What is CIS?
Founded in 1989 by Allan Paller, SANS Institute is a company that specializes in information and cybersecurity. The SANS Institute partners with the Center for Internet Security (CIS) and industry professionals to maintain the 20 critical security controls. The CIS 20 are essential to protect the assets and data of an organization from known cyber-attack vectors. These controls should be implemented by companies that seek to strengthen their security in the Internet of Things (IoT) domain. The CIS 20 controls span across asset configurations (hardware and software), malware defenses, recovery, continuous monitoring and control, incident response plans and management, penetration tests, and Red Team exercises.
CIS + Azure Cloud
CIS talks about three levels of security controls. The basic controls should be implemented in every organization for essential cyber defense readiness. Basic controls include continuous vulnerability management, controlled use of administrative privileges, secure configuration of hardware and software, maintenance, monitoring, and audit logs analysis. The foundation controls are the best technical practices that provide clear security benefits. These include email and browser protections, malware defenses, data recovery capabilities, data protection, boundary defense, wireless access control, and account monitoring and control. The organizational controls focus on the people and processes involved in cybersecurity. These include application software security, incident response, and management and penetration testing. Almost all of the above controls apply when using cloud infrastructure with Microsoft Azure.
The CIS 20 Security Controls are not mandatory or required by law. However, since it is such a comprehensive guide to online security, focusing on basic, foundational, and organization control levels that it is highly recommended that organizations implement them. Having the three levels of controls mentioned in CIS will help your organization a long way regarding data privacy and security. CIS Security controls are not rules but a guide of best practices. Cloudanix helps you achieve CIS compliance and make your cloud infrastructure secure. We provide a wide variety of recipes for auditing Azure cloud services like Azure IAM, Azure SQL, Azure Compute, Azure AppService, Azure Storage, Azure Network and many more. Cloudanix automates audits that perform various checks consisting of different rules on the best practices that should be followed while using these services. Our audit lets you know in the audit report if you are violating these rules and, effectively, the clauses of CIS. We at Cloudanix ensure you follow the best security practices specified by CIS while we are taking care of your security audits!