Organizations are migrating to the cloud because it dramatically reduces IT costs as we make much more efficient use of resources (either ours or by leveraging some cloud provider’s resources at optimal times). When done right, cloud also increases business agility because applications and new capacity can be spun up quickly on demand (on-premises or off), network and services configurations can be updated automatically to suit the changing needs of the applications, and, with enough bacon, unicorns can fly and the IT staff can get home at a reasonable hour.
Whenever you ask a CIO-type at any of these organizations what’s holding them back from all this cloud goodness, though, more often than not the answer has something to do with security: “Don’t trust the cloud…”, “Don’t trust the other guy in the cloud…”, “Cloud’s not compliant…”. You have to be something of a control freak to be a CIO/CISO these days, and, well, isn’t “cloud” all about giving up some control, after all (in return for efficiency and agility)?
Even if you overcome your control issues and you find a cloud you can trust (even if it’s your own private cloud – we can take baby steps here…), if we are going to achieve our instant on-demand application deployment, network provisioning and cost-efficient workload placement process, it turns out all the security stuff can throw another obstacle in our way. Cloud security isn’t like old-fashioned data center security where you could just put a huge firewall in front of the data center and call it good. For secure multi-tenancy and a secure cloud overall, virtually every workload (or “every virtual workload”?) needs to be secured from every other (except for the exceptions we want to make). Some folks call this “microsegmentation”, a fancy word for an old concept, but, a fundamental requirement that cloud deployments need to address. (Spoiler alert: ACI does this very well.) Read More »
Tags: ACI, application centric infrastructure, Cisco ASA, SDN
When Cisco designed the concept of an Application Centric Infrastructure, we knew it wouldn’t reach its full potential without drawing in a very comprehensive ecosystem in a number of areas. Perhaps the most impressive aspect of our announcement was the breadth, quality and scope of the data center infrastructure vendors that we aligned so quickly with our ACI vision and that contributed their perspectives to the launch, and will be contributing key solutions to Cisco’s infrastructure-wide vision.
Yesterday, I blogged about the role of application controllers, network monitoring solutions, WAN optimization, firewalls, etc. have in setting up application networks, provisioning applications, and how the ACI policy model incorporates these security and services solutions. I wanted to follow up that post with some highlights from the support we received from some of our ACI ecosystem vendors in this area, that incorporate ACI policy support into their security, application delivery controller, load balancing and other solutions.
Read More »
Tags: ACI, application centric infrastructure, Cisco ASA, citrix, emulex, F5, Splunk, symantec
What does it actually take to enable the 89 percent of Cisco employees who do at least some of their work remotely? For Cisco IT, this challenge means supporting products and services on both sides of the connection: in the teleworker’s home (and on their mobile devices) and in the Cisco corporate network.
Cisco Teleworkers Solutions in Employee Homes
We currently support three solutions to meet the teleworking needs of our mobile and remote employees:
- Cisco AnyConnect Secure Mobility Client: Installed on the employee’s laptop or mobile device, this software client provides a secure VPN connection to the Cisco network. It is available to any Cisco employee and we currently support 30,000 users.
- Cisco OfficeExtend: This solution includes a wireless access point that secures connectivity for the employee’s laptop and Cisco Unified IP Phone 9971 over a home network while reducing congestion, wireless interference, and security risks from other devices. We use this solution primarily for contact center agents, contractors, and employees who don’t require the HD-quality video of Cisco TelePresence for their work.
- Cisco Virtual Office: This solution uses a Cisco 881 Integrated Services Router in the home to connect an employee’s laptop and Cisco Unified IP Phone 9971 to the Cisco network over an encrypted VPN. It also delivers HD video for the Cisco Jabber Video for TelePresence client or a separate Cisco EX 90 personal video endpoint. Cisco Virtual Office is used by employees who telework extensively and we currently support over 26,000 users.
The diagram below shows how these solutions connect to the Cisco network via the employee’s residential broadband Internet access service.
Read More »
Tags: anyconnect, Cisco ASA, CVO, office extend, telework, vpn
Mobility allows the expansion of Information Technology (IT) resources and application availability at anytime, anywhere, and in any possible way. Historically, many thought that “the movement” of bring your own device (BYOD) was simply a marketing tactic. However, BYOD is definitely a reality that has become crucial when trying to improve efficiency in the workplace.
Every single day a new mobile gadget is released to the market (for example, tablets, mobile phones, and many other mobile systems) and we all live in a connected world 24 hours a day 7 days a week. All these devices and social applications are introducing many security risks for enterprises and public sector organizations. These risks include threats of data theft, not only with very sophisticated attacks, but also with incidents as simple as just stealing mobile devices. Many of these devices can contain private and corporate information.
The question now is, how can we provide the benefits of improving user productivity and flexibility without compromising network security? The Cisco AnyConnect Secure Mobility client and the Cisco ASA 5500 Adaptive Security Appliances allow users to connect to their corporate network from any device based on comprehensive secure access policies. The Cisco AnyConnect Secure Mobility Client can work in conjunction with the Cisco IronPort Web security appliances and provides integration with ScanSafe.
Read More »
Tags: anyconnect, byod, Cisco ASA, cisco live, mobility, security, wireless
In this last part of this series I will discuss the top customer priority of visibility. Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.
But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control. To learn more go to part 2 here.
As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities. This will maintain compliance, overall security and ease business operations.
By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center. Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture. These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.
Read More »
Tags: ASA-CX, Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, Identity Services Engine, intrusion prevention, IPS, ISE, it security, netflow, network security, pci-dss, policy, security, server, threat defense, TrustSec, virtual, virtualization, VMDC