Three Ways to Use CIS Cloud Security Resources in the AWS Cloud
It is clear that the remote capabilities of modern offices have constantly changed. Most organizations are seeing an increase in hybrid remote working. This means that using the public cloud is important. Customer security in the cloud remains a key component of its growth. The Center for Internet Security (CIS) has been working with Amazon Web Services (AWS) to improve the security of the AWS Cloud since 2015.
As most security professionals know, the AWS Responsibility Sharing Model is an important resource for learning how to implement cloud security. This model makes it easy to understand the role cloud consumers play in protecting their own AWS environment.
Once you understand the security actions you need to take, the next step is to rely on independent security tools to take those actions. CIS security best practices help organizations achieve cloud security from the client side of the accountability model. Read on to learn more about the top three IEC cloud security resources.
1. Prevention of general cyber attacks by CIS control
The first step in gaining a basic understanding of your organization’s security is to assess your overall cyber health. Measuring your organization against security best practices such as CIS controls can help you understand your cybersecurity status.
NS CIS control Is a set of internationally recognized free cybersecurity best practices. This is a definition of a “method” for achieving an effective cybersecurity program, as it is hierarchical and inherently prescriptive. These serve as a starting point for organizations looking to improve their cyber defenses.
To use CIS Controls in the cloud, CIS provides the CIS Controls Cloud Companion Guide. An overview of the four cloud-as-a-service environments and their mapping to CIS controls: infrastructure as a service (IaaS), software as a service (SaaS), platform as a service (PaaS) and function as a service (FaaS).
This guide also describes the risks inherent in cloud environments (vulnerabilities, threats, consequences and security responsibilities). These risks reinforce the priority of the company’s security requirements (availability, integrity, data confidentiality, etc.).
The CIS Controls Cloud Companion guide helps consumers apply CIS Controls to cloud environments. This is an essential starting point for anyone wanting to conduct a safety improvement assessment. In addition to the free PDF guide, CIS provides a downloadable spreadsheet for tracking compliance with these recommendations.
Download the CISControls Cloud Companion Guide
2. Consensus-based cloud security advice
The second resource provided by CIS to help organizations meet some of AWS’s shared responsibility models for cloud security is the CIS benchmark. These guides include prescriptive guidance for protecting the configuration of various technologies, such as a subset of AWS cloud services and account-level settings.
The focus is on basic, testable and architecture independent configurations. AWS CIS Best Practice Configuration Guide AWS Foundations Benchmark, CIS Amazon Linux 2 BenchmarkService based on guidance such as, and CIS Amazon Elastic Kubernetes Service (EKS) Benchmark, and this AWS End User Computing Benchmark ..
The participation of subject matter experts and technology providers is essential to develop these and other CIS benchmarks. AWS actively participates with other volunteer members. CIS community. The information provided by AWS for the AWS CIS benchmark is invaluable to the success of AWS. As with any CIS benchmark, the tech community will come to a consensus on what to include.
The new version of CIS Benchmark for AWS includes the following updates:
- Changed several recommendations to refer to rotating access keys to match password complexity and expiration dates, as well as current NIST (and CIS) guidelines.
- Sort Identity and Access Management (IAM) sections to match the AWS console interface, making it easier for users to audit and implement recommendations
- Added recommendations for protecting personal and sensitive information using encryption of data in transit and data at rest
Download CIS AWS Foundations Benchmark
3. Protect your Amazon machine image on the AWS Cloud
While CIS infrastructure and service-based benchmarks help you configure your cloud environment securely, CIS Hardened Images provides a secure operating system. CIS enhanced images are built on top of the base operating system (OS). CIS predefines the security recommendations of the CIS benchmark in the operating system. To use the processed CIS image, you can access it on the AWS Marketplace. These virtual machines are available in all AWS Regions, including the AWS GovCloud (US) Region.
In 2019, CIS became a launch partner of AWS, ATO (Authority to Operate). NS ATO on AWS This program focuses on AWS Partner Network (APN) partners to facilitate the approval process for general compliance frameworks. APN partners in this program have access to both automation and technical security orchestration (SAO) functionality, as well as direct collaboration with highly trained AWS compliance specialists. This certification validates the support that the CIS provides to the organization and helps the organization comply with the general compliance framework.
CIS is proud to be an APN partner and provides its own developed resources to the cybersecurity community.
CIS hardened image details
Copyright © 2021 IDG Communications, Inc.