At Cisco, virtually all customers I’ve met with have a cloud presence — regardless of the size of their industry. While each one of these organizations has their own unique journey, infrastructure, and security stack recipes, the most common question among them is:

“How do I bring our on-prem and cloud security closer together?”

At Cisco Live US 2023, we announced our Cisco Security Cloud vision: a cloud-delivered, AI-driven security platform that protects across hybrid and multicloud infrastructures, with phenomenal user experiences. Today, at Cisco Live EMEA 2024, we are announcing further tangible results in converging data center and multicloud security fabrics, protecting customers from ground to cloud. Two new capabilities — hybrid cloud connectivity and network object sharing — deliver a simplified, unified security experience across environments, helping organizations save time when creating network security policies, reducing complexity, and minimizing risk when sharing infrastructure between on-premises and cloud infrastructure.

Hybrid cloud connectivity: Create secure connections from ground to cloud

Imagine your organization has a cloud application requiring communication with a particular application residing on-premises or in another cloud. How would you securely connect this infrastructure? In the past, organizations would look to direct connection, which is costly, limited in availability, and may require partnering with intermediary organizations to facilitate connections between your environments.

The hybrid cloud connectivity capability brings together Cisco Multicloud Defense, Cisco Secure Firewall, and Cisco Defense Orchestrator to help organizations securely connect cloud applications to on-premises infrastructure and vice versa. To make these on-ramp connections, you would deploy Multicloud Defense Gateways and Secure Firewall (both hardware and virtual appliances) at the beginning and the end of the tunnel. Afterwards, organizations would leverage Cisco Defense Orchestrator to orchestrate an IPsec tunnel for “site-to-cloud” infrastructure connectivity and “cloud-to-cloud” infrastructure connectivity. This is critical for organizations:

  • When dedicated cloud service provider connection (e.g. AWS Direct Connect or Azure ExpressRoute) or secure connection isn’t available
  • Who need to save time by keeping operations in-house
  • Looking to mitigate risk by staying in control of their connections between environments

Network object sharing: Simplify policy creation across on-premises and the cloud

All too often, organizations feel the pain of operating security tools in silos when protecting both on-premises and cloud infrastructure. A great example of these silos can be seen in hybrid cloud deployments where an organization has both a firewall to protect on-premises infrastructure and cloud network security controls to protect their cloud environments. Each of these solutions would require their own isolated set of network objects for policy enforcement and maintenance of objects, resulting in increased management complexity and overhead for organizations.

The release of network object sharing from Cisco alleviates these silos for organizations, simplifying policy creation and reducing complexity across their hybrid cloud by removing duplicative processes and ongoing maintenance of operating separate network security solutions. With the help of Cisco Defense Orchestrator’s object management feature, organizations can find and share already created objects between Secure Firewall Threat Defense (through Firewall Management Center and Cloud-delivered Firewall Management Center), Secure Firewall ASA, and Multicloud Defense.

"The release of network object sharing from Cisco alleviates these silos for organizations, simplifying policy creation and reducing complexity across their hybrid cloud." - Christopher Consolo, Product Marketing Manager, Cisco Security

This means if a network object was already created for Secure Firewall Threat Defense, organizations can use that same object when creating a security policy within Multicloud Defense. The ability to share network objects:

  • Saves organizations time and decreases overhead cost by removing redundant processes
  • Reduces risk by simplifying security policy creation
  • Removes complexity by allowing organizations to consolidate objects to a single set
  • Gives organizations greater flexibility and solution choice when solving network security use cases

Today’s launch is another example of how Cisco is converging the fabrics of best-in-class data center and multicloud security to protect customers from ground to cloud. By introducing hybrid cloud connectivity and network object sharing in the network security platform, organizations will enjoy a more simplified, unified security experience across their hybrid cloud.

To learn more about how Cisco is bringing your on-premises and cloud security closer together with these capabilities, reach out to your Cisco sales representative.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Christopher Consolo

Product Marketing Manager

Cisco Security