Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
CLOUD COMPUTING
A NEW FRONTIER IN CLOUD SECURITY
Jon Ebmeier, Technical Solutions Architect
Cisco Systems, US Commercial
Data Center Strategy
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App is the new business
Multicloud is the new Data Center
Developer is the new Customer
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
80%Employees use software not
cleared by IT.
Study by Stratecast and Frost & Sullivan
83%IT Staff admit to using
unsanctioned software and services.
8%Enterprises understand
impact of Shadow IT.
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Will usemultiple clouds
84% 73%Have a hybrid cloud strategy81%
Evaluating or using
public cloud
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Public
MicroServices
Developers
DevOpsPrivate
Virtualized
ITData Center
Bare - Metal
The Perfect Storm
Application evolution
Management and operations
Workload locations
“50% Fortune 500 companies are expected to no longer exist within 10 years”
- John Chambers
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Challenges for IT
New apps
Average enterprise hasat least 13 cloud-native business
apps
Complexity
New users
20M developers today growing to 25M by
2020
Compliance
New attack surfaces
6 months to detect breach3
Compromise
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1. Modernize infrastructure
3. Build private Cloudand PaaS
2. Open and automated
4. Use public Cloud
Converged HyperConverged
IaaS SaaSManaged
6. P
erva
sive
sec
uri
ty
5. P
erva
sive
an
alyt
ics
Network Compute Storage
Capturing Customer Intent
4a. Common Application Blueprints
4b. Extend Common Policy Model
4c. Instrumented for Developers and DevOps
Private
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Is your Data Center doing what you intend?
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Intent-Based Data CenterInformed by Intent. Powered by Context. Delivered across your Multicloud.
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialC97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Intent Cycle
Adapt
Learn
Protect
APP
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Benchmark each <app-cloud>
Every packet | Every flowEvery app
Machine learningto optimize
Constantly
Learning
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multicloud App mobilityRun-time provisioning On-demand capacity
Constantly
Adapting
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Zero-trust modelMicro-segmentation
based isolationSecuring data in transit
Constantly
Protecting
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Putting It All Together
Modernize Data Center
On-prem/Co-lo
Policy Driven, Openand Automated
Multi-Cloud
Public SaaSManaged Service
Per
vasi
ve A
nal
ytic
s
Common Application Blueprints
Extend Common Policy Model
Instrumented for Developers and DevOps
Private
Orchestration
Software Define Networking
Policy
Intent-Based Data Center
Application Performance Monitoring
Switching Compute Storage / Hypercoverged
Policy
Per
vasi
ve S
ecu
rity
Net
wo
rk A
nal
ytic
s (T
etr
atio
n)
Net
wo
rk S
ecu
rity
(Te
trat
ion
and
Lay
ere
d e
ffec
t)
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Center Reference Architecture
Infra. Manager
Infra. ops
Developer
Cloud Admin
LOB/IT Apps
Security Admin
Tetr
atio
nan
alyt
ics
Cis
co s
ecu
rity
po
rtfo
lio
Ap
pD
ynam
ics
Cis
co w
ork
load
o
pti
miz
atio
n m
anag
erD
ata
Cen
ter
Net
wo
rk
Mo
nit
ori
ng
(DC
NM
)
Application and business performance monitoring
Workload optimization and placement
Infrastructure health and performance monitoring
CiscoCloudCenter
Switching ComputeStorage / Hyperconverged
Software Defined Cisco Intersight
Cisco Prime ServiceCatalog (PSC/CPO)
3rd Party ITSM
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pillars of Cisco’s Data Center Strategy
Hardware innovationApplication awareMulticloud First Capture Intent
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Center Use Cases
Multicloud Mobility Security Modernize Infra.
• Threat Intel
• Multi-layer
• Compliance
• Performance
• Security
• Scale
Analytics
• Infra.
• Apps.
• Ops.
Automation
• Ops
• Provision
• Maint.
• Benchmark
• Policy
• Blueprints
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“We need to reduce complexity and match the agility of a public cloud”
VP virtualization, IT
Automation
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Center Automation Strategy
Install Provision (Auto) Scale Maintain
Automating the complete application
Lifecycle
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Private Cloud - Automating Infrastructure
Unified management w/ACI
Embedded automation
Storage
SAN
Compute
LAN
Distribution
Core
Mission critical
Business critical
Userapplications
Enterprise Data Center
Open, programmable interfaces
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Private Cloud - Automating Operations
Private Cloud
Troubleshooting and remediation
Policy-based networkingSpine
Leaf
Compute
Storage
Edge
Objectstorage
Userapplications
Webapplications
Cloudnative
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automating Scale Within and Across Clouds
Private and Public Multi-Cloud
Cisco CloudCenter
Intersight
Self-service user portals
Self-managing applications
Workload modeling and deployment
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco and Docker Solutions
Contivnetwork plugin
Docker Datacenter On FlexPod CVD
Docker Datacenter On Cisco UCS
Modernize traditionalapplications: turnkey offer
Stronger togetherOpen source COMMUNITY
and technology partners to build solutions
+
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Analytics
“Need to deploy apps faster with performance targets.“
Application Manager
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Analytics Strategy
Infrastructure App Users App Dependency
Full stack visibility.
