Cisco Blogs


Cisco Blog > The Platform

Cisco Releases Tenth Annual CSR Report

I am pleased to announce that Cisco has released its tenth annual Corporate Social Responsibility (CSR) Report. The 2014 Cisco CSR Report outlines our strategy to use our expertise, technology, and partnerships for social, environmental, and business impact.

Each day, people around the world face many challenges: access to quality education, unemployment, poverty, and climate change, to name a few. We’ve learned that when we bring people together, they find innovative solutions to address these problems. And when you add technology to the mix, we can multiply our impact and uncover even greater opportunities.

For example, in France, a team of Cisco Networking Academy students used the connections between people, process, data, and things to create a networked walking stick for the blind. Watch this video to learn more:

Our CSR Report contains many more examples like this, organized according to five pillars:

  1. Governance and Ethics: Promoting responsible business practices at every level—with employees, suppliers, distributors, and partners
  2. Supply Chain: Working closely with our 600 global suppliers to maintain our high standards for ethics, labor rights, health, safety, and the environment
  3. Our People: Attracting, retaining, and developing talented people through an inspiring workplace, engaged management, and flexibility
  4. Society: Combining technology and human creativity to solve social issues and help communities thrive.
  5. Environment: Creating new business value for our customers using sustainable Cisco technologies, products, and solutions

Here are just a few highlights from our 2014 CSR Report:

  • We updated our Human Rights Roadmap to align with the United Nations (UN) Guiding Principles on Business and Human Rights, and we launched an online human rights training program for our employees.
  • 58% of our key suppliers set goals to cut their greenhouse gas emissions — up from 45% in 2013.
  • We ranked number 55 on the Fortune “100 Best Companies to Work For” list.
  • We made $275 million in cash and in-kind contributions to community organizations worldwide; and our employees volunteered 136,000 hours to support organizations in their own communities.
  • Employee-led “Pack It Green” projects saved approximately 888 metric tonne of packaging material and are expected to save over $6 million annually through material and freight cost reductions.
  • 97% of Networking Academy students who participate in a selective internship program with local IT companies in Italy get jobs; the partnership is creating a pipeline of tech talent while combatting a youth unemployment rate over 40%.

Read More »

Tags: , , , , , ,

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.

 d10secoverlay

Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 -- Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

What’s New in Cisco Domain Ten Framework 2.0

 Earlier this week, we announced the Cisco Domain Ten framework 2.0, enhanced by great input from customers, partners, and Cisco’s well-earned experience of strategizing and executing IT transformation.

The enhanced Cisco Domain Ten framework helps customers drive better strategic decisions, providing greater focus on business outcomes, providing deeper analysis of hybrid cloud implications, and extending the framework beyond data center and cloud to include all IT transformation initiatives.

You may have read Stephen Speirs earlier blogs about Cisco Domain Ten for cloud transformation. Today, let’s look at key changes in the Cisco Domain Ten framework 2.0 from the original version. These changes have been adopted to enhance discussions on three themes:

  1. Highlight importance of public clouds as part of IT transformation and solutions using IaaS, PaaS, and SaaS within the data center and across the entire business.
  2. Addition of “Organization” in Domain 10 to bring together the business and technology focus for strategy discussions.
  3. Name changes for some domains to facilitate ease of alignment and discussion on overall IT transformation across multiple architectures and technology solutions such as ITaaS, collaboration, mobility, video, etc. for both enterprise and provider perspectives.

Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

Unleash your Automation for Cloud (Easier than you Think)

In about 2 weeks there will be a great webinar panel discussion on the business and technology architecture concerns in automating your cloud and how to measure the value.   Unleashing automation solutions to do what they do best may make or break a company’s IT strategy over the next few quarters as those cloud journeys begin.

The webinar, IT Automation Unplugged, a panel discussion moderated by Glenn O’Donnell of Forrester will indeed be a cool event to listen in to.  Not only has Glenn followed this space for many years but he also has some really insightful perspectives on the Journey to Cloud.  This webinar has the potential to highlight some really pointed dialog between myself and Brad Adams of rPath, Nand Mulchandani of ScaleXtreme, and Luke Kanies of Puppetlabs.  I bet the sparks might fly as we trade our perspectives on the huge demand for private and public clouds and need for enterprises to show value quickly.

This brings me to a great phrase I heard this week from one of our customers.  It was used in the context of their employees using their company’s private cloud.   It was “High Governance”.  It was seriously lacking in their current solution which highly leveraged their virtualization vendor’s software.  I probed them on what they meant by “High Governance”.  It was mostly around ensuring that individuals that provision services would get  access to only the services, cloud data center locations, and specific providers that they are entitled to.   While this is not a new concept, the element that grabbed my attention was that IT shops have a strong need for different sourcing strategies based upon end user role, organization,  location, and any number of policy settings in their Active Directory or LDAP.

“High Governance” means ensuring that your cloud users get ONLY what they are entitled to in your IT policy.   No more generic UIs for generic users or uber UIs for unknown hypothetical users.  The cloud is now a strongly governed personal experience, what a novel concept.

I wonder what the panel will think about this.  Please attend if you get a chance.

Tags: , , , ,

Social Media Can Accelerate the Social Good

Recently, I participated in a conversation with our LinkedIn community on GETideas.org. The crux of the discussion was labels--should there be a universal taxonomy for terms such as Global Education, and would trying to foster global adoption of such terms speed up the transformation of the societal challenges we face today? It got me thinking about all sorts of terms that pop into our language stream. One day you’re talking about the “inequalities of the distribution of wealth and the effects of taxation on global markets;” the next day you’re texting an associate and summing up your thought stream with the word “Occupy”.

In my preparation for a panel discussion called Why enterprise Social Media Loves Social Good?, I poked around online to see if there was any consistency in the meaning for the term “social good”. Almost all the discussions and posts I found connected “social good” directly to its use within the business community. While businesses vary in their approaches to social good, this definition seems to be a common one: “A good or service that benefits the largest number of people in the largest possible way. Some classic examples of social goods are clean air, clean water and literacy; in addition, many economic proponents include access to services such as healthcare in their definition of the social or “common good”. (Source: http://www.investopedia.com/terms/s/social_good.asp) Read More »

Tags: , , , , , , , , , , , , , , ,