Center for Internet Security Collaborates with Cloud Security Experts on Prioritized Security Recommendations for Cloud Infrastructures

Share Article

New Security Guide Will Assist Organizations in Identifying and Implementing Critical Cloud Security Controls

Center for Internet Security
The CIS Quick Start: Cloud Infrastructure Benchmark provides concise and practical recommendations for securing IT infrastructure in the cloud.

The Center for Internet Security (CIS) today announced the release of a new consensus-based security resource that provides concise and practical recommendations for securing virtualization and cloud infrastructures. The guide,Quick Start: Cloud Infrastructure Benchmark, was developed by CIS’s Security Benchmarks Division in collaboration with global cloud security experts. It is designed for use by organizations and individuals in the public and private sectors to help them make informed decisions about navigating to the cloud and making sure the necessary security controls are in place for IT infrastructure in the cloud.

A recent survey by Thales and the Ponemon Institute found that approximately half of the responding organizations transfer sensitive or confidential data to cloud environments, yet nearly two-thirds of respondents do not know what their cloud providers are actually doing to protect the sensitive or confidential data entrusted to them.

The Quick Start: Cloud Infrastructure Benchmark provides guidance for assessing and securing virtual and cloud infrastructures. The new Quick Start resource provides over two-dozen recommendations ranging from the fundamentals of patch management and account access to secure network transmissions and resource isolation in the cloud. The recommendations are provider, vendor, and product neutral and can be applied to any virtual or cloud environment.

The Guide includes input from organizations representing the full spectrum of cloud operations, including infrastructure hosting, systems implementation and integration, and security assessment and audit. The primary author of this new CIS security resource is Pravin Goyal of VMware, Inc., with co-authors including George Gerchow and Michael Haynes of VMware, Inc. and Blake Frantz of CIS.

“The focus of CIS is to provide resources that help individuals and organizations measurably improve their cyber security and address the constantly evolving threats,” said William F. Pelgrin, CIS President and CEO. “Regardless of whether a user or organization manages its own security environment or outsources it, the need for security controls in the cloud is essential. Our purpose of this collaborative effort was to produce a clear set of recommendations that help people identify the most critical security steps to improve their security in the cloud."

The Quick Start: Cloud Infrastructure Benchmark is available to the public at

About the Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit organization whose mission is to enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS comprises three divisions: the Multi-State Information Sharing and Analysis Center, which serves as a key cyber security resource for the nation’s state, local, territorial, and tribal (SLTT) governments; the Security Benchmarks Division, which provides consensus best practice standards for security configurations; and the Trusted Purchasing Alliance, which serves SLTT governments and not-for-profits in achieving a greater cyber security posture through trusted expert guidance and cost-effective procurement.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Krista Montie
Visit website