Industry Insights with Chandrodaya Prasad

Reducing the Complexity of Hybrid and Multi-Cloud Security

Cisco Can Simplify Policy Enforcement, Improve Visibility and Enable Efficiency at Scale
Reducing the Complexity of Hybrid and Multi-Cloud Security

The network has become hybrid and multi-cloud, and security now needs to be harmonized across network, workload and application domains. Grafting old approaches and tooling onto new network and application environments won't work.

See Also: BEC Defense: Advanced Tactics to Shield Your Organization

Risk reduction, threat response, CI/CD pipeline velocity, and cloud migrations are all critical business priorities driving the need for converged security visibility, intelligence and policy. But unless you’re part of the “Security 1%” - with an unlimited budget - intelligent coordination is prohibitively expensive.

The complexity of your disparate and dynamic environments is an enemy and you need to defend against it, as you would against any sophisticated adversary.

Imagine having granular inspection, segmentation and control of your dynamic network and application environments. Imagine your NetOps, SecOps, ITOps and DevOps teams performing together like a Formula One race team. It’s a fair expectation because security is a team sport.

To address hybrid and multi-cloud security complexity, you need to simplify policy enforcement, improve visibility and enable efficiency at scale. Cisco is doing this by taking a holistic approach to simplify and harmonize network, workload and application security. And we’re ensuring that the network never “goes dark” by having differentiated capabilities to process rules and detect threats in encrypted traffic.

Hybrid Is Here to Stay

Along with cloud migrations, many organizations are preserving some infrastructure and workloads on-premises for regulatory, operational and economic reasons. Sometimes they find it cost-effective to “repatriate” public cloud workloads to their data center and private cloud, which is why we think hybrid deployment scenarios will remain widespread for the long term.

Hybrid and multi-cloud security must not be undertaken in a piecemeal approach, but rather harmonized across a complex amalgam of distributed services spanning multiple environments, each with its own set of native security controls. Cisco is creating the abstraction layer to tame this complexity.

NetOps That Move at the Speed of DevOps

With the movement to cloud-native microservices and the emergence of DevOps as a distinct practice area, organizations can build and deploy applications faster than ever before. These agile and ephemeral applications often scale up and down across hybrid and multi-cloud environments. Where changes are occurring at such a rapid pace, conventional change control processes often fail. And as a result, in many organizations, the firewall is left far too open.

For NetOps to start running at the speed of DevOps, workload security technology must integrate with network security firewalls. Tight integration enables unified policy across both east-west and north-south traffic, with dynamic and automated recommendations that emerge from application changes.

To Simplify, Translate Intent Into Action

What if you could simply describe your security intent and have that translated into action across your hybrid and multi-cloud environments, with consistent workflows and automated recommendations?

If you intend to have common policy across all the public clouds you operate in, then you need a partner with virtual and containerized firewalls supporting AWS, Azure, GCP, Oracle OCI, Alibaba and more. If you’re looking to adopt a Zero Trust approach, then you need microsegmentation capability for application workloads and microservices.

With microsegmentation, organizations can better limit lateral movement by threat actors. Network firewalls remain crucial, but alone they do not get sufficiently close to modern applications, which is why Cisco has developed a microsegmentation capability tightly coupled with the firewall. The integrated capability delivers policy recommendations and coordinated action across dynamic application environments. It detects changes in application environments on a minute-by-minute basis to make this coordination possible. And it improves visibility, because you can’t protect what you can’t see.

About the Author

Chandrodaya Prasad

Chandrodaya Prasad

Vice President of Network and Application Security Product Management in Cisco’s Security Business Group

Prasad is vice president of network and application security product management in Cisco’s Security Business Group. He oversees product management and technical marketing for Cisco’s industry-leading Application Workload, Web and Network Security portfolio. Previously, he served as vice president of product management driving Viptela’s SD-WAN strategy and adoption and its integration into Cisco post-acquisition.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.