Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

What You Need to Know About Hybrid Cloud Environments


What does your cloud configuration look like? In many organizations, moving workloads to the cloud creates a more elastic technology infrastructure. That's why hybrid cloud environments are a popular solution. A hybrid cloud computing environment requires orchestration between two types of platforms:

  • On-premises, private cloud: Computing services offered to select users over the internet or a private internal network.
  • Public cloud: Services offered by third-party providers, known as cloud service providers (CSPs) to anyone over the public internet.

Each environment has unique advantages that help organizations stay flexible and secure. CISOs, Directors, Solution Architects, and other technology experts are taking notice; Infrastructure-as-a-service (IaaS) and Desktop-as-a-service (DaaS) will see the highest growth in 2021, 38.5% and 67.7% respectively, according to Gartner. So, what else do you need to know about this growing trend?

Hybrid Cloud: Mixing and Moving Workloads

Modern infrastructure calls for a multidimensional approach to cloud computing. While the private cloud approach offers a higher level of privacy, it often requires the same staffing and maintenance expenses as a traditional data center. Using a public cloud is convenient and scales quickly, but may not offer enough security controls for sensitive organizational data. A hybrid cloud environment takes advantage of both options.

By deploying a hybrid cloud environment, organizations can effectively maintain tighter security controls over sensitive data and processes. They can use their private cloud while enjoying the flexible computing of its public counterpart. It is important to understand the shared security responsibility between organizations and CSPs to defend against cyber threats.


A secure standard

Whether private, public, or hybrid — cloud infrastructure is under attack. According to Gartner, through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data. To prevent attacks and exploits, organizations should implement secure configurations such as the CIS Benchmarks. The CIS Benchmarks provide consensus-developed security recommendations for over 100 configuration guidelines across 25+ vendor product families including servers, operating systems, and cloud containers. What's more, they are free to download in PDF format.

Download CIS Benchmarks

Another challenge facing organizations working in the cloud is meeting compliance. Federal regulations, industry requirements, and internal security policies all drive compliance needs. When implemented, the CIS Benchmarks can help meet security compliance for PCI, NIST, HIPAA, and more. The CIS Benchmarks are also mapped to the CIS Controls, a set of cybersecurity best practices designed to help organizations develop a stronger defense program.

Hardening in the Public Cloud

Security is paramount for mission-critical systems and data residing in the public cloud. That’s why many organizations provide pre-hardened options for cloud OSes and container images. CIS Hardened Images are one option that offers conformance to the CIS Benchmarks security standard for a variety of cloud environments.

CIS Hardened Images help defend public cloud environments from the instant they launch. Because they’re pre-hardened, users benefit from the CIS Benchmark configurations built into the virtual machine. Each CIS Hardened Image comes with a conformance report displaying each security recommendation implemented, as well as any which could not be applied due to cloud restrictions. Launch one today via Amazon Web Services, Microsoft Azure, Google Cloud Platform, or Oracle Cloud Marketplaces.