Three Ways that Security in the Azure Cloud Just Got Simpler

Organizations’ use of the cloud is increasing, but this is contributing to a rise in the volume of cloud security incidents. In the 2022 Cloud Security Report, 98% of organizations told Check Point that they use the cloud to host business applications and store data. But more than a quarter (27%) of respondents revealed that they had suffered a security incident in their cloud environments in the last year. Of those events, 23% resulted from a cloud misconfiguration.

This is why the Center for Internet Security (CIS) continues to partner with cloud service providers (CSPs) like Microsoft Azure to provide security hardening guidelines for cloud-based systems. In this partnership, Azure security and compliance experts join the CIS WorkBench communities to contribute their guidance – alongside the other CIS Community Members – to help in the development and consensus process. CIS facilitates the feedback from the community and contributes our expertise to that process.

We’re grateful for this ongoing collaboration, as it allows us to continually release updated and new CIS Benchmarks content. At this time, we’re pleased to announce the release of three CIS Microsoft Azure Benchmarks. Let's explore both of them below.

Updated Security Foundations for Microsoft Azure

The first release is an update to our CIS Microsoft Azure Foundations Benchmark. We regularly update all CIS Benchmarks to ensure that our recommendations stay up-to-date with system hardening best practices. The same is true of this Benchmark.

CIS Microsoft Azure Foundations Benchmark v1.5.0 differs from the previous version in the following ways:

  • Contains new sections for Conditional Access, Microsoft Defender, Key Vault
  • Comes with updated and expanded Azure CLI and Powershell Audit and Remediation Methods
  • Delivers 20+ new recommendations

Every recommendation in the CIS Azure Foundations Benchmark v1.5.0 – whether old, new, or updated – includes a reference to the Azure Security Benchmark v3 maintained by Microsoft Azure.

Support for Azure-Based OSes

While the updated CIS Microsoft Azure Foundations Benchmark addresses Azure posture and workload security issues, it does not focus on securing operating systems (OSs) that are running in Azure environments. This is why weelected to introduce a new CIS Benchmark to specifically address this challenge.

The first cloud-focused OS Benchmark for Microsoft Azure, CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 responds to customers' need to receive CIS Benchmarks recommendations for their operating systems in the cloud. Many of our Benchmarks for OSs (Windows and Linux)are built for on premises systems. When you use these current OS Benchmarks in the cloud, you have to tailor some recommendations that align with cloud-specific security controls.

Customizing our recommendations to align with computing in Azure makes operations smoother for these organizations. That's why we released this Benchmark. It provides secure configuration settings for Microsoft Windows Server 2019 virtual machines running in Azure. 

Ongoing Collaboration Around Security in the Cloud

We look forward to continuing to work with Microsoft on cloud security guidance. In addition to Azure, for instance, we've partnered with Microsoft to release CIS Microsoft 365 Foundations Benchmark v1.5.0. This Benchmark provides prescriptive guidance to secure Microsoft 365 Cloud offerings running on any OS. It is tested against Microsoft 365, and includes recommendations for Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and Intune.

We invite anyone who's interested in contributing to the CIS Microsoft 365 Foundations Benchmark to join the corresponding Community. We also encourage everyone to begin using the security guidance published in these two CIS Microsoft Azure Benchmarks so that they can harden their systems more effectively.