Elly Yates-Roberts |
This article was originally published in the Autumn 2019 issue of The Record. Subscribe for FREE here to get the next issues delivered directly to your inbox.
Your network systems administrator tells you confidently “my systems are hardened.” But to what standard? If it’s only one person’s preference, your organisation should consider implementing a more robust standard. The Center for Internet Security (CIS) builds consensus-based resources by leveraging a global community of cybersecurity professionals, subject matter experts and industry leaders. Working together, they lead the development of cybersecurity best practices for configuring operating systems, server technology, cloud environments and more.
Configuration management is a core security principle. Because systems aren’t inherently configured securely, it’s up to users to ensure the right settings are in place to minimise vulnerabilities. This is true in both self-hosted and cloud environments. CIS believes in the strength of community to identify, validate and promote security best practices. That’s why we’ve collaborated with thousands to create the CIS Benchmarks configuration standards. These are security guidelines for hardening over 140 technologies, including popular cloud platforms.
When it came to securing the Azure cloud, CIS and Microsoft used this same spirit of collaboration to build the CIS Benchmark for Microsoft Azure Foundations. This is the first ever set of security configuration best practices for Microsoft Azure. It provides clear, step-by-step guidance on access management, networking, virtual machines and more, and aims to provide a consensus-based standard for securing Azure cloud environments.
CIS also leads teams focused on secure configurations for popular environments such as Microsoft Windows; Workstations 7, 8.1 and 10; Servers; and Microsoft Office 365.
This all takes place via CIS WorkBench, an online collaboration platform. Our security professionals have joined CIS WorkBench to collaborate with chief information security officers, network admins and cloud experts.
CIS brings secure operating system configurations to the cloud with CIS Hardened Images, preconfigured virtual machines that conform to the CIS Benchmarks secure configuration standards. They are Azure Certified and just as easy to launch as a base virtual machine. For just pennies per compute hour, organisations can use consensus-based best practices while working in cloud environments on the Microsoft Azure and Azure Government marketplaces.
It’s going to take all of us – vendors, service providers and a global community of cybersecurity experts – to defend self-hosted and cloud-based systems. By working together and sharing threat knowledge, we can create and implement stronger defences. The strength of the CIS Benchmarks and resulting CIS Hardened Images comes from the depth of experience and knowledge of the communities which help to build them. What guidance will your organisation follow?
Michelle Peterson is the product owner for CIS Benchmarks at Center for Internet Security