unified framework demonstrates that Prowler and MDC’s free tier offer significantly complementary capabilities, enhancing overall visibility and security coverage.

This research advances the development of unified CSPM models, leveraging the multi-cloud capabilities of both Prowler and Microsoft Defender for Cloud. It offers actionable insights for practitioners including tool section criteria, integration architectures and implementation roadmap. The proposed collaboration framework helps organizations optimize cloud security investments while ensuring broad protection across multi-cloud environments.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Monaghan, Mark UNSPECIFIED
Uncontrolled Keywords:	Hybrid CPSM; Prowler; Microsoft Defender for Cloud; Unified Cloud Security Posture Management; Cloud Security Auditing
Subjects:	T Technology > T Technology (General) > Information Technology > Cloud computing Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Ciara O'Brien
Date Deposited:	15 Jun 2026 14:42
Last Modified:	15 Jun 2026 14:42
URI:	https://norma.ncirl.ie/id/eprint/9360

Actions (login required)

View Item