Cisco Blogs


Cisco Blog > Data Center

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.

 d10secoverlay

Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 – Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

IT’s New Role in Strategic Cloud Services

As cloud-enabled services transform IT departments everywhere, your path to success as an IT professional was made easier today with Cisco’s announcement to expand its cloud portfolio. With Cisco’s comprehensive cloud portfolio offerings, you can easily and securely combine workloads to manage cloud services across different clouds. By increasing your flexibility for strategic sourcing of cloud-enabled IT services, you can increase your influence as a trusted business partner to your stakeholders. And, as you take on these new strategic roles, Cisco and our channel partners can help you and your organization gain control of cloud services.

While defining and deploying a comprehensive cloud architecture presents tremendous opportunity for IT chiefs, this task is not without its challenges. Successful cloud implementation requires a cloud governance model fueled by strategic vision and a holistic approach that addresses all aspects of your data center and IT operations in the new application economy fueled by cloud.

ScottClark

Cisco: Cloud, ACI and the Application Economy

Following on the heels of our launch last fall of Application Centric Infrastructure, our enhanced Cisco Services for cloud portfolio provides strategic assistance to transition to a cloud governance model within your organization based on business outcomes. With our solutions spanning the plan, build, manage, and go-to-market phases of the cloud project lifecycle, Cisco Services has been recognized as an industry leader in cloud services by both IDC and Forrester.

Read More »

Tags: , , , , , , , , ,

The Quickest Way To Get Started with ACI

By now, given all the launch and blogging activity activity over the past week or so, I am sure your understanding of and interest in Application Centric Infrastructure (ACI) will have grown.   Many of you will be asking “how do I get started as quickly as possible?”, and “how can I free up some time and resources to investigate?”  You understand the “what” – now, as I blogged recently on SDN, it’s time to understand more about the “why” and take action on the “how”.   How then do you get off that start line as quickly as possible?

Get Set To Go With ACI

Get Set To Go With ACI

As with many things in life, it helps if you get help from someone who has “been there” and “done that”.  And that’s where Cisco Services comes in, as Scott Clark, the VP for our Data Center Services team, introduced  last week.  So let’s talk about why Cisco Services should be your partner in this application centric world, and what services can help you.

Read More »

Tags: , , , , , , , , ,

Cisco Domain Ten: The Compendium

It’s hard to believe but it’s ten months since I first blogged on  Cisco Domain TenSM,  which is Cisco Service’s framework to guide you on your path to data center and cloud transformation. I’ve now covered all ten domains of this concise and powerful model.  I’ll now collect all articles – including my most Cisco Domain Ten article around the breadth of SDN adoption challenges – into this one article as a useful summary.  So forgive the brevity and please do dive into the links/URLs for more information if indeed you missed these articles first time. And if you’ve read every article and watched our VoDs, please do let me know what you thought of the series – oh, and thanks!

Going back, now, I started in December 2012, with our launch of Cisco Domain Ten, where I set the focus for my series of articles as cloud transformation.  Let me summarize each article with (and for those that know me you’ll know this is a struggle :-) ) just one sentence with the key message from each blog/domain.

Read More »

Tags: , , , , , , , , , , ,

SDN: Cisco Domain Ten tells us it’s not (just) about the Network

In my first SDN blog, I asserted that “Services” – that is technical support, professional and consultancy services – are the missing “S” in the SDN debate.  I’d now like to apply our Cisco Domain TenSM framework “in anger” :-) to examine in more detail the impacts that SDN may have on your IT services and operations.  While come of our competitors will only talk about the network switches and new device protocols,  l’ll show how it’s not just the network switches that you should be concerned with: your SDN and Cisco ONE journey could involve impacts across multiple “domains”.

As I bogged about Cisco Domain Ten this past year, I’ve positioned it as a mechanism to help you on your data center journey.  Let me now extend that use – SDN after all is more than just a data center technology play.  My experience with Cisco Domain Ten over the past year has helped me realize that it is, in fact, an excellent framework for considering impacts to more general IT services, and not just to  the data center .  I’ll also illustrate my case with both service provider and enterprise/business/public sector examples.

The following diagram summarizes the areas impacted – let’s discuss each one.

SDN Impacts - via Cisco Domain Ten

SDN Impacts – via Cisco Domain Ten

Read More »

Tags: , , , , , , , ,