By Alex Smith |
Since 2000, the Center for Internet Security, Inc. (CIS) has helped organisations stay ahead of cyberthreats. It creates globally recognised best practices, security standards and ready-to-use solutions like CIS Hardened Images, enabling businesses, governments and individuals to protect their IT systems and data. CIS also leads a global community of IT professionals who continuously refine these standards and work closely with partners like Microsoft to make security proactive, scalable and cloud ready.
“Our relationship with Microsoft became central to our work in 2023, when we joined the Microsoft Intelligent Security Association (MISA) for security best practices,” says Mishal Makshood, partner alliance manager for Microsoft Azure at CIS. “Now, we have benchmarks and hardened images that embed deeply into Microsoft’s ecosystem of cloud endpoint security that are available on the MISA catalogue. We’ve moved beyond simply offering guidance; today, we’re the go-to source that organisations turn to.”
CIS actively enforces these standards to address the biggest challenges enterprises face today.
“AI is now being developed and deployed at scale and while it brings huge productivity gains, it also introduces new risks,” explains Makshood. “What’s often overlooked is configuration risk. As organisations race to adopt cloud, AI and automation, attackers are exploiting misconfigurations rather than traditional vulnerabilities – meaning a single insecure identity or workload can expose an entire environment. The organisations that will thrive are those shifting from reactive security to continuous, standards-based governance. That’s what CIS and Microsoft are focused on, building security into digital operations from the start, not bolting it on after something goes wrong.”
A clear example of CIS’s collaboration with Microsoft is how its standards now form the baseline for assessing security in Microsoft Defender for Cloud. Instead of leaving organisations to guess whether a virtual machine or service is secure, CIS standards provide a consistent benchmark. These standards are also built into Microsoft Intune, letting companies automatically apply security across thousands of devices. This approach helps organisations shrink their attack surface without hiring extra staff and moves security from reactive audits to continuous, automated protection.
In December 2025, CIS launched its Azure Linux benchmarks to help organisations automatically apply trusted, audit-ready security settings across cloud and hybrid environments without manual setup, guesswork or customisation.
“The Linux benchmarks represent a major leap forward for cloud security maturity,” says Makshood. “They underpin everything from critical infrastructure to AI workloads. Historically, it has been difficult to standardise Linux systems across cloud environments, but now Azure customers can deploy Linux systems that are hardened with CIS assessed and governed benchmarks from the moment they are created.”
This collaboration allows faster deployment, fewer vulnerabilities, fewer incidents, less downtime and lower regulatory risk. “It is not just a technical upgrade, more a type of resilience upgrade,” he adds.
The benchmarks automate security configuration so users can deploy infrastructure already aligned with CIS standards and validated inside Azure.
“Most teams tell us that automation removes the impossible burden of manual hardening instead of spending weeks configuring systems and hoping nothing was missed,” says Makshood. “Customers report stronger audit outcomes and faster compliance cycles because their security posture is always visible and measured.”
Since 2023, CIS has integrated its standards deeply into Microsoft’s security products, including Sentinel and Purview, to ensure security is applied across all cloud services, from endpoints to users.
“We’re building towards a future where organisations don’t have to stitch security together themselves, but it’s already aligned with a set of security policies and standards,” says Makshood.
Discover more insights in the Spring 2026 issue of Technology Record. Don’t miss out – subscribe for free today and get future issues delivered straight to your inbox.