Today, we announce the support for the Center of Internet Security (CIS) Benchmarks in Terramate Cloud. With over 500 built-in policies covering security and compliance best practices for AWS, Azure, Google Cloud, Kubernetes and more, Terramate now helps you to detect and prevent security misconfiguration so that your developers can focus on deploying and managing production-grade cloud infrastructure more efficiently without accidentally causing critical vulnerabilities.
Misconfigurations and Vulnerabilities in IaC
When working with IaC, it is essential to ensure the integrity of your configuration and that your code is secure , compliant , and error-free . One of the biggest challenges is detecting and preventing security misconfigurations , which, when undetected, often lead to catastrophic events such as unauthorized access, data breaches , loss of customer data and downtimes .
Introducing the Center of Internet Security (CIS) Benchmarks
The CIS (Center for Internet Security) is a nonprofit organization promoting best security practices. They develop, validate, and publish security benchmarks that provide prescriptive instructions for implementing industry-standard security controls, available for all major cloud providers such as AWS, Google Cloud, and Microsoft Azure, as well as platforms such as Kubernetes and operating systems. These benchmarks help organizations secure their IT environments against cyber threats, helping you establish a strong security foundation, reduce IT risk, and ensure compliance with best practices . The CIS benchmarks are considered an industry standard for securely configuring cloud infrastructure and are widely adopted.
CIS Benchmarks Support in Terramate Cloud
Terramate Cloud now supports all available CIS Benchmarks. With over 500 built-in policies, developers can now deploy and manage cloud infrastructure with IaC more securely than ever. Whenever a developer opens a Pull Request to introduce changes to your IaC, Terramate Cloud automatically analyzes those changes for vulnerability misconfiguration, allowing you to detect and remediate those before Pull Requests get merged and deployed. Additionally, every time you run a scheduled drift detection workflow with Terramate Cloud, all resources managed in stacks will also be analyzed, allowing you to regularly check your entire deployed infrastructure inventory for misconfigurations.
Here's a quick overview of what's now available in Terramate Cloud:
- CIS Benchmark policies will now be applied for Pull Requests and scheduled drift detection workflows
- More than 500 built-in policies for AWS, Google Cloud, Azure and Kubernetes are now available at no additional charge
- All policies are tightly integrated with the Resource Browser, allowing you to easily detect and understand current misconfigurations and how to resolve those.
Integration with the Resource Browser
The CIS Benchmarks are now integrated with the Resource Browser in Terramate Cloud, giving you a holistic overview of current vulnerabilities, their severity, and how to remediate them. This is especially helpful when multiple teams manage multiple repositories containing IaC, as it gives you a single dashboard to keep track of your entire organization.
CIS Benchmarks Support in Terramate Cloud is now GA
CIS Benchmarks Policies in Terramate Cloud is now GA and available to all accounts, regardless of whether you are on a free or paid tier! If you want to learn more about how Terramate Cloud can help you detect and prevent misconfiguration using the CIS Benchmarks, please book a demo with our team at https://terramate.io/demo
