Cisco Blogs

Cisco Blog > Cloud

Cut Your Risks & Costs By Reducing Redundant Cloud Services

How crazy is this? We’ve found that large organizations on average use 172 compute, 157 marketing and sales and 62 finance services from the cloud. Some organizations use nearly double these amounts!

Simply put, as businesses groups control more IT spend and purchase more cloud services, cloud sprawl is skyrocketing. A large organization now uses on average 730 individual cloud services (including SaaS, PaaS, and IaaS).

So what are the top cloud services categories?


Read More »

Tags: , , , , , ,

Cisco Announces Intent to Acquire OpenDNS

Every day, more people, processes, data and things become connected. As this trend continues to grow exponentially, so too, do opportunities for security breaches and malicious threats. With an estimated 50 billion devices being connected by 2020, enterprise customers will face greater challenges in protecting their ever-expanding networks. To address these risks Cisco is focused on providing solutions across the extended network for its customers, what we call Security Everywhere. We are embedding threat protection capabilities from the enterprise infrastructure to the data center, from mobile to the cloud, and on the endpoints within their environment.

To enhance our strategy, I am pleased to announce our intent to acquire OpenDNS, a leading provider of advanced threat protection for any device, anywhere, anytime, delivered in a Software-as-a-Service (SaaS) model. The acquisition will extend our ability to provide customers enhanced visibility and threat protection for unmonitored and potentially unsecure entry points into the network, and to quickly and efficiently deploy and integrate these capabilities as part of their defense architecture. This acquisition builds on Cisco’s security strategy, adding broad visibility and predictive threat intelligence from OpenDNS’ cloud platform, accessed by more than 65 million users daily.

To build on Cisco’s advanced threat protection capabilities, we plan to continue to innovate a cloud delivered Security platform integrating OpenDNS’ key capabilities to accelerate that work. Over time, we will look to unite our cloud-delivered solutions, enhancing Cisco’s advanced threat protection capabilities across the full attack continuum—before, during and after an attack.

The OpenDNS team will join the Cisco Security Business Group under the leadership of Senior Vice President and General Manager David Goeckeler. Their deep security expertise and key technologies will be a natural fit to Cisco’s security vision and the Security Business Group. The acquisition is expected to close in the first quarter of fiscal 2016.

Tags: , , ,

Cisco Cloud Security Architecture: Un-Cloaking Invisible Threats

In the more than ten years, I have worked in developing security solutions, I have witnessed the steady evolution of security threats and the incredible strides made to combat them. Recent high profile security breaches have shown that a breach in security can have serious consequences.. It can lead to loss or destruction of business assets, bad publicity and its associated effect on a company’s brand, hefty regulatory fines, disruption of services and costs associated with numerous lawsuits. The main task of a hacker is to access business assets through the network without being detected. The threats are normally cloaked within ubiquitous traffic flows such as web or email. Whatever the nature of a threat, an attack leaves signatures behind that can be used to “un-cloak” the threat. Threat defense and visibility is the watchword.

It has been exhausting to many of us, to be constantly engaged in the never ending cat and mouse game we play to manage and detect cyber threats. When it comes to securing private and public clouds, a new generation of Read More »

Tags: , , , , , , ,

Pros and Cons: Do-It-Yourself Approaches to Monitoring Shadow IT & Cloud Services

Shadow IT is estimated to be 20-40 percent beyond the traditional IT budget. The ease by which organizations can purchase apps and services from cloud service providers (CSP) contributes significantly to this spending. This is an eye-catching number worthy of investigation—not only to identify and reduce costs, but to discover business risks. So, it is no surprise that CIOs and CFOs have started projects to identify and monitor unknown CSPs.

I often get questions from customers asking if it is possible for IT to monitor cloud service usage and discover shadow IT using existing technologies, and what the pros and cons would be.

The first CSP monitoring approach I am asked about is the use of secure web gateways. A gateway captures and categorizes incoming web traffic and blocks malicious malware. The benefit of this approach is that the gateways are typically already in place. However, there are several limitations in relying exclusively on this approach. Gateways cannot differentiate between a traditional website and a CSP which might be housing business data. They also have no way of discerning whether a given CSP poses a compliance or business risk. Most importantly, to use gateways to track CSPs, IT would need to create and maintain a database of thousands of CSPs, and create a risk profile for each CSP in order to truly understand the specific service being consumed.

The second approach I get asked about is whether organizations can use NetFlow traffic to monitor CSPs. Many customers feel that they can build scripts in a short amount of time to capture usage. Simply answered, yes this can be done. But organizations would face a similar challenge as if they were using web gateways. To capture CSP traffic using NetFlow, IT would need to develop scripts to capture every CSP (numbering in the tens of thousands). Then identify how each CSP is being used, the risk profile of the CSP to an organization, and how much the CSP costs to project overall spend. This is just the beginning. An IT department would then need to build reporting capabilities to access the information as well as continually maintain the database; and apply resources to this undertaking on a monthly basis to ensure the database was current.

The good news, Cisco has done this work for our customers! We have developed Cloud Consumption Services to help organizations identify and reduce shadow IT. Using collection tools in the network, we can discover what cloud services are being used by employees across an entire organization. Cloud Consumption includes a rich database of CSPs and can help customers identify the risk profile of each CSP being accessed, and identify an organization’s overall cloud spend.

Cisco has helped many IT organizations discover their shadow IT. For example, we worked with a large public sector customer in North America who was struggling to embrace the cloud, but were concerned about business risks. Employees were pushing for cloud services to improve productivity when 90% of Internet traffic was blocked by the organization’s policy. Despite these restrictions, 220 cloud providers were being used already and less than 1% were authorized by IT. Leveraging Cloud Consumption Services, the customer was not only able to manage risk, but also authorize future cloud services based on employee needs in a controlled manner.

It is a good practice for every IT organization to understand how employees are using cloud services and monitor usage on an on-going basis. I encourage our customers to determine which approach would work best for their organization; otherwise they may face unknown business risks and costs.

To learn more about avoiding the pitfalls of shadow IT and how you manage cloud services, please register to attend an upcoming webinar on Dec 11, 2014 at 9:00 a.m. PT.


Tags: , , , , , , , , ,

#CiscoChampion Radio S1|Ep 37. New Cloud Era, New Data Protection Model

cisco_champions BADGE_200x200#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re talking with Cisco Compliance and Data Privacy Leader Evelyn De Souza, about Cloud Security. Brian Remmel (@bremmel) moderates and Andres Sarmiento and Denise Fishburne are this week’s Cisco Champion guest hosts.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.

Cisco SME
Evelyn De Souza, @e_desouza, Cisco Compliance and Data Privacy Leader

Cisco Champions
Andres Sarmiento, @asarmiento85, Lead Technical Consultant
Denise Fishburne, @DeniseFishburne, Systems Engineer Read More »

Tags: , , ,