Your clients can't benefit from cloud computing unless they can maintain performance and availability in their environments. Take scalability as an example. Without performance and availability, your clients can’t reliably scale their cloud services in alignment to their needs. They might miss out on the ability to use certain resources in the process. Alternatively, they might need to continue to pay for other resources they no longer need.
The same goes for other common cloud computing benefits. In the absence of availability, your clients might suffer downtime in the event of a disaster due to a lack of access to cloud-based backups. Poor performance could render their existing cloud-based backups incomplete or unusable, exacerbating the disaster's costs. Similarly, your clients can't test artificial intelligence (AI) and other new technologies in the cloud without performance and availability. As a result, they could miss out on business advantages tied to innovation.
The Center for Internet Security® (CIS®) understands how much your clients value performance and availability in their environments. It also understands how you along with other managed service providers (MSPs), managed security service providers (MSSPs), and IT consultants want to help your clients balance these priorities with cloud security.
To support you and your clients, CIS tested its CIS Hardened Images® with Azure Monitor Agent and Azure Update Manager. This blog will review the importance, results, and future of this testing initiative.
Compatibility Testing: A User-Driven Initiative
The CIS Hardened Images are virtual machine (VM) images that are pre-hardened to the CIS Benchmarks™, industry-leading secure configuration guidelines developed by a global community of IT practitioners through consensus. Each CIS Hardened Image includes a CIS-CAT® Pro assessment report demonstrating the extent to which the image conforms to its corresponding Benchmark. You can use this information to help your clients secure their operating systems in the cloud.
CIS decided to test CIS Hardened Images for two reasons. First, each of the services it selected for testing helps your clients perform essential functions with respect to their virtual images.
- Azure Monitor Agent enables your clients to find, analyze, and fix performance and availability issues affecting their Azure applications and services.
- With Azure Update Manager, your clients can manage updates for their Azure virtual machines.
Second, customers like your clients specifically requested CIS to test CIS Hardened Images with both of these services.
Insights from the Compatibility Testing
Azure Monitor Agent
For Azure Monitor Agent, CIS focused its initial testing on CIS Hardened Images for Linux. The testing went smoothly overall. The Azure team tweaked Azure Monitor Agent to account for failures to comply with CIS Benchmarks following installation of Azure Monitor Agent. These tweaks primarily addressed file/directory ownership and the network setup of a sub-component for Azure Monitor Agent.
No instances of functionality degradation arose when CIS installed Azure Monitor Agent on a CIS machine.
Azure Monitor Agent is validated for deployment and functionality (end-to-end data flow for all data types) on all CIS Linux Hardened Images. The Azure team also integrated CIS Hardened Images into its pre-release validation process. This means the team can continually re-validate compatibility with new Azure Monitor Agent versions, helping you maintain performance and availability of this service on CIS Linux Hardened Images.
Azure Update Manager
For Azure Update Manager, the testing phase revealed that this service requires a shell for executing updates, gathering information, and performing other functions. CIS addressed this requirement in CIS Linux Hardened Images by removing "Ensure default user shell timeout is 900 seconds or less" as a recommendation.
Your clients can manually configure this recommendation using the Remediation section in a CIS Benchmark PDF. They can also check out CIS's Knowledge Base article for more information.
Azure Update Manager currently supports 35 CIS Hardened Images with more to follow, according to Microsoft.
Support Your Clients in the Cloud
CIS will continue to test CIS Hardened Images for compatibility with requested services and applications. This will support your clients' needs for security and functionality in the cloud.
Ready to help your clients meet these needs?