Cisco Blogs


Cisco Blog > Data Center and Cloud

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.

 d10secoverlay

Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 -- Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

What’s New in Cisco Domain Ten Framework 2.0

 Earlier this week, we announced the Cisco Domain Ten framework 2.0, enhanced by great input from customers, partners, and Cisco’s well-earned experience of strategizing and executing IT transformation.

The enhanced Cisco Domain Ten framework helps customers drive better strategic decisions, providing greater focus on business outcomes, providing deeper analysis of hybrid cloud implications, and extending the framework beyond data center and cloud to include all IT transformation initiatives.

You may have read Stephen Speirs earlier blogs about Cisco Domain Ten for cloud transformation. Today, let’s look at key changes in the Cisco Domain Ten framework 2.0 from the original version. These changes have been adopted to enhance discussions on three themes:

  1. Highlight importance of public clouds as part of IT transformation and solutions using IaaS, PaaS, and SaaS within the data center and across the entire business.
  2. Addition of “Organization” in Domain 10 to bring together the business and technology focus for strategy discussions.
  3. Name changes for some domains to facilitate ease of alignment and discussion on overall IT transformation across multiple architectures and technology solutions such as ITaaS, collaboration, mobility, video, etc. for both enterprise and provider perspectives.

Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

Has Hybrid Cloud Arrived ? Part 1: How Will it Shape the Role of IT Going Forward?

In this series of articles I’ll articulate the challenges customers face in hybrid cloud adoption, the key hybrid cloud requirements and ways to address them.

Organizations are trying to transform their business and innovate faster by getting access to resources on-demand per business needs but enterprise IT has not been able to provide that. This has led to a new challenge of “shadow IT” -- employees going direct to the public cloud to get fast and easy access to resources by going around IT. Shadow IT proves that business users are looking for the flexibility of cloud, but IT is wary of public cloud due to associated concerns of security, loss of visibility and control.

Hybrid cloud enables organizations to innovate faster by enabling rapid, self-service provisioning of resources, with the choice to deploy workloads in enterprise’s own data center or in the public cloud in a pay-as-you-go and scaled out manner. Hybrid clouds enable multiple use cases such as dev/test, capacity augmentation and disaster recovery besides control of Shadow IT. There is an increased trend towards hybrid cloud as it offers flexibility to respond quickly to business needs and allows reduction in cost. As per Forrester, more then 70% of enterprises plan to complement their in-house server and storage resources with IaaS resources from public cloud providers for primary or peak workloads. This points to the fact that customers want Hybrid Clouds, not just private or IaaS public clouds.

Hybrid Cloud trends

While we see the advantages of hybrid cloud, we don’t see large-scale customer adoption yet. The factors that have been preventing this are

- No easy way to deploy and manage on-premise and public cloud resources through a single-console.

- Lack of security for workloads running in public cloud and unsecure connectivity from private to public cloud.

- Slow and complex management processes such as need to re-architect the application while migrating workloads across hybrid cloud.

Customers are also concerned about getting locked-in to a particular vendor’s solution or a particular public cloud. Today one particular public cloud may be right for certain class of applications but tomorrow another public cloud provider may offer better SLAs, cost or application performance. There are some fragmented solutions that allow migrating workloads from customer’s private cloud to a public cloud but then there is no easy way for the workloads to move back to enterprise or migrate easily to another public cloud. Customers have seen that with such solutions neither they get the complete agility nor the long term cost benefits. As a result, they are weary of getting locked-in to a particular public cloud or a solution that works only across a single hypervisor or over a certain compute, network or storage device.

