Cisco Blogs

Baking Security Into the Cloud

November 13, 2014 - 2 Comments

Enterprises, governments, and organizations of all sizes are moving to the cloud in record numbers. The cloud can offer resiliency, but it also introduces new security challenges. Security needs to be baked in from the beginning, across the board.

Cisco has invested over $1 billion in people, infrastructure, equipment, and services to address the cloud market. Most recently, we launched the Cisco Intercloud, a network of clouds from multiple cloud service providers across the world designed to meet customers’ needs for a globally-distributed cloud platform that enables federated workloads that can be moved from one cloud to another.

Cisco Intercloud’s approach delivers flexibility, and challenges existing security models. We are no longer building, we are operating, federating, orchestrating, and instrumenting. Our goal is to have this new capability match or exceed controls built to date – transparently. We’re not there yet, as of this posting, and that’s okay – because getting the strategy right is the key to getting there.

Below is a short video I did on securing the Intercloud. Please join the conversation in the comments section.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. First I wanted to clarify what John Stewart is discussing in the original post. We believe that enterprises both commercial and in public sector will leverage resources from many cloud providers. And incremental value will come from connecting clouds (private to public, and public to public) and we are creating a platform to do this and provide security and privacy of users in data as you connect those services. Each cloud offering will have to meet compliancy requirements based on the customers it will support, like FISMA/FedRAMP in a federal instance or PCS, GLBA, and SOX in a financial use case. As for Cisco’s cloud applications go, we will support many of the compliances and certifications that you mention above. We currently support or in the process of supporting Sox, SSAE16, ISO 27001, FISMA, FedRAMP and HIPPA. Over the next 3 months we will document all the compliances and they will be hosted on our Web Site, so stay tuned..

  2. Very encouraging plan. Agree with statement “security in cloud must match what was in Data Center.” As a government contractor we are subject to federal regulations. Among those regulations and assessments listed below, which are CISCO Planning to achieve (or achieved) in their cloud service offering?

    FISMA Compliance
    HITRUST Certification
    FedRAMP Certification
    PCI-DSS Certification
    SOX Compliance
    GLBA Compliance
    SSAE16 – SOC 2 Type 2 Assessment

    Thank you,

    Ken Kasprzak, CISSP