I've been securing my cloud instances the same way I would for dedicated hardware. I use the same tools. I periodically eyeball usage data from the service providers to make sure their end is OK. Takes 5-15 minutes. Occasionally run updates. It all mostly just keeps chugging along.

What is a CSPM? Some cloud monitoring tool? What does it provide over open-source security and monitoring tools with years of field use that would make me invest time into it? Also, have these tools been thoroughly audited, scanned, fuzzed, and pentested by reputable people like some of the open source tools we've been using? Since tools are part of the attack surface, do these tools themselves increase or reduce it?

Serious questions since you think I should be very knowledgeable about these tools. My tech stack just works with minimal maintenance. So, I'd have to lose time on more important or fun stuff to even study CSPM or Wiz. Not counting setting it up.