Cisco Blogs


Cisco Blog > Open at Cisco

Back to the Future: Do Androids Dream of Electric Sheep?

As information consumers that depend so much on the Network or Cloud, we sometimes indulge in thinking what will happen when we really begin to feel the effects of Moore’s Law and Nielsen’s Law combined, at the edges: the amount of data and our ability to consume it (let alone stream it to the edge), is simply too much for our mind to process. We have already begun to experience this today: how much information can you consume on a daily basis from the collective of your so-called “smart” devices, your social networks or other networked services, and how much more data is left behind. Same for machines to machine: a jet engine produces terabytes of data about its performance in just a few minutes, it would be impossible to send this data to some remote computer or network and act on the engine locally.  We already know Big Data is not just growing, it is exploding!

The conclusion is simple: one day we will no longer be able to cope, unless the information is consumed differently, locally. Our brain may no longer be enough, we hope to get help, Artificial Intelligence comes to the rescue, M2M takes off, but the new system must be highly decentralized in order to stay robust, or else it will crash like some kind of dystopian event from H2G2. Is it any wonder that even today, a large portion if not the majority of the world Internet traffic is in fact already P2P and the majority of the world software downloaded is Open Source P2P? Just think of BitCoin and how it captures the imagination of the best or bravest developers and investors (and how ridiculous one of those categories could be, not realizing its potential current flaw, to the supreme delight of its developers, who will undoubtedly develop the fix — but that’s the subject of another blog).

Consequently, centralized high bandwidth style compute will break down at the bleeding edge, the cloud as we know it won’t scale and a new form of computing emerges: fog computing as a direct consequence of Moore’s and Nielsen’s Laws combined. Fighting this trend equates to fighting the laws of physics, I don’t think I can say it simpler than that.

Thus the compute model has already begun to shift: we will want our Big Data, analyzed, visualized, private, secure, ready when we are, and finally we begin to realize how vital it has become: can you live without your network, data, connection, friends or social network for more than a few minutes? Hours? Days? And when you rejoin it, how does it feel? And if you can’t, are you convinced that one day you must be in control of your own persona, your personal data, or else? Granted, while we shouldn’t worry too much about a Blade Runner dystopia or the H2G2 Krikkit story in Life, the Universe of Everything, there are some interesting things one could be doing, and more than just asking, as Philip K Dick once did, do androids dream of electric sheep?

To enable this new beginning, we started in Open Source, looking to incubate a project or two, first one in Eclipse M2M, among a dozen-or-so dots we’d like to connect in the days and months to come, we call it krikkit. The possibilities afforded by this new compute model are endless. One of those could be the ability to put us back in control of our own local and personal data, not some central place, service or bot currently sold as a matter of convenience, fashion or scale. I hope with the release of these new projects, we will begin to solve that together. What better way to collaborate, than open? Perhaps this is what the Internet of Everything and data in motion should be about.

Tags: , , , , , , , , , , , , , , , , , , , , , ,

“Has Hybrid Cloud Arrived? Part 2: Cisco InterCloud makes hybrid cloud real !

In my last blog, “Has Hybrid Cloud Arrived? Part 1: And How Will it Shape the Role of IT Going Forward?” we looked at the business drivers of a hybrid cloud and previewed the key requirements. In this blog, we will look at Cisco InterCloud – a hybrid cloud solution, we announced this week at Cisco Live! Milan, to address the hybrid cloud needs for enterprise and service provider customers.

Business leaders today are heavily growth-oriented and are looking at new ways of deploying applications to obtain greater agility. That is where we see hybrid cloud becoming mainstream as it frees businesses to run applications on-demand and where it’s most cost-effective. Cisco InterCloud was announced to address this opportunity and facilitate optimal hybrid cloud deployments.

Hybrid Cloud

Cisco InterCloud comes with unique capabilities that enable enterprises to connect their private cloud to heterogeneous public clouds. It creates the notion of a single scalable hybrid cloud for all physical, virtual and cloud workloads – an infinite datacenter where the public cloud is treated as a virtual extension of the data center. Cisco InterCloud is designed with these tenets:

Open: Customers are excited about Cisco InterCloud, as it is an open solution that gives customers the freedom to choose hypervisor on private cloud and select their public cloud from a rich ecosystem of cloud providers. Service providers like InterCloud as it is open API based, integrates with multiple cloud platforms, e.g., CloudStack, vCloud, and OpenStack and enables them to rapidly offer a hybrid cloud solution. It reduces the effort to onboard enterprise customers. Cisco InterCloud thus provides a multi-cloud, multi-hypervisor cloud experience.

Secure: Another key factor in hybrid cloud adoption is the need to address the security and compliance concerns of public cloud deployment. Cisco InterCloud provides end-to-end secure connectivity by encrypting traffic between the enterprise private cloud and the service provider cloud. It also ensures workload security by encrypting all data-in-motion within shared multi-tenant public cloud. Additionally, customers can also deploy network services such as zone based virtual firewall and edge firewall for further workload security within public cloud.

Flexible: Customers demand bi-directional workload portability across private and public clouds. With Cisco InterCloud, customers not only can provision workloads from a self-service portal, but also with a click, migrate workloads to the public cloud and back. All of this activity happens behind the scenes as InterCloud converts workloads to the right VM format, such as VMware VMDK to AWS AMI, or to CloudStack format for providers such as BT. It makes workload portability easier as applications don’t need to be re-architected as IP addresses are retained upon migration and enterprise VLANs are extended into the cloud.

