Cisco Blogs
Share

Don’t Let Your Cloud Security Strategy Get Railroaded by Old Thinking


March 23, 2016 - 10 Comments

The standard gauge used for railroads (that is the distance between the rails) in the U.S. is four feet, eight and a half inches, which is an odd number however you look at it. The history behind it is even stranger and is a cautionary tale of assumptions and the consequences of basing decisions on old thinking.

That oddly sized gauge was borrowed from the English standard of railroad width, where they built railroads with the same tools they used to build wagons, which used that wheel spacing. And the wheel spacing had to be that width because that was the spacing of the wheel ruts that existed at the time in the roads throughout England.

So who created those?

Roman chariots created the wheel ruts in the roads when they occupied England some two thousand years ago. These Roman war chariots were built just wide enough to accommodate the rear-ends of two horses, which just happened to be…you guessed it: four feet, eight and a half inches wide. This created the standard gauge that is still used today.

Ok, so where’s this heading?

The space shuttles used in modern day space exploration carried two large booster rockets on the sides of their main fuel tanks. These rockets, called solid rocket boosters or SRBs, which gave the spacecraft initial thrust upon launch, were built in a factory in Utah. The engineers of the SRBs would have preferred to make them larger, but the SRBs had to be transported by train from the factory to the launch site. That railroad line ran through a tunnel in the Rocky Mountains and the SRBs had to fit through that tunnel. The tunnel is only slightly wider than the railroad track, and the railroad track, as we now know, is only about as wide as the hindquarters of two equestrian.

Say that again?

A primary constraint in the design of one of the most advanced transportation systems ever developed was determined more than two thousand years ago by two horses’ asses.

Interesting, but what’s that have to do with cloud security?

That is the danger of getting caught in the rut of the same old thinking. There’s danger in thinking about security in the old way when it comes to securing cloud infrastructure. Cloud security can’t be solved with legacy security technologies or siloed approaches to security. Cloud security must be as dynamic as the nature of the cloud itself and should address the issues of:

  1. Keeping valuable data secure in the data center or wherever your cloud is hosted;
  2. Securing applications and data in the cloud;
  3. Enabling secure access anywhere, to anything for the mobile user or IoT;
  4. Consistently protecting against threats across the data center, cloud and wherever users roam before, during, and after attacks; while
  5. Providing visibility across the entire spectrum to enforce governance and compliance.

Cloud security doesn’t require simply the deployment of a separate application or new technology. Nor does it require you to completely scrap your existing infrastructure. It is an extension of your entire security program where security is embedded into the intelligent network infrastructure, integrates with a rich ecosystem of applications and services, is pervasive across the extended network – not just networks themselves but all endpoints, mobile and virtual, that extend to wherever employees are and wherever data is…from the beating heart of the enterprise data center out to the mobile endpoint and even onto the factory floor.

Think of the journey to cloud security adoption as your chance to take off into space; when planning the size of your rockets, are you imagining all the new possibilities or limiting your opportunities by what we’ve always done. Hopefully the cautionary tale of the history of US railroads helps you expand your thinking.

Check out our Cisco Business Cloud Advisor adoption tool to evaluate the overall readiness of your organization’s cloud strategy, including from a security perspective. Also stay tuned to this blog as dig further into this topic.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

10 Comments

  1. Hey sir, I greatly enjoyed this article and would love to dive deeper by clicking through the adoption tool; however, I have no idea how to obtain a valid link to register with. Any advice?

  2. I like your approach on keeping agile and not "getting stuck in a rut" but at the same time, having a consistent recognized standard is also a great enabler and cost saver. I would imagine the success of the railway systems would have been hampered if there were different track gauges at every state and country border. Transporting thing across these boundaries would be a lot slower. I think if we can provide an agile model for the development of cloud, while at the same time developing, supporting, and promoting, security standards including our own (i.e. pxGRID, ACI, CIA) , I think we will be able deliver solutions and services that enable our customers to develop innovative, powerful and secure capabilities.

    • Paul: I fully agree with your comment here.I, too, am excited about the solutions Cisco is delivering that enable customers to implement well-integrated security solutions across their entire cloud environment(s) which promote the best of what cloud was meant to do in offering the freedom to forge new business opportunities.

  3. Great ! Well Done.

    • Thank you, Fabio. Stay tuned. There's much more to come.

  4. Love the analogy between the Romans and Cloud Security

    • Thank you, Beth. If only I were able to uncover da Vinci drawings of cloud architecture.

  5. Well written Player!

  6. Sometimes the act of moving business functionality to the cloud creates opportunities to try and do new things, but in my experience cloud security = deciding which security controls you'll either functionally duplicate, eliminate, or allow to be diminished in the cloud. Most often the latter two. Unless of course you have a pretty terrible security program and capability to begin with.