INTERVIEW Creating a safer, more predictable world Mishal Makshood from the Center for Internet Security highlights the nonprofit’s work with Microsoft to better protect businesses, governments and people from cyberthreats Since 2000, the Center for Internet Security, Inc. (CIS) has helped organisations stay ahead of cyberthreats. It creates globally recognised best practices, security standards and ready-to-use solutions like CIS Hardened Images, enabling businesses, governments and individuals to protect their IT systems and data. CIS also leads a global community of IT professionals who continuously refine these standards and work closely with partners like Microsoft to make security proactive, scalable and cloud ready. “Our relationship with Microsoft became central to our work in 2023, when we joined the Microsoft Intelligent Security Association (MISA) for security best practices,” says Mishal Makshood, partner alliance manager for Microsoft Azure at CIS. “Now, we have benchmarks and hardened images that embed deeply into Microsoft’s ecosystem of cloud endpoint security that are available on the MISA catalogue. We’ve moved beyond simply offering guidance; today, we’re the go-to source that organisations turn to.” CIS actively enforces these standards to address the biggest challenges enterprises face today. “AI is now being developed and deployed at scale and while it brings huge productivity gains, it also introduces new risks,” explains Makshood. “What’s often overlooked is configuration risk. As organisations race to adopt cloud, AI and automation, attackers are exploiting misconfigurations rather than traditional vulnerabilities – meaning a single insecure identity or workload can expose an entire environment. The organisations that will thrive are those shifting from reactive security to continuous, standards-based governance. That’s what CIS and Microsoft are focused on, building security into digital operations from the start, not bolting it on after something goes wrong.” A clear example of CIS’s collaboration with Microsoft is how its standards now form the baseline for assessing security in Microsoft Defender for Cloud. Instead of leaving organisations to guess whether a virtual machine or service is secure, CIS standards provide a consistent benchmark. These standards are also built into Microsoft Intune, letting companies automatically apply security across thousands of devices. This approach helps organisations shrink their attack surface without hiring extra staff and moves security from reactive audits to continuous, automated protection. In December 2025, CIS launched its Azure Linux benchmarks to help organisations automatically apply trusted, audit-ready security settings across cloud and hybrid environments without manual setup, guesswork or customisation. “The Linux benchmarks represent a major leap forward for cloud security maturity,” says Makshood. “They underpin everything from critical infrastructure to AI workloads. Historically, it has been difficult to standardise Linux systems across cloud environments, but now Azure customers can deploy Linux systems that are hardened with CIS assessed and governed benchmarks from the moment they are created.” This collaboration allows faster deployment, fewer vulnerabilities, fewer incidents, less BY ALICE CHAMBERS 50
RkJQdWJsaXNoZXIy NzQ1NTk=