4 Reasons Your IT Team Should Use Golden Images
A golden image, or machine template, is ideally configured to your environment. A golden image will have the functionality, security, and settings that are perfect for a particular machine. You can deploy a golden image across multiple computers, saving time and mitigating against configuration drift. CIS SecureSuite Members can create custom configuration policies through CIS WorkBench, a membership portal and community platform. Such a policy can be used to create a golden image.
Why deploy a golden image?
1. A golden image provides a secure baseline
Any golden image should start with a secure baseline, like the consensus-developed CIS Benchmarks. The CIS Benchmarks provide security guidance for over 140 technologies, including servers, operating systems, and cloud environments. Without foundational security in place, your machine template would be vulnerable to configuration gaps – far from ideal, or golden.
2. Golden images save time on deployment
Once you have a golden image, it’s time to deploy. CIS SecureSuite Membership offers Remediation Kits as Group Policy Objects (GPOs) for Windows and shell scripts for Linux. Remediation Kits automatically apply CIS Benchmark recommendations to a system, helping speed policy to implementation.
3. Create a golden image that’s ideal for your environment
Sometimes, in order to get to a true golden image, you need a custom configuration policy. It could be that a recommendation doesn’t make sense for your organization, or that a modified check is needed. CIS SecureSuite Members have the ability to tailor the CIS Benchmarks within the CIS WorkBench platform. Members can easily nullify checks which don’t apply to a particular environment or modify recommendations to meet organizational security policy. Members can create a custom configuration policy in multiple formats including Word, Excel, and XCCDF + OVAL.
4. Regularly deployed golden images help mitigate against configuration drift
Whether working with a CIS Benchmark or a custom configuration policy, it’s important to watch for configuration drift. Configuration drift occurs when settings are modified. This can be unintentional through application updates or done by users. Regularly assessing systems against a golden image using a configuration assessment tool such as CIS-CAT Pro can help you monitor for configuration drift. CIS-CAT Pro is included with - you guessed it - CIS SecureSuite Membership.
A golden opportunity
By deploying a golden image in your environment, you can rest a bit easier knowing your machines are ideally configured. CIS SecureSuite Membership helps you start with a secure baseline, customize it to your organizational needs, and assess against your custom configuration policy. Membership offers additional benefits including remote assessment, unlimited email support, and more. It’s never been a better time to enroll!