Machine learning to benchmark.
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Infrastructure Insights
Enterprise Data Center
Mission Critical
Business Critical
UserApplications
Cisco Intersight
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Dependency Mapping
Private Cloud
Spine
Leaf
Compute
Storage
Edge
Objectstorage
Userapplications
Webapplications
Cloudnative
Cisco Tetration
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Performance Insights
Private and Public Multi-Cloud Application Performance Monitoring
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multicloud Challenges
They find themselves in a world where every line of business has the opportunity, if
they choose, to go buy their own SaaS platform.
And the CIO and the chief security officer are being asked, ‘So how are we doing at deploying policy and maintaining compliance across all of this?’ And they
don’t know.
Complex No data controlFragmented
-Chuck Robbins
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Multicloud Strategy
Networking
Security
Analytics
Management
Multi-Cloud intelligence
…we’re going to help our customers bring structure to allof this…
-Chuck Robbins
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Multicloud strategy
Evolveinfrastructure to support cloud
Addcloud services for
specific uses
Managea Multi-Cloud environment
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Multicloud Suites
AWS GCP Azure
ON-PREMCLOUD STACK
CISCOINFRA
Hybrid clouds
Hybrid clouds
Multi-Cloud Suite• A set of targeted Cisco software
and service offers that deliver
Multi-Cloud intelligence to our
customers.
• Migrate to cloud
• Connect clouds
• Secure clouds
• Consume cloud apps
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security
“Ensure data protectionfrom threat penetration in our data centers and cloud."
-Info Security Manager
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SecurityChallenges
• Not enough threat visibility in the network, workloads, applications
• Inconsistent policies across workloads
• Too many point security vendors
• Hackers are more sophisticated
• Attack surface is too broad
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Data Center Security Strategy
Visibility“See Everything”
Threat Protection“Stop the Breach”
Segmentation“Reduce the Attack Surface”
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility: See everythingacross the enterprise
01 0302
• Complete enterprise-wide network visibility across users, hosts/devices, networks, infrastructure (switches, routers, firewalls, servers)
• Host-to-Host communication across north-south, east-west flows
• Real-time situational awareness of network traffic
• Holistic network audit trails
Cisco Stealthwatch
Enterprise Network
Branch
Campus
Data Center
Cloud
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility: See all applications & workloads
01 0302
Cisco Tetration
• Full visibility of the application workloads and processes
• Application dependencies
• Real-time and historical analysis
• Zero-trust policies (whitelist/blacklist)
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Segmentation: Reduce the Attack Surface
01 0302
Cisco NGFW
East-WestProcess to
Process
North-South Perimeter
Cisco ACI
Cisco Tetration
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
East-WestProcess to
Process
North-South Perimeter
North-SouthPerimeter
Segmentation: Reduce the Attack Surface
01 0302
Segmentation across multiple clouds
Cisco NGFW
Cisco ACI
Cisco Tetration
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACITetration
Next-gen Firewall
Threat Protection: Stop the Breach
By strategically deploying threat sensors north-south, east-west
01 0302
Multi-Layered Threat SensorsQuickly detect, block, and respond dynamically when threats arise to
prevent breaches from impacting the business
Next-Gen Firewall with AMP
Next-Gen IPS with AMP
Stealthwatch
Next-Gen Firewall with Radware DDoS
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Protect the WorkloadEverywhere
030201
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Advantages
Complete Insight & Contextual Awareness
DeploymentFlexibility
Automation Holistic Threat Defense
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“We need to keep networking, compute and storage solutions up-to-date to meet new requirements for performance and scale”
-Dir Infrastructure, IT
Modernize Infrastructure
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Better TCO
Lower risk
Operational simplicity
Benefits of Cisco Intent-Based Data Center
40% 53% 46%
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Constantly protecting
Constantly adapting
Constantly learning
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
INTENTbased
data center
Pervasive SecuritySeamless Multicloud
mobilityMaximize App performance