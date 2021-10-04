As organizations mature their utilization of the cloud, they find more innovative and effective solutions for their workloads. For example, containerized applications offer portability, high efficiency, and faster app start-up. These are just a few reasons why Gartner reports that by 2023, "70% of applications deployed in the cloud will use containers as a packaging mechanism" (“Best Practices to Enable Continuous Delivery With Containers and DevOps,” April 16, 2020, by Analyst Dennis Smith).

As we know, with innovation comes risk. Considering this, any cloud security professional understands it's imperative to secure their container environments and utilize hardened images to reduce that risk.

The Center for Internet Security (CIS) offers CIS Hardened Images, which bring the globally recognized security configuration recommendations of the CIS Benchmarks to the cloud. This resource is a hardened virtual machine (VM) image available for operating systems, databases, web servers, and containers. The containerized CIS Hardened Images are built on provider-based images via Docker. Docker, a self-contained software bundle, makes it easy for applications to run on multiple computing environments. CIS provides these containerized CIS Hardened Images in Amazon Web Services (AWS) Marketplace.

Secure Container Benefits

Container software, such as Docker, packages the application code with all of the other files and libraries an application needs to run, so it can easily move to other computing environments. The benefits of using these secure Docker containers include:

The ability to build and test applications quickly, benefitting DevOps and testing processes

Applications packaged in containers can easily swap in and out

Flexibility, cost-effectiveness, and ease of use

Although CIS builds using Docker, CIS container images will work with other container software.

CIS Hardened Images Built on Secure Docker Containers

CIS offers several hardened images layered on secure Docker containers in AWS Marketplace. These include versions of Amazon Linux, Ubuntu Linux, NGINX, and PostgreSQL. You can see the full list of CIS Hardened Images on the platform list on the CIS website.

These CIS Hardened Images on secure Docker containers in AWS Marketplace are:

Deployed quickly with pre-configured security

Easy to patch – take out the old layer and bring in the patched layer, test, and proceed or easily roll back if necessary

Cost effective – use only what you need, since AWS bills with a pay-as-you-go model

Mapped to Regulatory Frameworks

The cybersecurity community recognizes the CIS Benchmarks and CIS Controls as industry standards for cyber protection around the world. What's more, many industry frameworks reference CIS Benchmarks as an acceptable standard to help meet compliance. These frameworks include DoD STIGs, FedRAMP, DoD Cloud Computing SRG, HIPAA, PCI DSS, and NIST. By extension, CIS Hardened Images can help meet compliance to these frameworks.

Secure Your Cloud Workloads with CIS Hardened Images

CIS Hardened Images help organizations work securely and affordably in the cloud. CIS pre-configures these hardened images according to CIS Benchmark recommendations. To develop consensus-based recommendations, CIS leads a community of cybersecurity experts.

The hardened images are more secure than standard images. They offer protection against malware, insu­fficient authorization, and remote intrusion in the cloud. They also provide reduced upfront hardware costs and savings on resource hours for maintenance. Every Hardened Image from CIS includes a CIS-CAT Pro report showing conformance to the CIS Benchmark.