As organizations mature in their use of the cloud, they will find more innovative and efficient solutions for their workloads. For example, containerized applications provide portability, high efficiency, and rapid application launch. These are just a few of the reasons Gartner reports that by 2023, “70% of applications deployed in the cloud will use containers as a packaging mechanism” (“Enables continuous delivery through containers and DevOps. Better best practices ”, April 16, 2020, analyst Dennis Smith).
As you know, innovation comes with risks. With that in mind, cloud security experts understand the imperative to protect the container environment and leverage enhanced images to mitigate this risk.
The Center for Internet Security (CIS) provides enhanced CIS images that bring globally recognized security configuration recommendations for CIS benchmarks to the cloud. This resource is an enhanced virtual machine (VM) image that can be used by operating systems, databases, web servers, and containers. CIS enhanced containerized images are built on the vendor-based image through Docker. Docker, a standalone software package, makes it easy to run your applications across multiple IT environments. CIS offers these containerized CIS enhanced images to the Amazon Web Services (AWS) marketplace.
Benefits of a safe container
Container software, like Docker, bundles your app code with all the other files and libraries your app needs to run, so you can easily move it to other computing environments. The advantages of using these secure Docker containers are:
- The ability to quickly build and test applications. DevOps benefits and testing process
- Applications packed in containers are easy to replace
- Flexibility, profitability and ease of use
CIS is built using Docker, but CIS container images work with other container software.
CIS enhanced image based on secure Docker container
CIS provides multiple enhanced images overlaid in a secure Docker container on AWS Marketplace. These include versions of Amazon Linux, Ubuntu Linux, NGINX, and PostgreSQL. A complete list of cured CIS images List of CIS website platforms..
These enhanced CIS images on a secure Docker container on AWS Marketplace are:
- Deploy quickly with predefined security
- Easy to patch – remove old layers, collect patched layers, test and continue, or easily undo if necessary
- Profitability-AWS invoices on a pay-as-you-go model, so use only what you need
Mapping to the regulatory framework
The cybersecurity community CIS reference When CIS control As the industry standard for cyber protection around the world. Additionally, many industry executives refer to the CIS benchmark as an acceptable standard for regulatory compliance. These frameworks include DoD STIG, FedRAMP, DoD Cloud Computing SRG, HIPAA, PCI DSS, and NIST. By extension, CIS Hardened Images can help you comply with these frameworks.
Protect your cloud workloads with a CIS optimized image
CIS Hardened Images helps organizations work securely and affordably in the cloud. CIS preconfigures these enhanced images according to the recommendations of the CIS benchmark. CIS leads a community of cybersecurity professionals in developing consensus recommendations.
Hardened images are more secure than standard images. They provide protection against malware, improper permissions, and remote cloud intrusion. It also reduces initial material costs and saves time for maintenance. All enhanced CIS images include a CIS-CAT Pro report showing compliance with the CIS benchmark.