Welcome!

Microservices Expo Authors: Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz

Related Topics: @CloudExpo, Microservices Expo, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Blog Post

The Extended Enterprise Perimeter By @E_deSouza | @CloudExpo [#Cloud]

The explosive growth of cloud traffic has fundamentally changed the means by which today’s contemporary businesses operate

Redefining the Extended Enterprise Cloud Perimeter with Network-Centric Security

Cloud has become an extension of today's enterprise and the traditional perimeter has long disappeared. Increasing business requirements for agility and flexibility make the cloud-extended enterprise ideal for a workforce that works anywhere, anytime and any place. This is especially true as organizations are increasingly made up of third-party resources, partners and suppliers compared to just employees.

However, traditional security models are not equipped to deal with the fluid nature of data and network flows that extend from the enterprise into a mix of multiple clouds. This not only creates concerns about network resiliency and availability, it puts key business transactions, assets and access to critical work streams at business risk. As organizations continue to embrace cloud models, IT and InfoSec teams need to find a way to reinvent security so that they have seamless visibility across their enterprise and into the different cloud models their businesses are using. This is where adopting a data and network-centric approach is pivotal.

Don't miss Cisco webcast titled 'Is Your Data Center Ready for the Application Economy?', focuses on the latest data center networking technologies, including SDN or ACI, and how customers are using SDN and ACI in their organizations to achieve business agility. The Cisco webcast takes place January 13, 2015, at 9:00 a.m. PST. Register ▸ Here

The explosive growth of cloud traffic has fundamentally changed the means by which today's contemporary businesses operate. In 2013, cloud accounted for 54% of total data center traffic, and, by 2018, cloud will account for 76% of total data center traffic[1]. It has left many IT and Information Security teams struggling to address the risk vectors presented by the cloud as in most cases cloud has been driven by business user demands. Therefore, IT and InfoSec typically have only started to address the cloud-extended enterprise as cloud consumption has reached critical mass.

IT and InfoSec must adapt and consider an alternative means to maintain the confidentiality, integrity and availability of their business services, data and users. Doing so becomes so much more important in a climate where data breaches are targeting both business and personal information and hacktivisim is on the rise[2]. It's clear that traditional perimeter-based security has failed to keep up with the demands of modern enterprises and the techniques and technologies used by attackers have far outpaced traditional security.

Cloud is effectively distributed computing without hierarchical, organizational or geographic constraint. For the ‘extended cloud enterprise' to operate effectively, network policies must extend from the enterprise into the cloud, and contextual access control becomes pivotal as does a data-centric approach in which security policies are tightly aligned to the type of data that is being exchanged.

While there isn't any one formula that will work for all organizations, the following are some key considerations for organizations in the throes of having to re-invent their security to address the needs of the cloud-extended enterprise.

Start first with a data classification model as it will enable security policies to be based on key attributes of the data - whether it is subject to regulation or contains PII, whether it is subject to a industry standards such as PCI or contains intellectual IP or whether it has a near publicly accessible profile. An example of a baseline data classification scheme for the cloud-extended enterprise can be found at Cloud Data Protection Cert[3]. A major component of implementing a data protection scheme is educating business users on why protecting data matters and getting them to map their assets, preferably by digitally tagging, to your organization's scheme.

Many organizations today have not used network diagrams to map data flows, and as a result they lack visibility to where their key information is traversing. Use firewalls that provide multi-tenant edge security that integrates with firewall policies in an Infrastructure as a Service (IaaS) cloud environment. This enables your organization to extend the same network policies into a public cloud environment and have an additional level of control and visibility across the cloud-extended enterprise.

In a SaaS environment, using a cloud web gateway can instill a higher degree of confidence by enforcing consistent threat management across web streams, and more easily identifying and addressing key activities for data loss prevention on data leaving your organization per the classification scheme outlined above.

Data protection measures such as encryption and tokenization are critical protection measures and they should be implemented before migrating data to public cloud environments. Protection measures should be linked to the data attributes of your organization's data classification scheme and when applying encryption, apply in transit and at rest.

Managing user identities becomes more complex in the cloud-extended enterprise, which now needs to factor in the provider's computing resources and personnel. Think of ‘who' (in terms of user context) and ‘what' (in terms of digital assets) with ‘whom' (the CSP) as fundamentals in your cloud extended enterprise security framework. Leverage a centralized identity management framework together with contextual access and compensating controls. Correlate identities with continuous logging and network monitoring for data infiltration, exfiltration and anomalies and other intrusion or extrusion attempts across the enterprise.

Register for Cisco Webcast ▸ Here

Finally, as your organization further extends into the cloud in 2015, consider implementing a cloud security metrics analysis platform for more accurate security decisioning and metrics that can be shared with your executive board on the cloud-extended enterprise. As security teams embrace the cloud-extended enterprise, they have the opportunity to design security that provides greater levels of visibility and trust while accelerating an agile business and the needs of today's business users.

Resources:

  1. Cisco Global Cloud Index: Forecast and Methodology, 2013-201
  2. Worst Security Breaches of the Year 2014
  3. http://clouddataprotection.org/cert/

More Stories By Evelyn de Souza

Recognized as one of the top ten women in cloud (CloudNOW), Evelyn De Souza, chair of the Cloud Security Alliance Data Governance Working Group and a leader at Cisco, is a pioneer in the cloud security space and deals with these issues on a daily basis. According to Evelyn, the network becomes pivotal in redefining cloud security and providing new levels of trust, visibility and resilience.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Microservices Articles
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee A...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...