Cisco Blogs

Cisco Blog > Data Center

An Overview of Network Security Considerations for Cisco ACI Deployments

Security continues to be top of mind with our customers and frequently comes up with customers who are evaluating new architectures. I have been in the networking industry for over two decades involved in multi-billion dollar product lines like Catalyst 5K/6K, MDS-9000, Nexus-7K, UCS, and now with Application Centric Infrastructure (ACI). I don’t claim to be a security expert by any means, but have gained good insight into what’s important based on numerous conversations with customers over the years thereby allowing me to write about it with some degree of authority.

That said, security is a very broad topic and there are myriad products in the industry to deal with the various types of attacks that infrastructure and applications are exposed to today. For purposes of this blog, I will focus on the network security aspects and how they intersect with Cisco ACI.

Read More »

Tags: ,

Manufacturing, IoT and Innovation – What’s the Missing LInk?

My colleague Chet Namboodri recently discussed, “The Internet of Things and the Future of Manufacturing” with Manufacturing Revival Radio.  In the interview, Chet discussed how best in class manufacturers like GM and Stanley Black and Decker are driving innovation and capturing real business value across their value chain by developing and executing an IoT strategy.

Manufacturers like GM and Stanley Black and Decker are creating this platform for innovation by deploying open standards–based Internet Protocol (IP) technologies that converge their enterprise and plant floor networks. The convergence enables tight integration of operation technology (OT) and information technology (IT), creating a flexible and scalable platform to:2439633

Speaking of security, it is cited by most manufacturers as the key barrier to IoT adoption and innovation.  The prospect of connecting millions, potentially billions of sensors, actuators, motors, gauges, valves, and machines with Manufacturing Operations Management (MOM) applications like MES (Manufacturing Execution Systems) and ERP (Enterprise Resource Planning) applications can make VP of Supply Chains, Operation Managers and the like want to go back to the old island of automation model that Chet cited in his interview.

As daunting as security may be to innovation and IoT adoption. The skills workforce gap in the industry is the biggest threat and concern for manufacturing executives and managers. ThomasNet conducted a survey of over 1200 line of business manufacturing professionals .  The survey cited that Generation Y (18-32 years old) employees will make up 75 percent of the workforce by 2025, but three-quarters of manufacturers report that 25 percent or less of their workforce are in the Generation Y age group.

Cisco recognizes that new skills and education are the missing link required to drive innovation and realize the value afforded by IoT in the manufacturing industry.

To prepare and attract the next generation manufacturing workforce Cisco has launched the Cisco Industrial Networking Specialist Certification for information technology (IT) and operational technology (OT) professionals in the manufacturing, process control, and oil and gas industries who install, maintain, and troubleshoot industrial network systems. This certification ensures candidates have the foundational skills to manage and administer networked industrial control systems. It provides plant administrators, control system engineers and traditional network engineers with an understanding of the networking technologies needed in today’s connected plants and enterprises.

What are your major barriers to IoT Adoption?  Security, transitional workforce, ….?  In the meantime, be sure to visit the Industrial IP Advantage website for more information around how you can leverage IP technologies to accelerate your path to IoT value.


Tags: , , , , , , , , , , , , , ,

The Expanding Burden of Security

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.


In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments – regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly – before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,