I believe that lines of business and developers are leading the journey to hybrid cloud adoption. IT has realized that it needs to shift away from its role as gatekeeper to instead being a partner to Lines of Business but IT faces certain challenges in doing so. IT has to deal with the overhead of integrating with each cloud provider and find ways to do in a secure manner. Cisco InterCloud enables IT to act as a cloud broker on behalf of lines of business. Cisco InterCloud provides unified hybrid cloud management through a built-in IT Admin portal and an extensible northbound API layer. It also allows IT to enforce consistent network security, L4-7 services and workload policies throughout the hybrid cloud.

This week’s Cisco InterCloud announcement demonstrates our continued commitment to customers. We envision a future where customers have an array of cloud options and can pick the ‘best fit’ based on workload needs, performance, cost, and location requirements. We are going into beta next quarter and have announced general availability soon afterwards. As 2014 dawns, we see a shift towards mainstream hybrid cloud adoption — hybrid cloud is finally here for real.

Tags: , , , , , ,

Beyond Data Security…Five Biggest Risks of Shadow Cloud IT Services

About two years ago, I went into a customer workshop on private cloud. As we were introducing ourselves around the table, the CIO turned to me with a pained expression and said, “Bob I have a different problem. My CFO and CEO just asked me if I knew how many of our users were accessing cloud services. They asked me if I knew how much we were spending or if there were any risks.” He said, “I don’t know the answers, and I don’t have a plan.”

In the months that followed, I would have countless other conversations with CIOs, that highlighted an emerging challenge—shadow IT. Shadow IT turns up when business groups implement a public cloud service without the knowledge of IT. In working with our customers, we have found that there are typically 5-10 times more cloud services being used than are known by IT.

The conversations I had with customers highlighted that shadow IT was creating several challenges—from monitoring cloud costs to managing service providers. One of the significant challenges with shadow IT is risk to the business. Specifically, we have seen five categories of risk arise:

#1 Data Security Risks

Company information being shared externally due to a cloud service breach is among our customers’ worst nightmares. Cloud vendors work hard to protect customers’ data. However, it falls to the business to know where their information lives and to protect it.

A security officer of a global non-profit organization recently shared with me that his organization wanted to use cloud services to help connect with donors and manage operations. However, they weren’t set up to govern providers and have no idea how donor information was being shared with cloud vendors. Many of our customers tell us they don’t have strong processes to manage cloud vendors, can’t track how their information is being shared, and often don’t know how vendors are keeping their information safe.

#2 Brand Risks

Brand risk goes hand-in-hand with a potential data security breach. If company information is stolen, or shared inappropriately, the consequences to an organization’s brand is immeasurable. Not only can a breach lead to negative press and customer backlash, but can also result in financial damages.

#3 Compliance Risks

Globally, organizations face evolving and expanding regulations that require them to retain information, maintain privacy, give people the ‘right to be forgotten,’ and more. As cloud services are used across all business functions, companies face the risk of falling out of compliance. Our customers tell us that violations are becoming more frequent as those responsible for enforcing compliance become less aware of what services are being used. Also, employees often don’t understand when using a cloud service can trigger compliance issues.

#4 Business Continuity Risks

Businesses need to ensure that cloud vendors they are using have strong business fundamentals or risk losing valuable corporate information if a vendor goes out of business or is purchased. Last year, a cloud storage provider Nirvanix went out of business and gave customers less than one month to move their data or risk losing it forever. These types of abrupt changes can lead to significant challenges in maintaining business continuity.

#5 Financial Risks

Recently, we helped a global equipment manufacturer discover that their employees were using over 630 cloud services, 90 percent of which were unknown to IT. These unknown services cost them nearly a million dollars annually. Costs are spiraling as businesses unknowingly purchase duplicate cloud services and lose their power to negotiate bulk contracts.

Identifying Cloud Risks With Cisco Cloud Consumption Services

The first step to managing the risks of shadow IT is to identify where you might face exposure. To help customers with this challenge, Cisco has introduced a new service designed to identify the business risks and costs resulting from shadow IT.

With Cisco Cloud Consumption Services, customers can know which public cloud services are being used in their business, become more agile, reduce risks, and optimize public cloud costs.

Using collection tools in the network, we help customers find out what cloud services are being used by employees across their entire organization. Our cloud experts then help customers identify and manage cloud security risks and compliance issues. Using a proprietary database of cloud vendors, we help companies identify the risk profile of services they are using and provide recommendations for managing these risks with stronger cloud service provider governance. The service also helps customers determine what they are really spending on cloud and find ways to save money.

Additionally, Cisco Cloud Consumption Services helps companies develop new processes for managing cloud vendors, from onboarding to termination. We help customers to proactively manage risks and deliver new services faster by establishing stronger cloud service management practices.

You can learn more about how we can help you understand your cloud usage and identify risks to your business at www.cisco.com/go/cloudconsumption

Many leaders that I speak with feel like they do not have a shadow IT problem, citing that their security protocols were set up to protect them. Think this is you? Think again! Recently we worked with a provincial government and discovered that they had over 650 public cloud services being used by their organization, despite blocking 90 percent of internet traffic. Simply put, if your employees have access to the internet, you have a shadow IT challenge.

I’d be interested to hear from you as to whether you feel you have challenges with shadow IT and what the risks could be. I look forward to your comments!

Additional Resources:

Tags: , , , ,

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.

 d10secoverlay

Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 – Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Summary: Crossing the bridge – Five cloud services you should pay attention to

A number of key applications consumed by businesses through premise-based deployments are now available from the cloud. Irrespective of where you are in the evolution to the cloud, here are five services that are worth your attention.

Read my full article for a closer look!

Tags: , , , , , , , , , , ,