CLOUD COMPUTING A NEW FRONTIER IN CLOUD SECURITY · 3. Build private Cloud and PaaS 2. Open and automated 4. Use public Cloud Converged HyperConverged Managed IaaS SaaS tics rity

CLOUD COMPUTING

A NEW FRONTIER IN CLOUD SECURITY

Jon Ebmeier, Technical Solutions Architect

Cisco Systems, US Commercial

Data Center Strategy

C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

App is the new business

Multicloud is the new Data Center

Developer is the new Customer



80%Employees use software not

cleared by IT.

Study by Stratecast and Frost & Sullivan

83%IT Staff admit to using

unsanctioned software and services.

8%Enterprises understand

impact of Shadow IT.


http://www.mcafee.com/us/resources/reports/rp-six-trends-security.pdf


Will usemultiple clouds

84% 73%Have a hybrid cloud strategy81%

Evaluating or using

public cloud


Public

MicroServices

Developers

DevOpsPrivate

Virtualized

ITData Center

Bare - Metal

The Perfect Storm

Application evolution

Management and operations

Workload locations

“50% Fortune 500 companies are expected to no longer exist within 10 years”

- John Chambers


Challenges for IT

New apps

Average enterprise hasat least 13 cloud-native business

apps

Complexity

New users

20M developers today growing to 25M by

2020

Compliance

New attack surfaces

6 months to detect breach3

Compromise


1. Modernize infrastructure

3. Build private Cloudand PaaS

2. Open and automated

4. Use public Cloud

Converged HyperConverged

IaaS SaaSManaged

6. P

erva

sive

sec

uri

ty

5. P

erva

sive

an

alyt

ics

Network Compute Storage

Capturing Customer Intent

4a. Common Application Blueprints

4b. Extend Common Policy Model

4c. Instrumented for Developers and DevOps

Private


Is your Data Center doing what you intend?


The Intent-Based Data CenterInformed by Intent. Powered by Context. Delivered across your Multicloud.

C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialC97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The Intent Cycle

Adapt

Learn

Protect

APP


Benchmark each <app-cloud>

Every packet | Every flowEvery app

Machine learningto optimize

Constantly

Learning


Multicloud App mobilityRun-time provisioning On-demand capacity

Constantly

Adapting


Zero-trust modelMicro-segmentation

based isolationSecuring data in transit

Constantly

Protecting


Putting It All Together

Modernize Data Center

On-prem/Co-lo

Policy Driven, Openand Automated

Multi-Cloud

Public SaaSManaged Service

Per

vasi

ve A

nal

ytic

s

Common Application Blueprints

Extend Common Policy Model

Instrumented for Developers and DevOps

Private

Orchestration

Software Define Networking

Policy

Intent-Based Data Center

Application Performance Monitoring

Switching Compute Storage / Hypercoverged

Policy

Per

vasi

ve S

ecu

rity

Net

wo

rk A

nal

ytic

s (T

etr

atio

n)

Net

wo

rk S

ecu

rity

(Te

trat

ion

and

Lay

ere

d e

ffec

t)


Data Center Reference Architecture

Infra. Manager

Infra. ops

Developer

Cloud Admin

LOB/IT Apps

Security Admin

Tetr

atio

nan

alyt

ics

Cis

co s

ecu

rity

po

rtfo

lio

Ap

pD

ynam

ics

Cis

co w

ork

load

o

pti

miz

atio

n m

anag

erD

ata

Cen

ter

Net

wo

rk

Mo

nit

ori

ng

(DC

NM

)

Application and business performance monitoring

Workload optimization and placement

Infrastructure health and performance monitoring

CiscoCloudCenter

Switching ComputeStorage / Hyperconverged

Software Defined Cisco Intersight

Cisco Prime ServiceCatalog (PSC/CPO)

3rd Party ITSM


Pillars of Cisco’s Data Center Strategy

Hardware innovationApplication awareMulticloud First Capture Intent


Data Center Use Cases

Multicloud Mobility Security Modernize Infra.

• Threat Intel

• Multi-layer

• Compliance

• Performance

• Security

• Scale

Analytics

• Infra.

• Apps.

• Ops.

Automation

• Ops

• Provision

• Maint.

