Welcome!

SDN Journal Authors: John Walsh, Elizabeth White, Liz McMillan, Sven Olav Lund, Simon Hill

Related Topics: @CloudExpo, Microservices Expo, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Blog Post

The Extended Enterprise Perimeter By @E_deSouza | @CloudExpo [#Cloud]

The explosive growth of cloud traffic has fundamentally changed the means by which today’s contemporary businesses operate

Redefining the Extended Enterprise Cloud Perimeter with Network-Centric Security

Cloud has become an extension of today's enterprise and the traditional perimeter has long disappeared. Increasing business requirements for agility and flexibility make the cloud-extended enterprise ideal for a workforce that works anywhere, anytime and any place. This is especially true as organizations are increasingly made up of third-party resources, partners and suppliers compared to just employees.

However, traditional security models are not equipped to deal with the fluid nature of data and network flows that extend from the enterprise into a mix of multiple clouds. This not only creates concerns about network resiliency and availability, it puts key business transactions, assets and access to critical work streams at business risk. As organizations continue to embrace cloud models, IT and InfoSec teams need to find a way to reinvent security so that they have seamless visibility across their enterprise and into the different cloud models their businesses are using. This is where adopting a data and network-centric approach is pivotal.

Don't miss Cisco webcast titled 'Is Your Data Center Ready for the Application Economy?', focuses on the latest data center networking technologies, including SDN or ACI, and how customers are using SDN and ACI in their organizations to achieve business agility. The Cisco webcast takes place January 13, 2015, at 9:00 a.m. PST. Register ▸ Here

The explosive growth of cloud traffic has fundamentally changed the means by which today's contemporary businesses operate. In 2013, cloud accounted for 54% of total data center traffic, and, by 2018, cloud will account for 76% of total data center traffic[1]. It has left many IT and Information Security teams struggling to address the risk vectors presented by the cloud as in most cases cloud has been driven by business user demands. Therefore, IT and InfoSec typically have only started to address the cloud-extended enterprise as cloud consumption has reached critical mass.

IT and InfoSec must adapt and consider an alternative means to maintain the confidentiality, integrity and availability of their business services, data and users. Doing so becomes so much more important in a climate where data breaches are targeting both business and personal information and hacktivisim is on the rise[2]. It's clear that traditional perimeter-based security has failed to keep up with the demands of modern enterprises and the techniques and technologies used by attackers have far outpaced traditional security.

Cloud is effectively distributed computing without hierarchical, organizational or geographic constraint. For the ‘extended cloud enterprise' to operate effectively, network policies must extend from the enterprise into the cloud, and contextual access control becomes pivotal as does a data-centric approach in which security policies are tightly aligned to the type of data that is being exchanged.

While there isn't any one formula that will work for all organizations, the following are some key considerations for organizations in the throes of having to re-invent their security to address the needs of the cloud-extended enterprise.

Start first with a data classification model as it will enable security policies to be based on key attributes of the data - whether it is subject to regulation or contains PII, whether it is subject to a industry standards such as PCI or contains intellectual IP or whether it has a near publicly accessible profile. An example of a baseline data classification scheme for the cloud-extended enterprise can be found at Cloud Data Protection Cert[3]. A major component of implementing a data protection scheme is educating business users on why protecting data matters and getting them to map their assets, preferably by digitally tagging, to your organization's scheme.

Many organizations today have not used network diagrams to map data flows, and as a result they lack visibility to where their key information is traversing. Use firewalls that provide multi-tenant edge security that integrates with firewall policies in an Infrastructure as a Service (IaaS) cloud environment. This enables your organization to extend the same network policies into a public cloud environment and have an additional level of control and visibility across the cloud-extended enterprise.

In a SaaS environment, using a cloud web gateway can instill a higher degree of confidence by enforcing consistent threat management across web streams, and more easily identifying and addressing key activities for data loss prevention on data leaving your organization per the classification scheme outlined above.

Data protection measures such as encryption and tokenization are critical protection measures and they should be implemented before migrating data to public cloud environments. Protection measures should be linked to the data attributes of your organization's data classification scheme and when applying encryption, apply in transit and at rest.

Managing user identities becomes more complex in the cloud-extended enterprise, which now needs to factor in the provider's computing resources and personnel. Think of ‘who' (in terms of user context) and ‘what' (in terms of digital assets) with ‘whom' (the CSP) as fundamentals in your cloud extended enterprise security framework. Leverage a centralized identity management framework together with contextual access and compensating controls. Correlate identities with continuous logging and network monitoring for data infiltration, exfiltration and anomalies and other intrusion or extrusion attempts across the enterprise.

Register for Cisco Webcast ▸ Here

Finally, as your organization further extends into the cloud in 2015, consider implementing a cloud security metrics analysis platform for more accurate security decisioning and metrics that can be shared with your executive board on the cloud-extended enterprise. As security teams embrace the cloud-extended enterprise, they have the opportunity to design security that provides greater levels of visibility and trust while accelerating an agile business and the needs of today's business users.

Resources:

  1. Cisco Global Cloud Index: Forecast and Methodology, 2013-201
  2. Worst Security Breaches of the Year 2014
  3. http://clouddataprotection.org/cert/

More Stories By Evelyn de Souza

Recognized as one of the top ten women in cloud (CloudNOW), Evelyn De Souza, chair of the Cloud Security Alliance Data Governance Working Group and a leader at Cisco, is a pioneer in the cloud security space and deals with these issues on a daily basis. According to Evelyn, the network becomes pivotal in redefining cloud security and providing new levels of trust, visibility and resilience.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, provided a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to oper...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Vulnerability management is vital for large companies that need to secure containers across thousands of hosts, but many struggle to understand how exposed they are when they discover a new high security vulnerability. In his session at 21st Cloud Expo, John Morello, CTO of Twistlock, addressed this pressing concern by introducing the concept of the “Vulnerability Risk Tree API,” which brings all the data together in a simple REST endpoint, allowing companies to easily grasp the severity of the ...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
"NetApp is known as a data management leader but we do a lot more than just data management on-prem with the data centers of our customers. We're also big in the hybrid cloud," explained Wes Talbert, Principal Architect at NetApp, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.