Cisco Blogs

Cisco Blog > Security

Criticism Abounds, but Cloud Computing Is Here to Stay

This blog was originally published on:

Wow! Lots of outrage over the colossal cloud computing outage at Amazon! With big sites such as Reddit, Foursquare, and Heroku taken down by the issues with Amazon Web Services (AWS), there’s brouhaha brewing about a black eye on Amazon—and the entire cloud computing industry.

“The biggest impact from the outage may be to the cloud itself,” said Rob Enderle, an analyst with the Enderle Group, in ComputerWorld. “What will take a hit is the image of this technology as being one you can depend on, and that image was critically damaged today…If the outage continues for long, it could set back growth of this service by years and permanently kill efforts by many to use this service in the future.”

So the cloud might be a little beat up, but is cloud computing dead? Not even close.

Cloud computing is here to stay, not only because the model is more efficient and more cost effective than the traditional IT infrastructure, but because it promotes the promise of specialization—a value that gives companies an edge and consumers a better product.

What’s AT&T Got to Do With It?

Remember the days when AT&T was the only phone company around, and their phone was the only one you could buy? First it was rotary, and then it was push-button. AT&T made every single part of the phone. It made the screws that held the phone together. The whole machine was incredibly durable, but it was also heavy, clunky, and incredibly inefficient—not to mention expensive.

It didn’t stay that way, however. Boom! Deregulation hit the industry and the price of a phone went from a hundred dollars to a hundred pennies. Everything changed, and today we see the result: throwaway phones. Now phones are ubiquitous, they’re incredibly inexpensive, and they can do more than ever before.

IT infrastructure is moving down the same path. Until now, every company has built its own expertise into its proprietary IT systems. Every company has been (metaphorically speaking) fabricating its own screws, making its own hammers, and toiling over its own infrastructure. There’s been massive duplication of efforts, and the approach is filled with gross inefficiencies.

Now that’s all changing with cloud computing. It has gained rapid adoption exactly because it recognizes the inefficiencies and complications of traditional IT infrastructure, which is built on large, complex systems that require specialized skill sets to implement and deploy. The most interesting form of cloud computing is Infrastructure as a Service, or IaaS. Instead of tilting up the servers and fabricating the screws yourself, you look to a specialist—a large service provider with a deeper level of expertise, greater economies of scale, and the ability to provide the infrastructure on which you can run your apps. Another upshot: by removing a massive noncore task from the organizational to-do list, a new wave of efficiencies and innovation can be unleashed. (Pretty soon, traditional security will look no different from that rotary phone I saw on eBay for $9.99: a charmingly clunky reminder of a long-gone era.)

Build a Plan, Don’t Pray for Perfection

Cloud computing—or anything in computing—is not perfect. Data centers, whether they are public or private, go down. Outages happen in-house as well as to the industry’s leading cloud-hosting providers.

What Amazon’s outage truly demonstrates is just how hard this job is. It’s not an argument against AWS or the cloud industry; it’s a reminder that we need to have specialists handle this complex technology. Specialists can, and will, run into problems, but their ability to respond will be better than the ability of a soap company or a car maker or a media empire to respond. As the Heroku team, one of the sites crippled by the outage, put it: “Amazon employs some of the best infrastructure engineers in the world: if they can’t make it work, then probably no one can.”

What we must all recognize is that we need solutions to better insulate companies against inevitable outages. The question we should be asking is not how can we trust the cloud, but rather how can we make enterprise applications more robust? What should the failover plan look like? (Because things fail.)

The answer is portability. We must have the ability to move apps from one infrastructure to another so that if one bursts, the whole world doesn’t come to a screeching halt. That’s Internet 101. Instead of just one web server, have two web servers in different locations and roll the load between them. Contingency plans that included having two data centers from two different providers and different availability zones kept sites such as the business audience marketing platform company Bizo running during the Amazon outage. By similarly designing systems that took potential failures into account, Netflix was largely unaffected.

The current tools available for virtual data center don’t provide good portability and rollover ability from private to public data centers. Technology vendors need to address how to move a data center workload from one cloud computing provider to another, so they can provide the resiliency and efficiency needed to deal with the occasional bad hair day. With that investment we’ll all come out looking a lot better.

Tags: , ,

How Secure are Numeric Passwords?

