In today’s business landscape, cloud adoption and deployment is more than just a technical discussion. It’s really a choice about how to operate your business, regardless of what industry or vertical your organization is affiliated with.
However, as a former CIO, I understand that many CIOs are more concerned with the challenges they face when moving to the cloud than the benefits they can achieve.
For example, in the past, all of your company information and applications were locked-up behind a firewall. As such, none of your customers or remote employees could gain access to your network. Now, through clouds, you can put your business out in the world – where your customers, employees, partners and more can gain access. It’s truly making business more accessible, in an incredibly flexible way – but it can be a daunting process.
Recently, I had the chance to participate in a new Cloud Insights Video Podcast and share how all verticals face similar challenges when it comes to cloud. It probably comes as no surprise that the key areas of concern are security and privacy.
So, how can CIOs address these challenges?
Go find the right partner.
Security and privacy are very real challenges, and it’s the CIOs job to address them, but he/she doesn’t have to go at it alone. Businesses should look for a cloud service provider to become a trusted business partner. When a business is looking for a cloud service provider to host its application or data, the main questions that arise are:
- How are we going to ensure security?
- How will I maintain control over the data and applications that I put in the cloud?
- How do I maintain visibility?
When these questions about control and visibility are answered, it inevitably leads to trust. And when a CIO feels there is a level of trust for information and application security within the cloud, it ripples down through the organization, ultimately empowering customer relationships.
It’s transformational when a CEO can say to customers, “We do have that level of control and visibility and you can look to us to take care of your information.”
As organizations in various verticals look to move past security concerns, CIOs need to find a partner they trust and start a conversation, they may be surprised at how quickly some of their concerns can be mitigated.
Visit Cloud Executive Perspectives to get additional cloud insights for IT leaders and subscribe to the Cisco Cloud Insights video podcast channel on iTunes or via RSS. Additional Cisco Cloud Insights videos can also be found here.
Follow @CiscoCloud and use #CiscoCloud to join the conversation!
In the same video podcast series: How Cisco IT Solved Its Internal Cloud Dilemma by Didier Rombaut via #CiscoBlog
Cisco Solutions for Open and Secure Intercloud Workload Migration. Join our webcast to learn how the Cisco InterCloud solution helps ensure the same network security, quality of service (QoS), and access control policies previously enforced in the data center are implemented in the public cloud. The webcast is available on demand.
Watch the Cisco Intercloud Workload Migration Webcast (available on demand)
Register for @CiscoLive May 18-22 2014 — San Francisco #CLUS:
Register today for the Cisco Powered Cloud Day at Cisco Live on Monday, May 19. The insightful day will focus on opportunities and challenges that can be addressed with cloud.
Watch Cisco Live’s Technology Business Vision keynote by Rob Lloyd on Tuesday, May 20 at 10:00 a.m. PDT.
Watch Cisco Live’s Cloud Technology Trend Keynote – Aligning Your Strategy and Business for Cloud Success by Dr. Gee Rittenhouse and Faiyaz Shahpurwala on Tuesday, May 20 – 1:30 p.m. PDT.
Tags: #CLUS, CIO, Cisco, CiscoCloud, cloud, Cloud Computing, Cloud Insights, Cloud Insights Podcast, cloud security, data security, Industry, podcast, rick hutley, security, verticals
The times keep changing: first there were devices, then there were apps, and today, if you don’t develop a strategy for enterprise mobility and get ahead of the trend, the mobile wave will leave you behind. A year ago, after talking with many of our customers, partners, and our own technical sales teams, we realized that IT organizations were facing enormous challenges when making the transition from simple BYOD to adopting an enterprise mobility strategy across the business. As is typical during such tremendous market transitions like mobility, IT organizations were spending a lot of time figuring out how to line up the pieces required to support a mobile workforce, sorting through and weighing the many technology and vendor choices.
Today in conjunction with our friends at Citrix, we are happy to highlight the Cisco Mobile Workspace Solution with Citrix, built on the Citrix Workspace Suite. We are very excited to deliver this first of its kind, comprehensive solution to our customers. Today I’d like to take a step back and set the stage for the Cisco Mobile Workspace Solution with Citrix by taking you through our thought process in creating the right enterprise mobility solution for our customers. Read More »
Tags: ACI, App, byod, Cisco Validated Design, citrix, Citrix Workspace Suite, Complexity, customer, device, Enterprise, experience, mobile, mobile workspace, mobility, sales, secure, security, technology, trend, wifi, wireless
Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals.
