Skip Links

The Cisco security directive

By , Network World
June 05, 2012 04:56 PM ET
Chris Young

Page 4 of 5

Let's stick with cloud for a minute, because it does seem to complicate security dramatically. What do you make of the challenges?

It is important to define the space because security in the cloud can mean a lot of things, everything from how we secure workloads that move between public and private clouds, to providing secure user access to SaaS applications, and even how to use cloud as a delivery model for security.

If you start with the first example, which is securing virtualized workloads, virtual data centers, whether those be public, private or hybrid models, this is where the data center security model becomes really important. And you've seen some of the things we've been doing on our Nexus 1000V with our virtual security gateways, bringing some of that segmentation capability to the virtualized data center. Because it's based on the switch, the switching architecture can actually extend itself beyond a specific data center to a private or a hybrid cloud environment.

The second one is, how do I make sure that my users are connecting directly to SaaS applications? And that becomes more about managing user identities, managing single sign-on, managing compliance of those vendors that are using these different services. Also an important point here is that some users are working around IT by going out and using SaaS-based applications without IT's permission, emailing files into their personal email accounts, using file syncing and sharing services.

When you have a PowerPoint document that has company data in it and you move it into one of those services, you've put corporate data in a place where it's no longer controlled by the company. A lot of organizations are very concerned about how to manage data privacy in a world where users are moving information around cloud repositories in ways that are very difficult for the security teams to keep up with. So that vector is becoming more and more a focus area of a lot of security organizations and enterprises because they want to be able to get a handle on that.

The third piece is leveraging the cloud as a security delivery model, a la ScanSafe, our cloud security gateway that lets users securely browse the Web while we do things like URL filtering and block malware transmission. So ScanSafe is a good example of the ability to see across multiple domains. We see over 5 billion daily Web requests on the ScanSafe service alone.

In the case of SaaS, most customers simply rely on the service provider to secure the environment, don't they?

With providers like Salesforce, a lot of the security model is focused on identify federation, so the corporation can provision and revoke user access to these different services. And then on the backend we're seeing more requests for reporting so the enterprise that's ultimately responsible for the users and data in these cloud models can prove compliance, they can go through security audits and understand how well their data is being protected. But a lot of the primary focus is on user provisioning and de-provisioning to these different services.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News