Today’s applications are either virtualized in our own data center or being hosted by any number of providers. But is our security built around our current security reality or is it living in the past? During one of my Gartner Security & Risk Management Summit presentations, I shared best practices in a rapidly changing environment, where cloud vendor hype isn’t matching our security reality. Now that everything is in the cloud, we need a strategic approach to cloud security.
Here’s how to make it happen:
Ensure safe data handling when working with cloud provider. Considering cloud providers are an extension of your business, it is vital to ensure how your provider handles security for storing and transmitting your data. What provisions are in place to make sure data is secure once it has been transmitted? Determine if your provider has firewalls, data encryption, and user authentication to keep your data safe.
Combat growing threats. As cloud-based technologies grow more sophisticated over time, so do the possibilities of threats. A proactive approach to security means that we enable technology like cloud-based threat intelligence to detect a threat as they happen – or in some cases before they happen. Other anti-threat measures such as deep packet inspection and proactive monitoring can also help combat viruses, spam and other intrusions. Learn more. You don’t have to be a security expert to take security seriously. Leverage industry bodies, like the Cloud Security Alliance, for guidance on benchmarking service provider security capabilities. Learn what certifications and security practices your cloud provider has, including daily risk audits. And look for ways to increase security processes when you work with cloud providers. See how Cisco can help you protect your business assets and meet compliance requirements.
Learn more. You don’t have to be a security expert to take security seriously. Leverage industry bodies, like the Cloud Security Alliance, for guidance on benchmarking service provider security capabilities. Learn what certifications and security practices your cloud provider has, including daily risk audits. And look for ways to increase security processes when you work with cloud providers. See how Cisco can help you protect your business assets and meet compliance requirements.
To know more follow me on Twitter @e_desouza and check my blog and Gartner presentation on Three Data Center Security Innovations to Accelerate Your Business
Tags: Cisco, Cisco Security, cloud, data center, data center security, firewall, integrated security, it security, network security, secure infrastructure, security, security intelligence
When I think about IT security, I don’t immediately start thinking about threats, hackers and countermeasures, but begin with what is happening to IT in general. Right now, the three big megatrends in IT can be summed up in three words: virtualization, collaboration, and mobility. Unfortunately, it’s become something of a Newtonian principle that any action driving information technology forward generates an equal or greater counteraction by hackers to corrupt and exploit the new technology. I also find it disconcerting that at any given time, the most aggressively marketed “solutions” to IT security problems represent a trailing indicator of what cyber criminals are actually doing to raise hell. Read More »
Tags: collaboration, Intelligent Network, IT, it security, mobility, Net-Centric Security, network, security, virtualization
I have a keen interest in the Latin American region because several of my closest friends and my respected colleagues are from this region. Also, internal market forces and global demand are accelerating the rate of data center projects, further heightening my interest. Last year, I visited the region where I got to see data center build outs and realized the extent of the “greenfield” opportunity. I very recently got acquainted with Daniel Garcia, a 12-year Cisco veteran and Security Specialist sales engineer covering the Latin American region. I found his insights most valuable and different to what I usually hear.
For Daniel the greatest difference between the Latin American Region and other regions is the number of Greenfield data center projects. But Daniel finds that many customers are looking for “cookie cutter” solutions that they implement into their environments without much customizing. This was something I hadn’t heard before but which makes excellent sense. The reason for this approach is that many customers lack in-house IT expertise and require proven solutions. The benefits of this approach mean less risk, less cost and with any validated solutions, far less time in production and testing. The downside is that each organization has distinct needs according to their business line and size, and their risk tolerance will vary. Daniel works with his customers to tweak data center reference architectures to provide customers with a tailored and secure data center environment. Read More »
Tags: it security, latin america, Payment Card Industry Data Security, pci-dss, secure data center
The data center is at the heart of promoting IT transformation. Mobility initiatives have created a need for increased connections; power initiatives have created a need for greater efficiency; and the increased need for real-time workload processing are driving that change. I see these as “signature” trends in 2013 and also highlighted these in my earlier post this year. Conventional IT security approaches often add complexity and usually impede efficiency gains. What’s needed is an approach that does not introduce latency or require the data center to be reconfigured to accommodate security. Neither should it introduce a myriad of new of tools, new reports, and new processes.
Very few vendors can claim to provide an end-to-end architecture where security is a key programmable element of the underlying data center fabric. This capability not only accelerates the adoption of virtualization and cloud technologies but also mitigates the complexity associated with disparate and siloed security technologies. The benefits are increased business agility backed by assured security posture, strong alignment of business function to security and reduced operational costs. In this paradigm, data center and IT executives will no longer be forced into making tradeoffs between business function and security to ensure newer and more capable services.
Read More »
Tags: data center security, end-to-end architecture, it security, Secure-X
In this last part of this series I will discuss the top customer priority of visibility. Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.
But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control. To learn more go to part 2 here.
As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities. This will maintain compliance, overall security and ease business operations.
By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center. Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture. These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.
Read More »
Tags: ASA-CX, Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, Identity Services Engine, intrusion prevention, IPS, ISE, it security, netflow, network security, pci-dss, policy, security, server, threat defense, TrustSec, virtual, virtualization, VMDC