CIS Hardened Images in Azure Government
The use of virtual images is increasing as more government workloads shift from on-premises to cloud-based environments. Virtual images are a cost-effective option for projects with limited resources to purchase, store, and maintain hardware. Despite the benefits of working in the cloud, government IT managers are concerned with security.
Microsoft Azure recently announced the launch of Azure Government, a cloud environment for U.S. government entities and its solution providers. CIS Hardened Images™ have been available on Azure since 2017 and are now also available as an hourly billed usage offer on Azure Government. Government entities can now take advantage of Marketplace benefits like paying only for what you use and the ability to scale up or down on the fly.
What are CIS Hardened Images?
A virtual image is a template of an operating system (OS) or application environment installed on software that imitates dedicated hardware. These virtual images are available to “spin up” as many instances as you need in cloud computing platforms like Azure.
CIS Hardened Images are securely configured based on the CIS Benchmarks™, a set of recommendations developed through a consensus-based process by a global community of cybersecurity experts. The CIS Benchmarks are an internationally recognized secure configuration standard used by thousands of businesses to improve their cybersecurity defenses.
Why are CIS Hardened Images valuable for government entities?
The CIS Benchmarks can be utilized in place of Security Technical Implementation Guidelines (STIGs) that are the configuration standards for DoD IA and IA-enabled devices/systems. CIS Hardened Images are preconfigured according to the CIS Benchmarks. Now that CIS Benchmarks have been recognized as a suitable baseline in lieu of STIGs and SRGs, it also means that CIS Hardened Images meet the cloud security requirements.
Why use CIS Hardened Images in Azure Government?
Azure Government delivers a cloud platform built upon the foundational principles of security, privacy & control, compliance, and transparency. Public Sector entities receive a physically isolated instance of Microsoft Azure.