Building Baseline Security in the Cloud with Policies
Cloud security can often feel like an overwhelming practice. Cloud environments can employ many resources with varied functions, leading to the complicated task of securing these resources. Implementing baseline policies within your cloud environment can simplify the task of implementing common security practices uniformly across all resources. Cloud providers simplify this practice through policy-checking services. In Amazon Web Services (AWS), the service is called Config, while in Azure the service is called Policy.
Within AWS Config and Azure Policy, there are policy deployments in line with the Center for Internet Security (CIS) recommendations. The CIS issues a document with configuration recommendations for common services within cloud deployments. These services include identity management, compute, storage, networking, monitoring, and database configurations. For AWS, the list of recommendations is approximately 60 items. Instead of examining each item within a document, using AWS Config or Azure Policy can automate the process and alert you to many misconfigurations within minutes. This offers quick and easy deployment of baseline security configurations and continuous monitoring of the compliance state of those policies within the environment.
The following sections detail how to implement these baseline policies for AWS and Azure. It should be noted that some costs may be incurred related to the use of these services.