Customers are looking at true hybrid cloud capabilities that means more than just running some applications on-premises and some in the public cloud. “Hybrid” clouds require a functional extension of local resources to the cloud to the same degree that local resources are connected/integrated. Lets look at the key customer requirements of a true hybrid cloud:

  • Self-service access: A true hybrid solution will provide self-service portal to users and IT admins. It will enable users to seamlessly deploy applications both on-premise or in the public cloud from a unified console. It will allow IT admins to manage workloads from a single pane of glass and enforce complete security for workloads in multi-tenant shared public cloud as private cloud.
  • Workload portability: It will offer bi-directional migration of workloads from private to public cloud independent of the underlying architecture.
  • IT as a broker: It will enable IT to act as a broker on behalf of Line of business while minimizing risk by enforcing that application network and security policies are identical regardless of the location of the workloads.
  • Open architecture: It will enable choice and flexibility for users, IT admins and cloud service providers by being based on Open APIs and architecture. It will allow users flexibility in workload sourcing options without getting locked-in to a particular public cloud or vendor solution. It will enable service providers to rapidly offer a hybrid cloud solution.

We believe that an open and as easy-to-use approach is essential to delivering real hybrid cloud capabilities and help transform the way IT services are delivered. With such an approach; IT will not have to live in the shadows of “Shadow IT” rather can act as a broker of cloud services for LOBs. As the above requirements are addressed, we will increasingly see organizations taking a hybrid approach to cloud.

 

Tags: , , , ,

Top Things to Know About DFA Before Cisco Live Milan

January 24, 2014 at 2:15 pm PST

Two weeks ago, I presented a webinar on Dynamic Fabric Automation (DFA) and went over the allocated 1 hour to cover the content.  Yesterday, as I was doing follow up with a hands-on demo, I went over time too. This illustrates how rich DFA is, and how much there is to say about it! Dynamic Fabric Automation is an environment for data center automation that is centered on the CPOM (Central Point of Management), a set of services that are provided with the new Data Center Network Manager (DCNM) release 7.0(1).

The services available on the CPOM provide the following:

  1. Power On Auto Provisioning (POAP)
  2. Inter-switch link connection verification
  3. A single console for configuration
  4. Network Auto-Config Profile provisioning
  5. Message processing for external orchestrator
  6. Automatic host provisioning
  7. Embedded management for network monitoring and data collection

All of these services are provided using standard protocols and applications. For example, the POAP service uses DHCP, TFTP and SCP/SFTP, but using a combination of templates and a very intuitive and easy-to-use GUI, DCNM provides a simplified and systematic way of bringing up your data center fabric. The inter-switch link validation or cable consistency check allows the operator to verify the fabric connections against a predefined template and prevent unexpected connections to come up.

The Jabber process provides the single console for configuration, statistics and troubleshooting. Using any XMPP client, an operator can “chat” with the fabric devices; this approach offers the possibility to organize devices in chat groups that match their role, their location or simply some administrative set. With XMPP, a single command can be sent to multiple devices in a secure way.

The most important element of the CPOM is certainly the network profile provisioning. Read More »

Tags: , , , , , , , , ,

Cloud-based ITaaS: Transforming IT from Support to Service Brokerage

Cloud computing is more mainstream today than ever before, but it’s important to note that there are still significant opportunities for IT leaders to innovate and leverage cloud delivery options to capture new business opportunities and implement new IT models.

The Evolution of ITaaS: The Convergence of Two Roads

On one hand, traditional private cloud services within customer IT services are driving different degrees of completeness depending on organizational needs. Virtualization, consolidation and on-premise shared services are some of the drivers within the private cloud space.

On the other hand, public cloud services are evolving to include Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).

Today, these two tracks are intersecting to create demand for a hybrid cloud model. While the concept of the “Hybrid” cloud has developed mostly as a consequence of the availability of different cloud services, this same availability is also driving the evolution of IT as a Service.

What does this mean for business? It means that fundamentally, IT is adopting a supply chain management logic by deciding whether to make or buy a specific service based on a variety of organizational goals, market pressures, and available options.

The Ongoing IT Sourcing Strategy: Make vs. Buy 

Read More »

Tags: , , , , , , , , , , ,