New CIS Foundations Benchmark for Oracle Cloud
Oracle Cloud users have a new resource to help secure their cloud environments: the CIS Oracle Cloud Infrastructure Foundations Benchmark. This objective, consensus-driven best practice provides prescriptive guidance to securely configure an Oracle Cloud account.
The new CIS Foundations Benchmark is the result of months of development by a volunteer community of security experts. The step-by-step checklist includes detailed recommendations for Identity and Access Management, networking, and logging and monitoring. It's available as a free download to public and private organizations worldwide.
CIS Foundations Benchmark for Oracle Cloud Highlights
The recommendations in the new CIS Foundations Benchmark for Oracle Cloud include:
- Encouraging the use of multi-factor authentication (MFA) for all console users
- Restricting remote administration ports outside of the enterprise network
- Configuring logging and notifications to aid in identifying anomalous behavior and investigate potential compromise.
The new CIS Foundations Benchmark is a first version release. It's intended for system and application administrators, security specialists, auditors, help desk, platform deployment, and/or DevOps personnel. In other words, it's for anyone who plans to develop, deploy, assess, or secure solutions in Oracle Cloud. Subject matter experts from backgrounds including consulting, software development, audit and compliance, participated in the creation of this CIS Foundations Benchmark for Oracle Cloud.
Shared Responsibility Model
Typically, the cloud service provider (CSP) is responsible for security “of” the cloud computing infrastructure, including physical security of the CSP’s hardware. Most of the cloud user’s accountability is for security “within” the cloud, such as protecting the organization’s data. This delineation of security responsibilities is known as the Shared Responsibility Model.
CIS Foundations Benchmarks provide the basics for configuring, deploying, and securing services in public cloud environments. This is better than leaving the responsibility solely with the CSP. Organizations leverage this resource to configure their cloud environments to an industry standard.
Like the newly published guidance for Oracle Cloud, CIS Foundations Benchmarks are available for Amazon Web Services, Microsoft Azure, and Google Cloud Platform (GCP). CIS works closely with the security community (including the CSPs) to develop and maintain each of the CIS Foundations Benchmarks.
A Complete Package of Cloud Security Resources
Once the public cloud account is secure, the next step is to secure the virtual machine (VM). Cloud security resources like CIS Hardened Images reduce the time spent hardening the VM. CIS starts with a base image for a specific operating system (OS) and hardens the image according to the CIS Benchmark recommendations.
CIS Hardened Images provide users with a multitude of benefits. They provide a secure, on-demand, and scalable computing environment in the cloud. This mitigates common threats such as malware, insufficient authorization, and remote intrusion. Organizations that need to deploy a secure image without devoting long hours to secure their OS rely on CIS Hardened Images. CIS updates CIS Hardened Images regularly to address patching and vulnerabilities.
CIS Hardened Images are available on Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud.
A Community Accomplishment
The CIS Oracle Cloud Infrastructure Foundations Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. Whether an organization is already in the cloud or preparing to migrate, it's crucial to apply the CIS Foundations Benchmark.
Those interested in participating in the development process for this CIS Benchmark or any others, can sign up via CIS WorkBench.