The Center for Internet Security (CIS) has announced the launch of CIS configuration resources for Amazon Web Services (AWS). The move is meant to address a growing concern surrounding the data safety of information housed on virtual servers in the cloud.
Available as Amazon Machine Images (AMIs), these will allow organizations to leverage cloud-based resources configured according to industry best-practice security controls.
“CIS is committed to helping organizations improve their cybersecurity and we are pleased to make the CIS AMIs available to a broad audience on AWS through AWS Marketplace,” said William F. Pelgrin, CEO of CIS, in a statement. “The need for flexible, affordable and secure resources is urgent, and as more organizations move their business into the cloud, the CIS AMIs are a cost-effective way for entities in the public and private sectors to customize solutions that meet their needs.”
The CIS AMIs, which are available in the AWS Marketplace for use by any organization that leverages Amazon Elastic Compute Cloud (EC2), are available for six CIS benchmarks-hardened systems, including Microsoft Windows, Linux and Ubuntu. They’re available on demand on a computer-hour basis and are the only virtual machines available in the cloud that are preconfigured based on CIS’ secure configuration recommendations.
Amazon EC2 Regions where the CIS AMIs are available include: US East (N. Virginia), EU (Ireland), Asia Pacific (Singapore), US West (N. California), EU (Frankfurt), Asia Pacific (Sydney), US West (Oregon), Asia Pacific (Tokyo), and South America (Sao Paulo).
“Security is incredibly important to our customers; therefore, it is a number one priority for us,” said Stephen Schmidt, CISO at Amazon Web Services. “By working with CIS, these security best-practice controls are now readily available in AWS Marketplace to help our customers protect their data.”
The news comes as the security of data in the cloud begins to reach the status of an executive-level concern. The Cloud Security Alliance (CSA) found in a recent survey that decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, with 61% of companies indicating that executives are now involved in such decisions. IT teams are increasingly being tasked with balancing the need to enable software-as-a-service apps while also enforcing corporate security, compliance and governance policies.