A dozen new recommendations for securing GCP databases Making use of Google’s new Secure Encrypted Virtualization (SEV) feature, Confidential Computing allows customers to encrypt their data while it is being indexed or queried. Typically, encryption is only available while data is either at rest or in transit. This is a really powerful new configuration that enables organizations to secure their mission critical data throughout its lifecycle, including while actively in use. 4.11 - Ensure that compute instances have Confidential Computing enabled Beyond providing an inventory snapshot, Cloud Asset Inventory also surfaces metadata related to those assets, providing added context when assessing the sensitivity and/or integrity of your cloud resources. This is critical because in order to effectively secure your cloud assets and data, you first need to gain insight into everything that’s running within your environment. 2.13 - Ensure Cloud Asset Inventory is enabledĮnabling Cloud Asset Inventory is critical to maintaining visibility into your entire environment, providing a real-time and retroactive (5 weeks of history retained) view of all assets across your cloud estate. Let’s dig in a bit further into some of the key highlights from version 1.3.0 and why they’re important to consider for your own environment. As a result, when updates are released they tend to be fairly substantial as it relates to the volume of new recommendations. Relative to benchmarks created for more traditional security fields such as endpoint OS, Linux, and others, those developed for cloud service providers (CSPs) are relatively new. Key highlights from CIS GCP Foundational Benchmarks 1.3.0 In the case of the GCP Foundation Benchmarks, they can prove to be a vital asset for folks looking to get started in cloud security or that are taking on the added responsibility of their organizations' cloud environments. As new benchmarks are created and updates are announced, many throughout the industry sift through the recommendations to determine whether or not they should be implementing the guidelines in their own environments.ĬIS Benchmarks can be even more beneficial to practitioners taking on emerging technology areas where they may not have the background knowledge or experience to confidently implement security programs and policies. While not a regulatory requirement, the CIS Benchmarks provide a foundation for establishing a strong security posture, and as a result, many organizations use them to guide the creation of their own internal policies. In the rare case that you’ve never come across them, the CIS Benchmarks are a set of recommendations and best practices determined by contributors across the cybersecurity community intended to provide organizations and security practitioners with a baseline of configurations and policies to better protect their applications, infrastructure, and data. In this post, we’ll briefly cover what CIS Benchmarks are, dig into a few key highlights from the newly released version, and highlight how Rapid7 InsightCloudSec can help your teams implement and maintain compliance with new guidance as it becomes available. The updates were broad in scope, with recommendations covering configurations and policies ranging from resource segregation to Compute and Storage. Expanding on previous iterations, the update adds 21 new benchmarks covering best practices for securing Google Cloud environments. ![]() The Center for Internet Security (CIS) recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |