It’s no secret that federal agencies are increasingly adopting or at least “dipping a toe” into the cloud computing pool. Private and public cloud environments offer agencies the opportunity to reduce costs, increase agility, and improve flexibility to meet their mission-critical objectives. However, concerns over the security and control of data are two major reasons many agencies aren’t moving to the cloud. In fact, a new Cisco-sponsored survey found that security topped federal IT leaders’ wish list when it comes to evaluating cloud service providers, with 69 percent rating it as a critical characteristic.
Cisco is a longtime leader in not only following, but embracing the government certification and accreditation processes. Common Criteria, FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are all critical evaluation programs that facilitate the implementation of new technologies. That’s not to say government regulations aren’t complex. In fact, Cisco has a team dedicated to managing global government certifications. But without these standards in place, our continued advancement of military and civilian operations would cease to exist at the federal level. Read More »
Tags: cloud, Common Criteria, compliance, FedRAMP, FISMA, govtech
Recently the widespread fire of data breaches impacting privacy of millions of hapless people across the globe has become the stirring news. This spree of cyber attacks unveiling the fact that information security industry, organizations and even governments are vulnerable to today’s persistent, well-organized and sophisticated cyber threats.
There was a common theme among all the recent data breaches shown below and that is the amount of time for initial detection, which is in weeks and months.
According to Verizon data breach report, 85% of cyber attacks Read More »
Tags: Cisco Cloud Security, cloud data center, compliance, Cyber Attacks, cyber threat management, data breach, FISMA, HIPAA, Networks, next-generation, pci, privacy, SecureState, security breaches, security model, service providers
Cisco announced last week that its rapidly expanding ACI ecosystem now includes the A10 Networks aCloud Services Architecture based on the Thunder ADC Application Delivery Controllers, as well as the Catbird IDS/IPS virtual security solutions. These new ACI ecosystem vendors are announcing support for the ACI policy model and integration with the Application Infrastructure Policy Controller (APIC) which will accelerate and automate deployment and provisioning of these services into application networks. This should also resolve any speculation that the ACI ecosystem would not be including technology vendors that compete with Cisco’s other lines of business, as Cisco expands the solution alternatives for customers.
Each of the solutions will rely on two primary capabilities of the APIC and ACI to provide a policy-based automation framework and policy-based service insertion technology. A policy-based automation framework enables resources to be dynamically provisioned and configured according to application requirements. As a result, core services such as firewalls, application delivery controllers (ADC) and Layer 4 through 7 switches can be consumed by applications and made ready to use in a single automated step.
A policy-based service insertion solution automates the step of routing network traffic to the correct services based on application policies. The automated addition, removal, and reordering of services allows applications to quickly change the resources that they require without the need to rewire and reconfigure the network or relocate the services. For example, if the business decision is made to use a web application firewall found in a modern ADC as a cost-effective way of achieving PCI compliance, administrators would simply need to redefine the policy for the services that should be used for the related applications. The Cisco APIC can dynamically distribute new policies to the infrastructure and service nodes in minutes, without requiring the network be manually changed.
Read More »
Tags: A10 Networks, ACI, APIC, application centric infrastructure, Catbird, FISMA, HIPAA, pci-dss
When I remodeled my bathroom a few years ago, my initial plan included only a few things: I wanted it to feel bigger (it’s a small space), and everything needed to be replaced – the utilities, furniture, walls, floors, and window.
I know what I like, and I know what I want, but I don’t know the first thing about designing a new bathroom. Add to that a full-time job and three children under the age of 10, I knew I needed to hire someone who could take complete control of the project while still delivering everything I wanted.
I hired a contractor who could not only do the physical labor, but one who had the expertise to plan and design the whole thing. He asked me questions about which members of the family use the bathroom, and how often, in order to deliver the most relevant plan that fit our lifestyle. Through his consultation, he discovered that this bathroom was the main bathroom in the house, heavily used by our family and visitors alike. Based on that fact, he recommended a redesign that provided the optimum privacy for our family of 5 – something I hadn’t even considered when initially launching the project. Read More »
Tags: advanced services, AS, FISMA, General Risk Assessment, network optimization, planning, Professional Services, Sentara Healthcare, services, University of Texas Health Center
A Republican task force recently released a limited set of near-term recommendations for cybersecurity legislation that emphasized voluntary standards instead of regulation. Interesting. Several words jump out at me in that sentence. “Voluntary standards”, “near-term”, “not regulated”. I paraphrase.
Seems to me that something as important as a task force that was put together should be working on an overall strategy to address cybersecurity rather than trying to patch holes in the dike. Read More »
Tags: cybersecurity, DHS, FISMA, government, legislation, private sector, security, vulnerabilities, White House Cyber Plan