New CIS Benchmark for Google Cloud Computing Platform
The CIS Benchmarks™ community has been hard at work the past several months developing a new cloud benchmark: CIS Google Cloud Computing Platform Foundations Benchmark v1.0.0. This new benchmark can be used to help an organization build a set of security policies and processes to protect data and assets in Google Cloud Platform (GCP).
Much like on-premises systems, cloud environments are configured by default for convenience over security. This means they should be “hardened” to protect organizations’ data. “Hardening” is the process of securing a technical system to benchmarks like the CIS Benchmarks. When applied, the recommended configuration settings in the CIS Benchmarks can help protect systems from common cyber threats and improve overall security posture.
The CIS Google Cloud Computing Platform Foundations Benchmark v1.0.0 is intended to serve as a guide to secure the Google Cloud Computing Platform environment. This new benchmark joins hundreds of CIS Benchmarks, covering everything from network and mobile devices to mail servers and operating systems. You can download the new benchmark in PDF format for free:
The Audit and Remediation sections within this CIS Benchmark have been developed to include both the console steps and Command Line Interface commands where applicable and available. The structure of this benchmark is similar to that of other cloud-based CIS Benchmarks (such as AWS Foundations and Microsoft Azure Foundations) to ensure equal coverage in benchmark recommendations for as many cloud providers as possible.
Here is a brief glimpse of the sections covered in this CIS Benchmark:
- Identity and Access Management
- Logging and Monitoring configurations
- Virtual Networking Security settings
- Virtual Machine instance settings
- Storage Security configuration
- Cloud SQL Database Services settings
- Kubernetes Engine configuration
Developing CIS Benchmarks
Collaboration is key to developing CIS Benchmarks. The CIS Security Best Practices team works closely with subject matter experts and security professionals from around the globe to:
- Determine configuration settings
- Test and review security configurations
- Update CIS Benchmarks regularly
The hub for all this collaboration is the CIS WorkBench platform, where users can log in and provide feedback, share ideas, submit tickets, and more.
Implementing the security recommendations of the CIS Google Cloud Computing Platform Foundations Benchmark v.1.0.0 is the first step toward protecting data and assets in the cloud. You can increase your cybersecurity posture by also using CIS Hardened Images™ when you’re working in the cloud.
CIS Hardened Images are pre-configured virtual machines which match the security recommendations in the CIS Benchmarks. Like all virtual images, CIS Hardened Images are flexible, scalable, and easy to customize based on your computing needs. For a few extra cents per compute hour, you can work with confidence, knowing your image is more secure than a standard (non-hardened) virtual image.