Jason Harris co-authored this blog. Below we will address how the mobile endpoint is the new perimeter. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security can be found here.
Co-authored by Jason Harris, Principal Consultant for Security and Enterprise Mobility for Dimension Data Americas
Jason comes from a technical and business risk and compliance background, with experience in conducting governance risk and compliance and technical security testing. He has expanded this into policy driven security architecture reviews including development of IT policy and procedures, technical system assessments, penetration testing, security and enterprise mobility architecture and information risk management. Over the last 3 years Jason has been leading the development of Dimension Data’s Enterprise Mobility Development Model (EMDM) and has delivered the EMDM to large enterprise clients.
Employees use their devices to access our systems on their own. It’s nearly impossible to stop.
If you agree with this statement, you’ll join the over 90% of IT decision makers that recently participated in Dimension Data’s Secure Mobility Global Survey. It’s no surprise that mobile security is a top concern for IT and business leaders; however as discussed in our first blog post in this series, concern often outweighs action when it comes to securing mobility.
For example, according to the Dimension Data survey, while over 90% of IT leaders agree that security is a top concern, only 27% feel that they have well-defined network policies in place for mobility.
Based on these figures, it’s clear that it isn’t enough to just talk about security policy; IT and business leaders need work together and focus on upholding and enforcing the policies set in place to close gaps. In this blog post, we’ll discuss why organizations need a policy that is clearly defined and how implementing the right policy will help fill gaps and establish a secure network.
In other words, how can a holistic and balanced approach to enterprise mobility – including BYOD programs – impact overall network security?
Mobility is the New Endpoint
In our recent conversations with CIOs, many are starting to understand that in today’s mobile and cloud landscape, the mobile endpoint is the new perimeter. This change in thinking is what’s going to be required of all of us as we embrace and deploy clearly defined roles and responsibilities for enterprise mobility policies. If it’s important for IT and business leaders to enable employees to work anywhere, wherever and however, they need to plan it properly to ensure the right amount of controls and mechanisms to support a mobile workforce.
A major part of this shift in thinking involves securing not only the user or the device, but the data the user or device has access to. This data-centric security model can help issue some control around the evolution in enterprise mobility that has basically extended an organization’s network into a thousand mini-networks that IT has little visibility over. This is why we need to change our thinking. Mobile devices aren’t outside the perimeter; they are the new endpoint.
Read More »
Portland State University is Oregon’s largest and most diverse public university encompassing 50 city blocks, eight schools, 226 degree programs, 29,000 students, including 1,700 international students from 91 countries, and 126,000 alumni. For the second year in a row, the US News & World Report has named Portland State University a top 10 “up-and-coming” national university in its Best College rankings, released online Sept. 10.
In 2010 Portland was one of the first schools to adopt the Cisco CleanAir capable Access Points 3502 to address the frequent sources of interferences found in a typical school environment. In this blog, I will describe how the students adopt technology to learn as well as share some details about our conversation with Tamarack Birch-Wheeles, the manager of Network Team in charge of the WLAN deployment with the 5760 Series Wireless LAN Controller.
Read More »
Tags: access, access point, alumni, AP, Cisco, class, cleanair, client, college, computer, controller, degree, deployment, device, failover, Guest, infrastructure, interference, LAN, mac filter, MOOC, network, online, oregon, portland, portland state university, prime, psu, secure, security, software, SSID, stateful switchover, team, university, web, wi-fi, wifi, wireless, wlan, wpa2e
The Insider Lifecycle
Traditional security is designed to keep outsiders from getting in. What happens when the enemy is an insider? A new paradigm must be explored, where the focus needs to shift inward and how data is going outbound.
Identifying anomalies in data exfiltration is critical to how to spot the insider. The insider has a typical lifecycle:
1. Identify places where sensitive data is store
2. Retrieve the data from the location
3. Move the data within the organization to prepare for exfiltration
4. Transfer the data outside the organization
Arguably, the weak points of this chain of events occur in steps 1, 2, and 4, where the insider must go through funnel points—near the data and at a public outbound connection.
Things to Look For
In almost all cases of data theft, the insider had access to the data, but in many cases, the insider’s role would have been suspect when considering the data they were accessing. Consequently, role should be examined for the end user in the context of data they are accessing.
Read More »
Tags: compromise, espionage, exfiltration, insider, insider threat, intellectual property, security, Sensitive data, threat