A few weeks ago, I was speaking with a CISO who said, “Our team is coming to the conclusion right now that we need to hire experts for every cloud – GCP, Azure, AWS – just to maintain our existing security. We don’t have the headcount for that.”

This wasn’t the first time I’ve heard this. In fact, it’s become a common theme in my conversations with customers and partners. That’s because today, most organizations have two or three public clouds on top of their private cloud. As the number of clouds in their environment rose, so did the number of tools, vendors, and licensing agreements needed to protect those environments. Not only have all these disparate point solutions increased the need for specialized training and expertise, but they also create headaches for network and security teams due to all the gaps, blind spots, and inconsistent – or even competing – information from siloed products.

Solving for these multicloud problems – the expanded attack surface, loss of visibility, and strained resources, while supporting rapid application development and deployment – calls for a new approach. One that addresses today’s challenges holistically, not piecemeal, building security in from the start and providing a framework that enables organizations to grow securely with confidence.

Designed for a hybrid and multicloud world

The Cisco Cloud Protection Suite is a flexible framework designed for hybrid and multicloud environments. It is a multifaceted approach to security that combines complementary solutions to address three critical areas:

  • Reduce the attack surface and protect applications wherever they live,
  • Simplify the operational complexity of protecting hybrid and multicloud environments, and
  • Enable the business to grow while empowering security teams to achieve their objectives with the right resources.

Alessio, Chief Digital Solution Officer for Leroy Merlin Italy, stated it best: We can consider cybersecurity a puzzle: each piece must stay in the right place to create the image and I think Cisco’s Cloud Protection Suite is the complete puzzle for cloud protection, ensuring solutions are in the right ecosystem and communicating. In cybersecurity, we have in fact an enormous portfolio of solutions, and the important thing is that those solutions stay in the correct position, in the right ecosystem, and they must communicate with each other. Today, the protection cannot be concentrated only in one specific point or vertical silos.” 

A holistic approach

Applications live everywhere and are part of an interconnected ecosystem. So, when we look at protecting applications across distributed environments, we find that there are five fundamental areas that need to be addressed to secure the application and reduce the attack surface:

  1. Secure the traffic to and from the clouds (ingress/egress) and use macro-segmentation to prevent unauthorized movement between virtual private clouds (VPCs).
  2. Prioritize the vulnerabilities that matter most to effectively reduce risk to the business.
  3. Prevent unauthorized lateral movement, on-premises and in the cloud, by applying microsegmentation to the application workloads.
  4. Ensure cloud-native applications maintain their integrity across their entire lifecycle from development to run-time, as well as every resource that connects them.
  5. And continuously monitor the attack surface of the cloud environment including assets, configurations, and policies to proactively identify vulnerabilities and respond to threats.

The Cloud Protection Suite capabilities cover all five of these areas providing pervasive visibility and security for any application regardless of where they reside.

Simplifying multicloud security

This is all well and good but what about the expertise and resources to manage these tools and environments? The answer is that the Cloud Protection Suite dramatically simplifies security operations for multicloud environments. It provides one interface to manage and deploy security controls across all your clouds. In practical terms this means you can write a policy once and using built-in automation and orchestration deploy it on AWS, Azure, GCP, and OCI. This is a game changer as it massively reduces the overhead and training required to manage security for cloud networks.

Empowering security to support business growth

Organizations grow organically and through acquisitions, resulting in a host of different environments, applications, and tools. The average organization has upwards of 76 security tools1 deployed on their security stack. Tool spawl not only costs resources in terms of maintenance and training, but when a breach does occur complex security stacks increase the costs by approximately 31%2.

The Cloud Protection Suite is cloud agnostic and reduces tool sprawl, providing a flexible framework to protect any application running on any workload in any environment. It enables customers to rapidly onboard new cloud accounts for acquisitions or new lines of business and ensure compliance with InfoSec requirements. It integrates with the application development and deployment process, so security is built in from the beginning. And it has over 100 pre-built APIs and integrations to easily integrate existing or new systems and assets for deep visibility into vulnerabilities and the attack surface.

The complexity of hybrid and multicloud environments are outpacing human scale and skills, and the security challenges can often feel overwhelming. The Cloud Protection Suite was designed specifically to address these issues by combining Multicloud Defense, Secure Workload, Vulnerability Management, Cloud Application Security, and Attack Surface Management into one framework. The result, is a modern approach to security that delivers:

  • Better Efficacy: Reduces your attack surfaces by stopping lateral movement of attacks and reducing risk across the data center and clouds.
  • Better Experience: Simplifies your multicloud operations by consolidating security tools, unifying controls, and leveraging automation to achieve greater efficiencies.
  • Better Economics: Scales on your terms with a flexible security framework that supports all stages of cloud maturity.

Learn more about Cisco Cloud Protection Suite

Explore more blogs on Cisco Security Suites here:

The User Protection Suite
The Cisco Breach Protection Suite

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Source: 1Panaseer 2022 Security Leaders Peer Report  2Ponemon Institute/IBM, Cost of a Data Breach Report 2023


Rick Miles

Vice President Product Management, Cloud and Network Security

Security Business Group