Numeric passwords are ubiquitous. Most of you use one nearly every day, whether it be on your smartphone, your debit card, your voicemail system, or a secure token. But how secure are those passwords? How likely is an attacker to be able to misuse it?

Read More »

Tags: ,

Social Engineering – the Exploit that Predates Computers

At Cisco we understand that the field of IT has grown considerably over the past few years, reaching the point where even professionals in the industry can have a hard time keeping up with everything that is happening in all areas. With groups like Anonymous and LulzSec taking down some pretty big names, it is clear that there is need for greater awareness of security and some of the issues that make security an interesting but ongoing challenge.

Read More »

Tags: , ,

Establishing Trust in the NSTIC

This is part of an ongoing series on the National Strategy for Trusted Identities in Cyberspace. The introduction to this series can be found here.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposes a large ecosystem of identity providers, attribute providers, and relying parties that must establish trust with each other in various ways. NSTIC requires various types of trust within the identity ecosystem. These include:

  • Users must trust that their Identity Provider will manage their credentials securely and in their best interest.
  • Relying Parties must trust in the attributes provided by Attribute Providers.
  • Attribute Providers must trust Identity Providers and Relying Parties to handle attributes, which may include proprietary data such as credit scores, in accordance with their terms of use.
  • Relying Parties must trust Identity Providers to provide the requested strength of authentication and to manage credentials and attributes correctly.

The term “federated identity” is widely used to refer to identity systems that span multiple organizations, each of which maintains its own identity information. That arrangement is typically used between an enterprise and its business partners, such as contract manufacturers, channel partners, and consulting firms. Trust is established individually with each. A fully meshed federation of n participants would require n(n-1) such agreements, which does not scale well beyond small federations, especially considering that these agreements often take the form of contractual negotiation between each party.

Read More »

Tags: , , ,

Cisco ASA 5585-X vs Juniper SRX3600 – Faster, More Connections and Less Power Consumption

Cisco ASA 5585-X vs Juniper SRX3600 TCP EMIX TrafficCisco has over the years developed a reputation for robust, dependable and well supported products. Perhaps a bit conservative, but solid, well built, reliable choices. Choices that are especially well suited to those who are building networks with security integrated into the very fabric of the network itself rather than bolted on afterwards in a best-effort, jugaad or MacGyvered way. One thing we have not been known for is being particularly cheap.

Things have changed. While we still deliver the very best support and our products are still robust, they have these attributes while also delivering stellar bang for the buck. Case in point, a recent comparison done by Miercom where the Cisco ASA 5585-X went up against a similarly spec’ed and priced Juniper SRX3600 and beat it in handily in performance and power consumption at a price that is either roughly equal or cheaper than the Juniper box.

Testing was done with both BreakingPoint (here’s a link of some earlier test results with the ASA on BreakingPoint that they released at RSA 2011 earlier this year) and Spirent. Both boxes performed well in general, with the ASA turning in 24.5 Gbps and the SRX hitting 22.0 Gbps with TCP EMIX traffic, as shown in Figure 1 (above) from the Miercom report.

Cisco ASA 5585-X vs Juniper SRX 3600: Maximum Concurrent TCP ConnectionsHowever, when looking at Concurrent TCP Connections, the tables turned, revealing a pretty significant advantage for the ASA. As shown in Figure 2, below, the ASA provided 10.0 million concurrent TCP connections, compared to 2.39 million for the SRX.

On the green front it gets even more interesting. Cisco as a company is big into green, with our EnergyWise being one example. Many of our execs are also personally into going green with home solar installations and the like, but green doesn’t necessarily mean you have to give up performance. One example is the Tesla Roadster, a zero emissions electric vehicle that also sports a massive 295 ft lbs of torque at 0 rpm (!) and rockets to 60 mph (100km/h) in 3.7 seconds. I was recently checking one out at the Tesla store in Santana Row in San Jose and was surprised to see our own Tom Gillis with a big grin in some of their interactive displays. I think Tom fits in the little roadster better than I did 😉

Getting back to ASAs and SRXs though, the Cisco green DNA shows through when you consider that at maximum load  the Cisco used just 425 watts, while the Juniper consumed 1168 watts at idle, a significant difference, particularly when you factor in cooling as well.

Thanks to the Miercom folks for their efforts in the labs. We invite you to read the full report, here, and also invite you to check out the ASA page on, here.