Shulou(Shulou.com)05/31 Report--

This article focuses on "how to use CIS benchmarks to improve public cloud security". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor learn how to use CIS benchmarks to improve public cloud security.

Maintaining the public cloud environment is a common responsibility for enterprises and cloud computing providers. Cloud computing users should use the Internet Security Center (CIS) benchmark to ensure cloud security at their account level.

CIS provides a consensus-based configuration standard for cloud platforms that is independent of cloud computing vendors. These best practices, known as CIS benchmarks, are designed to help enterprises protect public cloud environments at the account level.

Security leaders and cloud computing engineering teams can use CIS benchmarks for cloud security in two ways: first, independent standards for security controls and configurations with reference to best practices can help define internal requirements for secure cloud computing deployments. This is critical when defining and approving policies and standards that all business units and IT operations teams should follow in their own cloud accounts and subscriptions. Second, these benchmarks can help enterprises develop continuous monitoring and reporting strategies for cloud computing control platforms and asset compliance.

How to improve Security by implementing CIS benchmark

Public cloud customers can experience both short-term and long-term benefits from implementing CIS benchmarks for cloud security. Short-term returns include improved security posture and a reduction in the number of vulnerabilities in common cloud computing asset classes, such as virtual machines and other workloads. Implementing this framework can also reduce the direct attack surface associated with data leakage and possibly misconfigured cloud control platform services.

Long-term rewards include improved overall security in the enterprise cloud computing environment, as well as enhanced monitoring and reporting of configurations. This improves security and operational efficiency by developing more accurate metrics and reporting vulnerabilities.

Many people question whether the CIS cloud security framework should be seen as a high-level end goal or as a security starting point. In many ways, the answer is both. The CIS benchmark creates projects at two levels: the first-level project is designed to provide immediate security benefits. They are relatively practical, easy to implement, and rarely suppress or disrupt cloud service or asset functionality in any way. The first-level benchmark project should be the starting point for all enterprises and is widely recognized as a benchmark best practice that almost any enterprise can use quickly and easily.

However, the second-level project provides more powerful security features and a deeper defense posture. This level of CIS cloud security control can cause some services or assets to underperform or even disrupt in some cases. Enterprises with more stringent security requirements can regard the second-level CIS benchmark project as a short-term goal, but most enterprises will regard it as part of a long-term strategy.

Scope of the CIS public cloud foundation

The CIS benchmark can be downloaded for the following public cloud environments:

Ali Yun

AWS

Google Cloud platform

Google Workspace

IBM cloud

Microsoft Azure

Oracle Cloud Computing Infrastructure

Although the CIS benchmark for a given platform may be different from that for other platforms, there are still obvious commonalities. All CIS benchmarks for public clouds have similar categories of control recommendations, from virtual machine workload security to storage and data security settings to privileged access control.

Control recommendations for CIS Cloud Security

The general and feasible recommendations are as follows:

Create secure cloud workloads that meet industry best practices and enhanced standards, and store and monitor these new images.

Enable cloud computing control platform logging through tools such as AWS CloudTrail or Google Cloud's operation suite (formerly known as Stackdriver) to provide visibility into all API calls made within the cloud service account. In addition, cloud native monitoring and alerts should be configured and enabled.

Enable strong authentication for any cloud management interface, including the Web portal or the command line. Implement the least privileged identity policy for different cloud computing operational roles.

Enable encryption and other data protection measures for cloud storage services.

Secure cloud native network access control to minimize access and enable network flow data to monitor network behavior.

How to improve the CIS Cloud Security Framework

Large-scale cloud service environment is developing at a faster and faster speed. While the CIS benchmark covers the core foundation of cloud security control and configuration, updating consensus-based guidelines more frequently will help to better serve the enterprise by providing updated guidance.

In addition, combining benchmarks with industry attack models and frameworks, such as Mitre ATT&CK for cloud computing, will help educate stakeholders about which controls to use to protect them in real-world cloud attack scenarios.

At this point, I believe you have a better understanding of "how to use CIS benchmarks to improve public cloud security". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.