Drifting is all good and well for the clouds in the sky, but when it comes to cloud computing, users should look out for configuration drift. A fully hardened server environment can require hundreds of configuration changes. Configuration drift occurs when users change computer settings such as adding or removing applications. This can open your organization to security vulnerabilities as users tend to opt for convenience over security.
Configuration drift can be addressed by using tools to automate the assessment and implementation of secure configuration settings. This approach requires manual involvement from your IT department.
To avoid configuration drift in cloud environments, users should regularly deploy a secure, standard image. CIS Hardened Images are one solution which is preconfigured to meet the secure configuration recommendations in the CIS Benchmarks. Currently available on AWS Marketplace, Microsoft Azure, and Google Cloud Platform, CIS Hardened Images help organizations around the world compute with confidence.
Cloud automation and orchestration services make it possible to start with a CIS Hardened Image and automate the installation and configuration of your application’s specific software requirements.
CIS Hardened Images are regularly updated to include the latest security patches – so one additional benefit to regularly deploying the latest CIS Hardened Image is knowing you’ve got the most up-to-date security standards in place. Using a pre-hardened image minimizes the threat surface and can mitigate against common cyber attacks.
Using cloud automation and orchestration approach, teams can continually integrate the newest CIS Hardened Image into their application testing and migration process. As new images are tested and approved, they can replace the prior image, ensuring that the latest CIS Hardened Image is used.
One way to make sure you’re using the most recent CIS Hardened Image on the AWS Marketplace is to use the CIS-created python script which checks for the latest Amazon Machine Image (AMI).
Users love to make machines their own by changing settings, installing and removing programs, and adding plug-ins. This creates configuration drift and can introduce security vulnerabilities. Thankfully, regularly deploying CIS Hardened Images can help avoid configuration drift and ensure that security settings are in place.