The rapid transition of critical data into the cloud and the use of SaaS for business processes mean that organizations need to have a solid approach to manage the business risks of cloud. We have worked closely with customers and Cisco’s own IT department to identify some initial steps that organizations can put in place to mitigate the risks of cloud services with IT governance.
Revise how your company data classification system applies to cloud services.
Businesses typically have already established a tiered classification system including private, confidential, public, etc. This system needs to be revised to detail what and how information should be shared in the cloud. These policies also need to take into account any regulatory or compliance requirements.
Communicate an employee policy specific to cloud service usage.
Recently, I was speaking with a large healthcare provider about what policies they had that outlined what employees could share in the cloud. The customer’s IT group believed that a general company code of conduct safeguarded them. However, as the conversation progressed they realized that their current policies were not explicit as to how this applied to cloud.
Employee policies need to clearly outline what can and cannot be shared with approved corporate cloud vendors. For example, even though a vendor like Salesforce.com or Box.com might be approved, an organization may not want certain confidential information to be shared with an outside vendor. Additionally, these policies also need to address personal use of cloud services (file sharing services, for-free email accounts, etc.). These policies need to be periodically communicated to employees as well as how their actions might be monitored to ensure compliance.
Discover and determine the risk profile of shadow IT.
1) Assess and onboard critical cloud applications.
2) Block risky cloud applications with secure web gateways or data loss prevention solutions.
3) Monitor applications and as-a-service usage with alerts for unusual activity.
Establish a data security assessment process for new cloud services.
A vital way to ensure that business data is kept safe is to have a thorough risk assessment process as cloud vendors and services are brought on-board. This process should take into account the following five elements:
Initiation – Establish what elements of your business a vendor will be involved in and what data will be shared with the vendor. Will they handle confidential/private information or only public data?
Data encryption and integration – Test the encryption of data as it passes from the organization to the vendor as well as how the data will be stored at the vendor’s data center. Understand how a vendor would integrate with your systems (creating single sign-on, pull corporate data, etc.).
Vendor data security policies– Can the vendor uphold the policies for protecting your corporate data based on the classification system defined above, and do so the same way or better than your IT department would? Evaluate the vendor’s disaster recovery plan, compliance and regulatory processes, and identity and access controls.
Vendor stability and proprietary policies – According to Gartner, 1 out of 4 cloud service providers will be out of business in two years. This is largely due to financial instability or acquisitions. Businesses need to ensure that vendors they choose to work with are financially stable. Find out how the vendor would handle your data in the event of a business closure or acquisition. Additionally, do they use a proprietary technology approach that might lock you into using them? Insist that vendors use an open source approach that would help you transition to a new vendor if an SLA was not met or if the vendor was acquired or went out of business.
Ongoing vendor monitoring – Establish a process to regularly review vendors (annually for those dealing with business critical processes, less regularly for those with less impact).
These are some initial steps to managing the business risks of cloud. However, businesses that are looking to reap the benefits of cloud and avoid risk must put in place a lifecycle approach to manage cloud services.
Cisco has a broad base of data center customers with a diverse set of requirements and we meet their needs with Nexus -- the most comprehensive switching portfolio in the industry. This week, we are making announcements for both the Nexus 9000 series and the Nexus 3000 series that provide design and deployment flexibility for our commercial, enterprise, service provider, as well as cloud customers. Key points of the announcement include:
ACI (Application Centric Infrastructure) is shipping this month;
Additional linecard and chassis options provide customer choice and flexibility;
100G linecards for the Nexus 9500 will be available in Q4CY14 and will offer the highest density in the industry; and
New starter kits and bundles help customers ease transitions.
The Nexus 9000 Series
ACI is shipping this month
The Nexus 9000 series can operate in standard NX-OS mode or in ACI mode. In either case the Nexus 9000 portfolio delivers the value of the “5 P’s” of Power efficiency, Price, Port density, Performance, and Programmability. NX-OS mode provides customers with the value of the NX-OS operating system used by tens of thousands of customers in data centers around the world. ACI mode adds to NX-OS capabilities by providing an application driven policy model, integration of hardware and software, and centralized visibility, among other things. ACI requires a controller and switch software. Both are shipping this month. It is important to note that the pricing for this solution is simple and predictable. There is a perpetual license for each leaf switch. Other pricing approaches in the industry are monthly and are based on varying elements like number of VM’s. Comparing the two approaches is somewhat like comparing a cell phone bill that is either flat rate or usage based. Personally, I like the simplicity and predictability of flat rate. See http://blogs.cisco.com/datacenter/aci-fcs/ for additional details on new ACI announcements and how they can take you beyond SDN.
Additional linecard and chassis options underscore flexibility
We’ll consider how flexibility is delivered for both modular and fixed platforms. For modular switching, the Nexus 9500 modular chassis family offers different line card options that can be mixed in the same chassis and allow customers to “dial up” or “dial down” their design based upon the price, performance, feature set, and scale they want to achieve. There are basically 3 different ‘flavors’, all of which are now shipping:
The Nexus 9500 X9400 set of 1/10G and 40G line cards are based on merchant silicon and provide industry-leading price and performance compared to other merchant silicon switches. These provide a very cost effective solution ideal for traditional modular data center designs.
