Security and Compliance is the next domain in our Cisco Domain TenSM model that I will cover, following on from my previous post on Applications. And following on from my previous posts around Cisco Domain Ten, I’ll give you a brief overview of the questions that come up when we discuss data center security and compliance challenges with customers as we help them transform data centers, migrate applications to Cisco UCS, and adopt cloud computing solutions and architectures. Security has and continues to be a major focus area in Cisco, so it was great to see Cisco come top in the recent survey by Infonetics Research, “Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, March 2013”!
Security and compliance are indeed exciting areas, indeed security is often highlighted in surveys -- including my own survey of Cisco customers a few years back now -- as the #1 issue impacting customer adoption of cloud computing. So what are come of the issues, challenges and considerations should be on your mind with respect to security and compliance in the data center and cloud?
First, let me emphasize, I am not about to present a complete list of issues and challenges! I’ll discuss a few which I personally find interesting, that are sometimes under-played or are particularly challenging to our customers.
My first point is that security, as I have highlighted previously, need to be pervasive -- and this is where the Cisco Domain Ten framework can help -- across the board. So looking at the Cisco Domain Ten framework, you need to consider security and compliance issues across all ten domains. Usually infrastructure security and application security are top of mind. However what about security around the management and orchestration layers? What is the wrong type of user has access to the ability to de-provision services in your provisioning tools? Wow that is an easy way to mistakenly cut services off to key users of your data center! We could certainly advise looking at policy-based security across the ten domains -- from device to virtual machines to management to applications to operational processes.
Standards and industry forums should figure in your planning -- for example the Cloud Security Alliance is a good resource for understanding the types of security challenges facing cloud.
With virtualized data centers, security has become more complex. Secure multi-tenancy is critical -- in other words, how do you secure tenants -- or virtual machines -- from threats from other tenants or other virtual machines. How do you ensure that a virus in one virtual machine doesn’t affect others in some way? How do you ensure that network security is provided at the virtualization layer/hypervisor? (Have you considered our excellent Cisco Nexus 1000V product?!) How do you ensure that virtual machine mobility is secure? How do you ensure that your data center is adequately protected by intrusion prevention and detection devices? How do you ensure regulatory compliance (SOX, PCI etc)? Are you running old IOS releases that may not have the security fixes available in later IOS releases? Are you using a validated and proven design where security and multi-tenancy are designed in?
These are the types of issues and challenges our Cisco Services data center consultants help customers with, providing them with leading data center security. We help customers exploit Cisco validated designs, design custom solutions which deliver substantial business benefit to our customers, and provide a wide range of security and governance, risk and compliance services. We apply Cisco intellectual property -- insider technical knowledge if you will, that our Cisco Services consultants gain through close co-operation with our R&D organization -- and use advanced device features to harden overall cloud and data center infrastructure.
Look out for my next Cisco Domain Ten post soon! And if you have questions, would like to debate points or give me feedback on these blog posts, please do leave a comment. And finally -- thanks for reading!