Cisco Blogs

Cisco Blog > Data Center

ESG Survey of IT Security Professionals Provides Insight to Data Center Security Issues

Yesterday, I reported on Cisco’s new ACI security announcements and an overview of our secure data center strategy. Today, I wanted to share some interesting market insights that we pulled from a survey conducted by Enterprise Strategy Group (ESG) that Cisco commissioned, and that validates some key data center security trends and requirements that support our product strategy. Some of the key conclusions and data collected were shared in press coverage of the product announcement. The full survey results are here, and below are some summary graphics we prepared for our launch event.

Project Overview

Cisco commissioned the survey (conducted by ESG) to learn more about the challenges and issues IT professionals face when planning and implementing data center security.


  • The survey sampled 154 IT security professionals in North America responsible for network security requirements and operations. All respondent organizations had to be using physical firewalls (or virtual firewalls) and access control lists (ACLs).
  • Most respondents represented large midmarket organizations (defined as organizations with 500 to 999 employees) and enterprise organizations (organizations with 1,000 up to 10,000 employees). 71 percent operated from three up to 20 data centers worldwide.
  • The study included broad representation from industry verticals: financial, manufacturing, health care, government, retail and business services.
  • The survey was conducted in April 2015.

Top Survey Findings

The people problem:  Implementing network security controls is tedious and time-consuming.

  • 69 percent of organizations reported it takes from one man-hour up to four man-hours on average to convert a single new application network requirement into a network device or firewall configuration (before they even implement the new configuration, test it, etc.)
  • 74 percent say that it takes days or weeks to implement security device updates from request all the way through to production implementation. (See InstaGraphic below)

Solution: Just like SDN revolutionized the data center by automating network configuration changes, ACI is accelerating security changes by automating device updates and configuring how security services are inserted into application networks, helping to ensure greater accuracy and allowing IT to keep up with business requirements.

ACL changes days or weeks

Read More »

Tags: , ,

ACI. Counting down to Ignite…

Springtime is a heavy tech show season.  This week in Las Vegas, we won Best of Interop in the SDN category with the APIC.  Next week we are headed to Chicago to talk about the APIC and ACI at Microsoft’s largest and most comprehensive technology event, Microsoft Ignite.  As data center customers look to Microsoft’s Cloud Platform with Windows Server 2012 with HyperV, System Center Virtual Machine Manager, and Windows Azure Pack; they will be modernizing their infrastructure, looking for scaled performance, fast deployment, efficient networking, and extended manageability.  UCS and ACI deliver a powerful solution to achieve these objectives.  To share our networking perspectives on this, Shashi Kiran and I will be there to deliver a new business and technical session entitled:

Microsoft Cloud Meets Cisco’s ACI on Tuesday May 5 from 1:30PM to 2:45PM in S105A, McCormick Place Convention Center, Chicago, IL

Technology must enable a new process model for speeding up workflows across siloed organizations within the IT function. This session will introduce Cisco’s Application Centric Infrastructure and its tight integration into Microsoft Azure clouds. We’ll show how you can deliver new tenant services while transforming your IT organization and workflows with a common policy model, centralized control, and simplified operational visibility across your data center. We’ll demonstrate how your applications, network and security teams can leverage a new operational model to generate compelling business outcomes for your enterprise.

This infographic provides a little preview on what we’ll share.

Read More »

Tags: , , , , , ,

Enhance Data Center Security and Automation with New Cisco ACI Features and Partners

We’ve been talking for a while about Cisco ACI’s leadership in SDN security features (like here), and in the design of our fine-grained security policy enforcement between individual workloads, sometimes called microsegmentation. Today, here at Interop, Las Vegas, Cisco is reaffirming its thought leadership in data center security and SDN automation with a couple of announcements, including the integration of Cisco FirePOWER next generation intrusion prevention system (NGIPS) into the ACI security framework. In other news, another ACI ecosystem security partner was announced last week at the RSA Security Conference: Fortinet, who will be integrating their Fortigate firewall platform with ACI.

