Cisco Blogs

Cisco Blog > Data Center

“Has Hybrid Cloud Arrived? Part 2: Cisco InterCloud makes hybrid cloud real !

In my last blog, “Has Hybrid Cloud Arrived? Part 1: And How Will it Shape the Role of IT Going Forward?” we looked at the business drivers of a hybrid cloud and previewed the key requirements. In this blog, we will look at Cisco InterCloud – a hybrid cloud solution, we announced this week at Cisco Live! Milan, to address the hybrid cloud needs for enterprise and service provider customers.

Business leaders today are heavily growth-oriented and are looking at new ways of deploying applications to obtain greater agility. That is where we see hybrid cloud becoming mainstream as it frees businesses to run applications on-demand and where it’s most cost-effective. Cisco InterCloud was announced to address this opportunity and facilitate optimal hybrid cloud deployments.

Hybrid Cloud

Cisco InterCloud comes with unique capabilities that enable enterprises to connect their private cloud to heterogeneous public clouds. It creates the notion of a single scalable hybrid cloud for all physical, virtual and cloud workloads – an infinite datacenter where the public cloud is treated as a virtual extension of the data center. Cisco InterCloud is designed with these tenets:

Open: Customers are excited about Cisco InterCloud, as it is an open solution that gives customers the freedom to choose hypervisor on private cloud and select their public cloud from a rich ecosystem of cloud providers. Service providers like InterCloud as it is open API based, integrates with multiple cloud platforms, e.g., CloudStack, vCloud, and OpenStack and enables them to rapidly offer a hybrid cloud solution. It reduces the effort to onboard enterprise customers. Cisco InterCloud thus provides a multi-cloud, multi-hypervisor cloud experience.

Secure: Another key factor in hybrid cloud adoption is the need to address the security and compliance concerns of public cloud deployment. Cisco InterCloud provides end-to-end secure connectivity by encrypting traffic between the enterprise private cloud and the service provider cloud. It also ensures workload security by encrypting all data-in-motion within shared multi-tenant public cloud. Additionally, customers can also deploy network services such as zone based virtual firewall and edge firewall for further workload security within public cloud.

Flexible: Customers demand bi-directional workload portability across private and public clouds. With Cisco InterCloud, customers not only can provision workloads from a self-service portal, but also with a click, migrate workloads to the public cloud and back. All of this activity happens behind the scenes as InterCloud converts workloads to the right VM format, such as VMware VMDK to AWS AMI, or to CloudStack format for providers such as BT. It makes workload portability easier as applications don’t need to be re-architected as IP addresses are retained upon migration and enterprise VLANs are extended into the cloud.

I believe that lines of business and developers are leading the journey to hybrid cloud adoption. IT has realized that it needs to shift away from its role as gatekeeper to instead being a partner to Lines of Business but IT faces certain challenges in doing so. IT has to deal with the overhead of integrating with each cloud provider and find ways to do in a secure manner. Cisco InterCloud enables IT to act as a cloud broker on behalf of lines of business. Cisco InterCloud provides unified hybrid cloud management through a built-in IT Admin portal and an extensible northbound API layer. It also allows IT to enforce consistent network security, L4-7 services and workload policies throughout the hybrid cloud.

This week’s Cisco InterCloud announcement demonstrates our continued commitment to customers. We envision a future where customers have an array of cloud options and can pick the ‘best fit’ based on workload needs, performance, cost, and location requirements. We are going into beta next quarter and have announced general availability soon afterwards. As 2014 dawns, we see a shift towards mainstream hybrid cloud adoption — hybrid cloud is finally here for real.

Tags: , , , , , ,

Beyond Data Security…Five Biggest Risks of Shadow Cloud IT Services

About two years ago, I went into a customer workshop on private cloud. As we were introducing ourselves around the table, the CIO turned to me with a pained expression and said, “Bob I have a different problem. My CFO and CEO just asked me if I knew how many of our users were accessing cloud services. They asked me if I knew how much we were spending or if there were any risks.” He said, “I don’t know the answers, and I don’t have a plan.”

In the months that followed, I would have countless other conversations with CIOs, that highlighted an emerging challenge—shadow IT. Shadow IT turns up when business groups implement a public cloud service without the knowledge of IT. In working with our customers, we have found that there are typically 5-10 times more cloud services being used than are known by IT.

The conversations I had with customers highlighted that shadow IT was creating several challenges—from monitoring cloud costs to managing service providers. One of the significant challenges with shadow IT is risk to the business. Specifically, we have seen five categories of risk arise:

#1 Data Security Risks

Company information being shared externally due to a cloud service breach is among our customers’ worst nightmares. Cloud vendors work hard to protect customers’ data. However, it falls to the business to know where their information lives and to protect it.

