Cisco Blogs


Cisco Blog > Inside Cisco IT

Cisco IT’s Identity Services Engine Deployment: First Capabilities to Roll Out

Cisco IT is deploying Identity Services Engine (ISE) globally. ISE is a security policy management and control platform that automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. We’re running ISE 1.2 Patch 3 globally and evaluating Patch 5 for its guest networking enhancements. Over the next few months, I’d like to share some of our best practices and lessons learned as we continue our ISE deployment. Much of the background and deployment work before my blog can be found in this published article. Read More »

Tags: , , , , , , ,

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.

 d10secoverlay

Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 -- Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Three Data Center Security Innovations to Accelerate Your Business

How can you get your data center off to a smooth start? At the Gartner Security & Risk Management Summit this week, I presented three data center innovations that hold the key to accelerating business securely.

Ease of provisioning

According to a recent Cisco IT case study, data center provisioning times have decreased from eight weeks to 15 minutes. Security must do the same to realize the full benefits of data center automation.

Often, businesses have trouble implementing this vision because of their existing IT. The people and their skill base, the processes they use and even the technology they have implemented, are very silo-based. It is not designed to integrate into an automated, on-demand model.

There are many challenges imposed by siloed technologies when you attempt to converge or virtualize these environments. A common issue is when storage and server platforms were not designed to work together.  This necessitates expensive service engagements to build.  Additionally, in order to hide the associated complexity, expensive management software has to be deployed to “simplify” infrastructure deployments. This approach just doesn’t work. The result is increasing complexity that makes the architecture brittle and costly.

At Cisco, we believe it is important to look for a solution that doesn’t look at technologies, processes, and people in isolation. You can enable a powerful IT by taking a unified approach and working with technologies that are designed to work together. Your IT can be a service foundation that redefines data center economics and delivers performance, reliability, and business innovation. Unification is the element that will deliver that.

 Maximized Network Performance and Resilience

On a unified network, IT can ensure the highest levels of network performance and business continuity through:

• 8x performance density over competitive firewalls and up to 1.9 million new connections per second and 80 million maximum connections per second enables Cisco firewalls to meet the most stringent performance requirements

• Eliminating compromise, retrofits and disruption to network design via Virtual Portal Channel and FabricPath integration for increased efficiency

Pervasive Protection

The third innovation that can streamline your data center and accelerate your business is actionable security intelligence. A secure network can differentiate by users and their multiple devices, differentiate applications, know behaviors and ultimately confirm IT policy is aligned with business. Building trusted chains that extend from the user to the application and are uniquely aligned to business context, can ensure efficiency and security.

Learn how Cisco can help you to leverage these innovations to accelerate your business securely.

 

Follow me on Twitter  @e_desouza and discover my other presentation at Gartner in  my previous blog  Everything’s in the cloud : Now What?

 

Tags: , , , , , , , , , , , , , , ,

Everything’s in the Cloud: Now What?

Today’s applications are either virtualized in our own data center or being hosted by any number of providers. But is our security built around our current security reality or is it living in the past? During one of my Gartner Security & Risk Management Summit presentations, I shared best practices in a rapidly changing environment, where cloud vendor hype isn’t matching our security reality. Now that everything is in the cloud, we need a strategic approach to cloud security.

 

Here’s how to make it happen:

Ensure safe data handling when working with cloud provider. Considering cloud providers are an extension of your business, it is vital to ensure how your provider handles security for storing and transmitting your data. What provisions are in place to make sure data is secure once it has been transmitted? Determine if your provider has firewalls, data encryption, and user authentication to keep your data safe.

Combat growing threats. As cloud-based technologies grow more sophisticated over time, so do the possibilities of threats. A proactive approach to security means that we enable technology like cloud-based threat intelligence to detect a threat as they happen – or in some cases before they happen. Other anti-threat measures such as deep packet inspection and proactive monitoring can also help combat viruses, spam and other intrusions. Learn more. You don’t have to be a security expert to take security seriously. Leverage industry bodies, like the Cloud Security Alliance, for guidance on benchmarking service provider security capabilities. Learn what certifications and security practices your cloud provider has, including daily risk audits. And look for ways to increase security processes when you work with cloud providers. See how Cisco can help you protect your business assets and meet compliance requirements.

Learn more. You don’t have to be a security expert to take security seriously. Leverage industry bodies, like the Cloud Security Alliance, for guidance on benchmarking service provider security capabilities. Learn what certifications and security practices your cloud provider has, including daily risk audits. And look for ways to increase security processes when you work with cloud providers. See how Cisco can help you protect your business assets and meet compliance requirements.

To know more follow me on Twitter  @e_desouza  and check my blog and Gartner presentation  on Three Data Center Security Innovations to Accelerate Your Business

Tags: , , , , , , , , , , ,

Three Transitions Driving Net-Centric Security

When I think about IT security, I don’t immediately start thinking about threats, hackers and countermeasures, but begin with what is happening to IT in general. Right now, the three big megatrends in IT can be summed up in three words: virtualization, collaboration, and mobility. Unfortunately, it’s become something of a Newtonian principle that any action driving information technology forward generates an equal or greater counteraction by hackers to corrupt and exploit the new technology. I also find it disconcerting that at any given time, the most aggressively marketed “solutions” to IT security problems represent a trailing indicator of what cyber criminals are actually doing to raise hell. Read More »

Tags: , , , , , , , ,