The Cisco ACI + FirePOWER solution enables real-time detection, mitigation and remediation for advanced security threats inside the data center by combining granular application visibility and control, threat detection, advanced malware protection (AMP) capabilities of FirePOWER NGIPS with ACI microsegmentation, advanced security service insertion, and L4-7 policy automation. To quickly summarize how this all comes together and a sample use case for ACI security, we created the following video:

Available in June, 2015, new ACI advanced security works to protect data centers before, during, and after attacks, dynamically detecting threats and automating incident responses. The Cisco FirePOWER family of security appliances consists of industry-leading NGFW, NGIPS appliances offering best-in-class threat effectiveness, superior visibility and global threat intelligence.

Attack Continuum

FirePOWER + ACI = Automated Security with Advanced Protection Across Attack Continuum for Physical and Virtual

Read More »

Tags: , , , , , ,

Cisco at OpenStack Summit, Vancouver

It’s that time again. The champions of OpenStack are gearing up for the next Summit: May 18-22 in Vancouver, where Cisco is a Premier Sponsor and our objective is to demonstrate the depth of our commitment to OpenStack as developers, operators, and users.


This is only my third Summit, but I’m noticing some changes here in our preparations at Cisco. For one thing, our engineers are presenting nearly 30 sessions—more than triple the last Summit. That makes sense if you think about the growth of OpenStack and the increasing interest in issues related to enterprise deployment and production environments. Internally, Cisco uses OpenStack for a variety of cloud applications and services and has a lot to share about high availability, scalability and operations for OpenStack.

Of course, Cisco architects will be presenting their perspectives on OpenStack networking topics, including sessions on implementing IPv6, adding enterprise functions to Open vSwitch, availability of Neutron extensions and ML2 drivers, and the innovative use of Network Function Virtualization to create cloud VPNs. You can see the full list on the Cisco at OpenStack Summit website, to mark your schedule in advance.

Cisco will also have a special sponsored track on Tuesday to share details on our OpenStack strategy and breadth of solutions. Presenters will be joined by Cisco customers: Shutterfly, Sprint and Key Information Systems. Attendees at sponsored track sessions will be eligible to win a new MacBook or one of seven iPad minis.

We’re bringing Engineers Unplugged’ back to our booth in the Expo Hall and recording short whiteboard videos to let OpenStack contributors share what they’re working on. Stop by the booth to view a Cisco demo and receive a free Vancouver Summit t-shirt. The roster of demos includes how Cisco Application Centric Infrastructure enables faster, easier, and more accurate provisioning of infrastructure to scale applications in the cloud.

Finally, keep an eye out for Cisco’s social media scavenger hunt with fun prizes, details to be posted on Twitter: #OpenCisco, #OpenStackSummit.

See you in Vancouver.



Tags: , , , , , , ,

Myth-busting: White-box Switches are No Bargain

In the last episode of our myth-busting series, Cisco SDN expert Frank D’Agostino and I are debunking the myth of the bargain priced white-box switch. White boxes aren’t a new subject in the market, but customers are just now starting to evaluate them for return on investment. So, where to start? When considering a white-box deployment, it is crucial to do all of the math. You must consider both the capital costs and the ongoing operational costs of this type of solution.

Two independent reports show that the up-front cost savings of a white-box switch are marginal as compared to those of traditional vendors. Deutsche Bank published “Whitebox Switches are Not Exactly a Bargain” in 2013, while Forrester Research recently released a study titled, “The Myth of White-Box Network Switches,” (February 20, 2015).

While the cost of a white-box and traditional switch are fairly similar from a capital expenditure point of view, Cisco analysis shows that white-box switches are more expensive when you include operational expenditures, such as the integration of third party software, tools and support costs. In fact, these real-life deployment factors can result in a total cost of ownership for Cisco that is approximately 20-30 percent less expensive than the full deployment of white-box switches.

Bottom line: White-box switches have hidden costs that make them more expensive than traditional switches when fully deployed. When you add up the cost of hardware, third-party software, integration and support, they are clearly no bargain. Check out our video conversation for more on this topic.


Tags: , , , , ,