The Nexus 9500 X9500 set of 1/10G and 40G line cards are sometimes referred to as “merchant plus” because they have custom Cisco ASICs, in addition to merchant silicon, and are ideal for customers that need performance together with additional buffering and VXLAN routing capabilities. The X9500 line cards can be used in future ACI designs as well.
The Nexus 9500 X9600 set of 40G line cards provide performance without compromise even for small packet sizes.
The Nexus 9300 series offers ACI capabilities (ala the X9500 linecards in item 2 above) in a fixed form factor. For customers interested in a merchant only fixed form factor, we offer the Nexus 3000 family. This week, we announced the new Nexus 3164, which provides 64 ports of 40G and is a great solution for 40G access or space constrained aggregation.
We are also announcing 100G linecards that we believe will deliver industry leading port density of up to 128 ports of 100G in a single chassis. 100G for both the X9400 and X9600 series will be available for the Nexus 9500 in Q4CY14. Cisco will offer an 8 port 100G X9400 line card and a 12 port 100G X9600 line card.
New starter kits and bundles ease transitions
There are numerous packages available to ease transitions -- from 1G to 10G, 10G to 40G, or from traditional networks to ACI. There are 2 bundles I want to quickly call out. The first provides a smooth transition for customers with older End of Row Catalyst 6500’s in their data centers. It occupies the same rack space and uses the same cabling as they currently have, but provides 10X the performance. The second is basically an ACI starter kit, providing the APIC, spine switches and leaf switches, even optical cables – everything required to set up and get started with an ACI pod.
In summary, Cisco is continuing its rapid pace of innovation and execution around ACI and data center switching overall. Ultimately, this means customers gain choice, flexibility and true innovation to support their business needs.
(This is part 5 of a 7-part series sharing insights from Cisco partners about the Future of Cloud.)
“A lot of things go into building out a cloud practice that most people don’t realize until they get into it. Because we have been a systems integrator, we know the on-premises environment very well. That gives us an advantage over some cloud providers who may be more like service providers. They just don’t understand the integration piece. ”
Integration is an important part of a successful migration to cloud, according to Ludwig. Cisco has a whole ecosystem that has built applications to integrate with on-premises equipment. When moving to cloud, all of these integrations still have to work. “That was something we did a lot of research on, to make sure that all of the third party companies that we work with on-premises are going to work in the cloud.”
For NWN, the value of the Cisco partner ecosystem cannot be underestimated. Regarding which partners to work with, Ludwig said, “We certainly look to Cisco for guidance. We don’t want to pick a partner and then find out something doesn’t work right.
“It’s very helpful knowing that if they’re part of the ecosystem, we know that they are going to be a good partner. That they are going to be around. That they know how to work with the Cisco team and technology.”
You can also learn more about how providers are addressing the need for enterprise class services in the latest edition of Unleashing IT.
In the last two blogs, I talked about the reasons for IT Transformation, understanding Enterprise Environment and how to effectively set management goals. As more and more companies begin to move towards IT Transformation, there are mistakes that businesses should be weary of. Today I will discuss the pitfalls that can slump the IT transformation process, as well as, the services Cisco has been developing to help Enterprise on the journey to IT transformation. Read More »
This fall your wireless networks will experience many devices upgrading to the new Android 5.0(L-release) and Apple iOS 8 releases (cue: IT managers groan). There have now been many blogs attempting to capture the enhancements expected with these releases. Today I am going to focus on describing how Android L and iOS 8 may affect customers deploying Cisco enterprise grade Wi-Fi networks based upon our research and testing of the Apple seed. Our verdict: Carry on with business as usual.
Here are four features we predict will have the most impact your networks:
1. Chromecast and Google Cast Enhancements (Android L)
Rishi Chandra, the Director of Chromecast Product Management announced that, starting with the Android L release, users have the ability to cast to your neighboring devices such as a TV without having to connect to your Wi-Fi network. In the demo, a phone used the cellular connection to connect to chromecast through the cloud. A variety of techniques are used to authenticate the users in the same room OR use a pin-code as an alternative. Users can Google Cast an ecosystem of applications or even their own applications over any Android or iOS device as well as Cloud based apps on Chrome.
Predicted Impact: Given that this feature works transparently to the Wi-Fi, it is expected that there is no impact on the WLAN in your classrooms or dorm rooms or auditoriums where this will most likely be used.
2. Peer-to-peer AirPlay discovery and playback (iOS 8)
Starting with the iOS 7.1 release, AirPlay devices will discover an AppleTV via the bluetooth network. Users could also secure their AppleTV via a 4 digit pin-code. With the iOS 8 release, Airplay devices can also mirror their content via Airdrop. This feature offers an alternative method for customers to discover and mirroring of Bonjour traffic without accessing the corporate Wi-Fi network.
Predicted Impact: Again this feature operates transparent to the Wi-Fi and therefore customers using this feature should not see any impact on the WLAN. Cisco wireless customers also have the ability to use the Service Discovery Gateway on Cisco IOS based switches, routers or wireless LAN controllers or the Bonjour Services Directory on AireOS controllers. Read More »