• Benchmark

• Policy

• Blueprints


“We need to reduce complexity and match the agility of a public cloud”

VP virtualization, IT

Automation


Data Center Automation Strategy

Install Provision (Auto) Scale Maintain

Automating the complete application

Lifecycle


Private Cloud - Automating Infrastructure

Unified management w/ACI

Embedded automation

Storage

SAN

Compute

LAN

Distribution

Core

Mission critical

Business critical

Userapplications

Enterprise Data Center

Open, programmable interfaces


Private Cloud - Automating Operations

Private Cloud

Troubleshooting and remediation

Policy-based networkingSpine

Leaf

Compute

Storage

Edge

Objectstorage

Userapplications

Webapplications

Cloudnative


Automating Scale Within and Across Clouds

Private and Public Multi-Cloud

Cisco CloudCenter

Intersight

Self-service user portals

Self-managing applications

Workload modeling and deployment


Cisco and Docker Solutions

Contivnetwork plugin

Docker Datacenter On FlexPod CVD

Docker Datacenter On Cisco UCS

Modernize traditionalapplications: turnkey offer

Stronger togetherOpen source COMMUNITY

and technology partners to build solutions

+


Analytics

“Need to deploy apps faster with performance targets.“

Application Manager


Cisco Analytics Strategy

Infrastructure App Users App Dependency

Full stack visibility.

Machine learning to benchmark.


Infrastructure Insights

Enterprise Data Center

Mission Critical

Business Critical

UserApplications

Cisco Intersight


Application Dependency Mapping

Private Cloud

Spine

Leaf

Compute

Storage

Edge

Objectstorage

Userapplications

Webapplications

Cloudnative

Cisco Tetration


Application Performance Insights

Private and Public Multi-Cloud Application Performance Monitoring


Multicloud Challenges

They find themselves in a world where every line of business has the opportunity, if

they choose, to go buy their own SaaS platform.

And the CIO and the chief security officer are being asked, ‘So how are we doing at deploying policy and maintaining compliance across all of this?’ And they

don’t know.

Complex No data controlFragmented

-Chuck Robbins


Cisco Multicloud Strategy

Networking

Security

Analytics

Management

Multi-Cloud intelligence

…we’re going to help our customers bring structure to allof this…

-Chuck Robbins


Cisco Multicloud strategy

Evolveinfrastructure to support cloud

Addcloud services for

specific uses

Managea Multi-Cloud environment


Cisco Multicloud Suites

AWS GCP Azure

ON-PREMCLOUD STACK

CISCOINFRA

Hybrid clouds

Hybrid clouds

Multi-Cloud Suite• A set of targeted Cisco software

and service offers that deliver

Multi-Cloud intelligence to our

customers.

• Migrate to cloud

• Connect clouds

• Secure clouds

• Consume cloud apps


Security

“Ensure data protectionfrom threat penetration in our data centers and cloud."

-Info Security Manager


SecurityChallenges

• Not enough threat visibility in the network, workloads, applications

• Inconsistent policies across workloads

• Too many point security vendors

• Hackers are more sophisticated

• Attack surface is too broad


Cisco Data Center Security Strategy

Visibility“See Everything”

Threat Protection“Stop the Breach”

Segmentation“Reduce the Attack Surface”


Visibility: See everythingacross the enterprise

01 0302

• Complete enterprise-wide network visibility across users, hosts/devices, networks, infrastructure (switches, routers, firewalls, servers)

• Host-to-Host communication across north-south, east-west flows

• Real-time situational awareness of network traffic

• Holistic network audit trails

Cisco Stealthwatch

Enterprise Network

Branch

Campus

Data Center

Cloud


Visibility: See all applications & workloads

01 0302

Cisco Tetration

• Full visibility of the application workloads and processes

• Application dependencies

• Real-time and historical analysis

• Zero-trust policies (whitelist/blacklist)


Segmentation: Reduce the Attack Surface

01 0302

Cisco NGFW

East-WestProcess to

Process

North-South Perimeter

Cisco ACI

Cisco Tetration


East-WestProcess to

Process

North-South Perimeter

North-SouthPerimeter

Segmentation: Reduce the Attack Surface

01 0302

Segmentation across multiple clouds

Cisco NGFW

Cisco ACI

Cisco Tetration


ACITetration

Next-gen Firewall

Threat Protection: Stop the Breach

By strategically deploying threat sensors north-south, east-west

01 0302

Multi-Layered Threat SensorsQuickly detect, block, and respond dynamically when threats arise to

prevent breaches from impacting the business

Next-Gen Firewall with AMP

Next-Gen IPS with AMP

Stealthwatch

Next-Gen Firewall with Radware DDoS


Protect the WorkloadEverywhere

030201


Key Advantages

Complete Insight & Contextual Awareness

DeploymentFlexibility

Automation Holistic Threat Defense


“We need to keep networking, compute and storage solutions up-to-date to meet new requirements for performance and scale”

-Dir Infrastructure, IT

Modernize Infrastructure


Better TCO

Lower risk

Operational simplicity

Benefits of Cisco Intent-Based Data Center

40% 53% 46%


Constantly protecting

Constantly adapting

Constantly learning


INTENTbased

data center

Pervasive SecuritySeamless Multicloud

mobilityMaximize App performance

Documents

CLOUD COMPUTING A NEW FRONTIER IN CLOUD SECURITY · 3. Build private Cloud and PaaS 2. Open and automated 4. Use public Cloud Converged HyperConverged Managed IaaS SaaS tics rity