In March 2018, Microsoft published the CIS Microsoft Azure Foundations Security Benchmark. CIS Benchmarks are the recognized industry-standard for securely configuring traditional IT components.
DivvyCloud has taken this prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure and implemented it as one of our Insight Packs. DivvyCloud customers now have immediate, and continued visibility into the posture of their Azure environments against the Azure CIS benchmark, and can use Bots to automate the remediation of policy violations.
The Azure CIS benchmark’s purpose is to establish the foundation level of security for anyone adopting Microsoft Azure Cloud. Microsoft operates Azure using a shared responsibility model, similar to all public cloud providers. Per Microsoft, “shared responsibility in public cloud is related to the fact that you have a partner when you host resources on a public cloud service provider’s infrastructure. Who is responsible for what (regarding security) depends on the cloud service model you use (IaaS/PaaS/SaaS). With IaaS, the cloud service provider is responsible for the core infrastructure security, which includes storage, networking and compute (at least at the fabric level – the physical level).” Microsoft has published the graphic below to illustrate how shared responsibility works across the cloud service models.
For a deeper dive into the shared responsibility model, check out Microsoft’s Shared Responsibilities for Cloud Computing paper. This paper helps clarify to potential Azure customers where Azure’s implementation of security controls ends and begins, and where the customer’s responsibilities also begin and end (and this is where DivvyCloud’s Azure CIS Insight Pack comes in real handy).
Interested in learning more? Get your free trial of DivvyCloud and see the Azure CIS Insight Pack in action.
DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.