A security officer of a global non-profit organization recently shared with me that his organization wanted to use cloud services to help connect with donors and manage operations. However, they weren’t set up to govern providers and have no idea how donor information was being shared with cloud vendors. Many of our customers tell us they don’t have strong processes to manage cloud vendors, can’t track how their information is being shared, and often don’t know how vendors are keeping their information safe.

#2 Brand Risks

Brand risk goes hand-in-hand with a potential data security breach. If company information is stolen, or shared inappropriately, the consequences to an organization’s brand is immeasurable. Not only can a breach lead to negative press and customer backlash, but can also result in financial damages.

#3 Compliance Risks

Globally, organizations face evolving and expanding regulations that require them to retain information, maintain privacy, give people the ‘right to be forgotten,’ and more. As cloud services are used across all business functions, companies face the risk of falling out of compliance. Our customers tell us that violations are becoming more frequent as those responsible for enforcing compliance become less aware of what services are being used. Also, employees often don’t understand when using a cloud service can trigger compliance issues.

#4 Business Continuity Risks

Businesses need to ensure that cloud vendors they are using have strong business fundamentals or risk losing valuable corporate information if a vendor goes out of business or is purchased. Last year, a cloud storage provider Nirvanix went out of business and gave customers less than one month to move their data or risk losing it forever. These types of abrupt changes can lead to significant challenges in maintaining business continuity.

#5 Financial Risks

Recently, we helped a global equipment manufacturer discover that their employees were using over 630 cloud services, 90 percent of which were unknown to IT. These unknown services cost them nearly a million dollars annually. Costs are spiraling as businesses unknowingly purchase duplicate cloud services and lose their power to negotiate bulk contracts.

Identifying Cloud Risks With Cisco Cloud Consumption Services

The first step to managing the risks of shadow IT is to identify where you might face exposure. To help customers with this challenge, Cisco has introduced a new service designed to identify the business risks and costs resulting from shadow IT.

With Cisco Cloud Consumption Services, customers can know which public cloud services are being used in their business, become more agile, reduce risks, and optimize public cloud costs.

Using collection tools in the network, we help customers find out what cloud services are being used by employees across their entire organization. Our cloud experts then help customers identify and manage cloud security risks and compliance issues. Using a proprietary database of cloud vendors, we help companies identify the risk profile of services they are using and provide recommendations for managing these risks with stronger cloud service provider governance. The service also helps customers determine what they are really spending on cloud and find ways to save money.

Additionally, Cisco Cloud Consumption Services helps companies develop new processes for managing cloud vendors, from onboarding to termination. We help customers to proactively manage risks and deliver new services faster by establishing stronger cloud service management practices.

You can learn more about how we can help you understand your cloud usage and identify risks to your business at

Many leaders that I speak with feel like they do not have a shadow IT problem, citing that their security protocols were set up to protect them. Think this is you? Think again! Recently we worked with a provincial government and discovered that they had over 650 public cloud services being used by their organization, despite blocking 90 percent of internet traffic. Simply put, if your employees have access to the internet, you have a shadow IT challenge.

I’d be interested to hear from you as to whether you feel you have challenges with shadow IT and what the risks could be. I look forward to your comments!

Additional Resources:

Tags: , , , ,

Securing Cloud Transformation through Cisco Domain Ten Framework v2.0

Businesses of all sizes are looking for Cloud solutions to solve some of their biggest business and technology challenges—reducing costs, creating new levels of efficiency, transform to create agile environment and facilitate innovative business models. Along with the promise of Cloud comes top concern for Security. With rise of applications, transactions and data in the Cloud, business are losing control and have less visibility on who and what is moving in and out of the business boundaries. 

Any  transformation initiative with Cloud, whether a private, hybrid or public, with early focus on security from architecture, governance, risks, threats and compliance perspective can enable the business with a compelling return on investment with a faster time to business value – regardless of geographic, industry vertical, operational diversity or regulatory needs.

Here, I would like to bring to your attention on Cisco Domain Ten framework v2.0 and my blog on What’s New in Cisco Domain Ten Framework 2.0 that is born from Cisco’s hard won experience of deploying both private, hybrid and public Cloud environments, Cisco has developed the Cisco Domain Ten framework and capabilities to help customers accelerate IT transformation.

The Cisco Domain Ten does not prescribe that customers must build each domain into their strategy – rather it provides guidance on what aspects should be considered, what impacts should be identified, and what relationships exist between domains.  Cisco Domain Ten framework 2.0, we can establish the foundation of a true IT transformation and the factors you need to consider for success. Key is to identify, establish and track strategic, operational and technological outcomes for IT transformation initiates. A major thrust of the Cisco Domain Ten is to help customers strategize for transformation vision, standardize their technology components and operational procedures, and automate their management challenges, to deliver on the potential of IT Transformation– covering Internet, Branch, Campus and Data Center environments.

Security consistently tops CIO’s list of cloud concerns. The security domain highlights identification of security and compliance requirements, along with an assessment of current vulnerabilities and deviations from security best practices for multisite, multitenant physical and virtual environments for one’s IT transformation vision.

