Enhancing Security Through Collaboration on Azure Cloud
Microsoft Azure customers now have access to a new version of the CIS Microsoft Azure Foundations Benchmark to help safeguard their cloud environments. This guide provides a starting point for securely configuring your Azure account and related services. The Center for Internet Security (CIS), Microsoft Azure, and the CIS global community of cybersecurity experts worked diligently to update and align their two sets of cybersecurity guidelines. Alignment between the CIS Microsoft Azure Foundations Benchmark v1.3.0 and the Azure Security Benchmark v2 combines the trust of consensus recommendations from both communities. This combination brings together a common security focused approach through collaboration. Ultimately, this partnership allows Azure cloud consumers to easily secure their environments without having to choose which guidance to follow.
CIS Microsoft Azure Foundations Benchmark v1.3.0 Highlights
The CIS Foundations Benchmarks provide prescriptive guidance for various areas including: identity and access management (IAM), database services, logging and monitoring, networking, virtual machines, and Azure's Security Center and Storage Accounts. The CIS Foundations Benchmark is available for download at no cost to public and private organizations worldwide.
Key changes to this new release include:
- Reference links in multiple recommendations to the CIS Azure Security Benchmark v2
- Multiple recommendations for the change of Advanced Data Security to Azure Defender
- New recommendations for additional Azure Defender bundles
- Multiple activity log alert console remediation steps
- Removal of multiple recommendations for features that have been deprecated
The CIS Foundations Benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Microsoft Azure.
CIS Microsoft Azure Foundations Benchmark Maps to Azure Security Benchmark
The mappings in the CIS Foundations Benchmark to the Azure Security Benchmark developed by Azure, include a collection of high-impact cybersecurity recommendations. They can be found in the resources section of the CIS Foundations Benchmark. The reference to the Azure Security Benchmark allows users to easily navigate to the guidelines and see the security controls and service baselines; there are 85+ Azure services covered by the service baselines. The security controls consist of 11 domains included in Azure Security Benchmark v2.
Shared Responsibility Model with CIS Cloud Security Tools
Typically, the cloud service provider (CSP) is responsible for security “of” the cloud computing infrastructure, including physical security of the CSP’s hardware. Most of the cloud user’s accountability is for security “within” the cloud, such as protecting the organization’s data. This delineation of security responsibilities is known as the Shared Responsibility Model.
CIS Foundations Benchmarks provide the basics for securely configuring and deploying services in public cloud environments. Cloud users can leverage this resource to securely configure their cloud accounts to an industry standard, doing their part in the Shared Responsibility Model.
A Complete Package of Cloud Security Resources
Once the public cloud account is secure, the next step is to configure the virtual machine (VM). Cloud security resources like CIS Hardened Images reduce the time spent hardening the VM. CIS starts with a base image for a specific operating system (OS) and hardens the image according to the CIS Benchmark recommendations.
CIS Hardened Images provide users with a multitude of benefits. They provide a secure, on-demand, and scalable computing environment in the cloud. This mitigates common threats such as malware, insufficient authorization, and remote intrusion. Organizations that need to deploy a secure image without devoting long hours to securely configure their OS rely on CIS Hardened Images, which are updated regularly to address patching and vulnerabilities.
CIS Hardened Images are available on Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud.
Aligning Secure Configurations: A Community accomplishment
The collaboration between CIS, Microsoft Azure, and the community of experts working on the CIS Microsoft Azure Foundations Benchmark illustrates the great things a community of users, vendors, and subject matter experts can accomplish through consensus. Whether an organization is already in the cloud or preparing to migrate, it's simple to start by applying the CIS Foundations Benchmark.
Those interested in participating in the development process for this CIS Benchmark or any others, can sign up via CIS WorkBench.