Security should be a major consideration in any IT transformation strategy. The architecture should be designed and developed with security for applications, network, mobile devices, data, and transactions across on-premise and off-premise solutions. Moreover, security considerations for people, process, tools, and compliance needs should be assessed by experts who understand how to incorporate security and compliance safeguards into complex IT transformation initiatives.

Security is an integral part of the Cisco Domain Ten framework, applies to all ten domains, and provides guidance to customers on all security aspects that they needs. Our Senior Architect from Security Practice – Ahmed Abro articulates well in Figure – 1 Cisco Domain Ten Framework with Security Overlay that there are security considerations for all ten domains for Cloud solutions.


Figure – 1 Cisco Domain Ten with Security Overlay

Now that we understand how Cisco’s Domain Ten Overlay approach that helps one to discuss security for each domain of Cisco Domain Ten Framework, let’s now talk about the how Cisco Domain Ten aligns with Cloud Security Alliance’s (CSA) Cloud Control Matrix to discuss the completeness and depth of the approach.

CSA Cloud Control Matrix Alignment with Cisco Domain Ten

Application & Interface Security

  • D-8 – Application

Audit Assurance & Compliance

  • D-10 – Organization, Governance, processes

Business Continuity Mgmt & Op Resilience

  • D10 – Organization, Governance, processes

Change Control & Configuration Management

  • D10 – Organization, Governance, processes and
  • D-3 – Automation

Data Security & Information Lifecycle Mgmt

  • D-9 – Security and Compliance

Datacenter Security Encryption & Key Management

  • D-9 – Security and Compliance and
  • D-1 – Infrastructure

Governance & Risk Management

  • D10 – Organization, Governance, processes

Human Resources Security

  • D10 – Organization, Governance, processes

Identity & Access Management

  • D-4 – Customer Interface

Infrastructure & Virtualization

  • D-1 – Infrastructure and Environment and
  • D-2 – Abstraction and Virtualization

Interoperability & Portability

  • D-7 – Platform and
  • D-8 – Application

Mobile Security

  • D-8 – Application and
  • D-1 – Infrastructure and Environment

Sec. Incident Mgmt , E-Disc & Cloud Forensics

  • D-9 – Security and Compliance and
  • D10 – Organization, Governance, processes

Supply Chain Mgmt, Transparency & Accountability

  • D10 – Organization, Governance, processes
Threat & Vulnerability Management
  • D-9 – Security and Compliance

 Table – 1 CSA Cloud Control Matrix Alignment

with Cisco Domain Ten Framework

From above table, one can see that Cloud Security Alliance Cloud Control Matrix and Cisco Domain Ten aligns well and it also highlights key facts that many areas such as Mobile security requires one to focus on Application and Infrastructure (network, virtual servers), etc to address security needs. One should also note that Cisco Domain Ten’s focus on Catalog (Domain 5) & Financials (Domain 6) that highlights security specific SLA and assurance discussions for security controls.

Now that that we discussed, Cisco Domain Ten approach for Security, In the next blog, I would try to discuss how Cisco Service’s focus on the strategy, structure, people, process, and system requirements for Security can help business address an increasingly hostile threat environment and help successful migration to Secure Cloud based transformation. We will also discuss current questions in business asks or should ask to understand security and privacy in the vendor’s agreements.


Tags: , , , , , , , , , , , , , , , , , , , , , ,

Summary: Crossing the bridge – Five cloud services you should pay attention to

A number of key applications consumed by businesses through premise-based deployments are now available from the cloud. Irrespective of where you are in the evolution to the cloud, here are five services that are worth your attention.

Read my full article for a closer look!

Tags: , , , , , , , , , , ,

What’s New in Cisco Domain Ten Framework 2.0

 Earlier this week, we announced the Cisco Domain Ten framework 2.0, enhanced by great input from customers, partners, and Cisco’s well-earned experience of strategizing and executing IT transformation.

The enhanced Cisco Domain Ten framework helps customers drive better strategic decisions, providing greater focus on business outcomes, providing deeper analysis of hybrid cloud implications, and extending the framework beyond data center and cloud to include all IT transformation initiatives.

You may have read Stephen Speirs earlier blogs about Cisco Domain Ten for cloud transformation. Today, let’s look at key changes in the Cisco Domain Ten framework 2.0 from the original version. These changes have been adopted to enhance discussions on three themes:

  1. Highlight importance of public clouds as part of IT transformation and solutions using IaaS, PaaS, and SaaS within the data center and across the entire business.
  2. Addition of “Organization” in Domain 10 to bring together the business and technology focus for strategy discussions.
  3. Name changes for some domains to facilitate ease of alignment and discussion on overall IT transformation across multiple architectures and technology solutions such as ITaaS, collaboration, mobility, video, etc. for both enterprise and provider perspectives.

Read More »

Tags: , , , , , , , , , , , , , , , , , , ,