Contenu connexe Similaire à Data Center Security Now and into the Future (20) Plus de Cisco Security (20) Data Center Security Now and into the Future1. Evelyn de Souza
Data Center Security
December 5, 2012
© 2012 Cisco and/or its affiliates. All rights reserved. 1
2. Data Center Business Drivers
Data center Evolution
New Security Approaches
Cisco’s Data Center Security Strategy
Focus on Value-Ad Integrated Approach
© 2012 Cisco and/or its affiliates. All rights reserved. 2
3. BUSINESS CHALLENGES
Business Security and Budget
24x7 Business
Agility Compliance Constraints
Proliferation Energy
Cloud Data Deluge
of Devices Efficiency
© 2012 Cisco and/or its affiliates. All rights reserved.
TECHNOLOGY TRENDS 3
4. NEARLY MORE THAN AVERAGE OF
2000% 50% 3.x
increase in application of workloads in the Mobile devices are used
traffic and network data center will be on enterprise networks
connections per second virtualized by 2013 by employees
by 2015
NEARLY MORE THAN AVERAGE OF
3.x 50% 90%
The number of devices Have at least one of data center electricity pulled
connected to IP networks application or portion of off the grid is wasted in 2012
will be nearly three times their infrastructure in the
as high as the global cloud in 2012
population in 2016.
© 2012 Cisco and/or its affiliates. All rights reserved. 4
5. WHERE
WHERE DO
ARE YOU
Traditional Virtualized DataYOU Virtualized Internal, Private Virtual Private PublicWANT
Data Center Center (VDC) ? Desktops Clouds Clouds (VPC) CloudsTO BE
?
Consolidate Virtualize the Standardize Automate
Assets Environment Operations Service Delivery
Virtualization
Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. 5
6. DRIVING NEW SECURITY REQUIREMENTS
OFTEN CITED CUSTOMER PROBLEMS
PHYSICAL VIRTUAL CLOUD
One app per server Many apps per server Multi-tenant per server
HYPERVISOR
VDC-1 VDC-2
1. Different architectures for physical, virtual and cloud result in
fragmented security policies and visibility
2. Conventional security toolsets don’t scale to meet today’s high
throughput requirements
3. “Bolted on” security approaches require that architectures be retrofitted to
accommodate security rather than enable the business
© 2012 Cisco and/or its affiliates. All rights reserved. 6
7. © 2012 Cisco and/or its affiliates. All rights reserved. 7
8. CONSISTENT Delivers and orchestrates consistent security and policy
enforcement across virtual and physical boundaries to
SECURITY
protect the infrastructure, and control application access
APPLICATION Protects against internal and external attacks in highly
PROTECTION transacted, high-performance application environments
Aligns security policies with business requirements through
BUSINESS network-based identity, device awareness, and application
CONTEXT visibility and control
© 2012 Cisco and/or its affiliates. All rights reserved. 8
9. "Context-aware and adaptive security will be the only
way to securely support the dynamic business and IT
infrastructures emerging during the next 10 years”
Source: Gartner, Neil MacDonald, Vice President, Distinguished Analyst The
Future of Information Security Is Context Aware and Adaptive, September 2012
© 2012 Cisco and/or its affiliates. All rights reserved. 9
10. Consistent Security
Embedding Security into Hybrid Infrastructures – Physical, Virtual, Cloud
Global and Local Threat Intelligence
Common Policy and Management
Enforcement
Information
Handles All Devices
Sources All Data Routes All Requests
Controls All Flows
Shapes All Streams
Sees All Traffic Touches All Users
© 2012 Cisco and/or its affiliates. All rights reserved. 10
11. Consistent Security
Embedding Security into Hybrid Infrastructures – Physical, Virtual, Cloud
Global and Local Threat Intelligence
Common Policy and Management
Enforcement
Network Enforcement Policy
Information
Access Control
Identity Awareness Encryption
Threat Defense
Device Visibility
Behavioral Analysis Policy Enforcement
© 2012 Cisco and/or its affiliates. All rights reserved. 11
12. Application
Protection
Protecting Businesses from Internal and External Threat Vectors
hackers
organized crime
Protection
- IPS 4500 Security Appliance
cyber criminals
disgruntled employee
© 2012 Cisco and/or its affiliates. All rights reserved. 12
13. Business Context
Maintaining Compliance and Providing Insight
into Data Center Operations
Management and Reporting
Cisco Security Manager (SM)
Cisco Virtual Network Management Center (VNMC)
Insights
Cisco NetFlow
Policy Orchestration
Cisco Identity Services Engine (ISE)
Cisco TrustSec Security Group Tagging (SGT)
© 2012 Cisco and/or its affiliates. All rights reserved. 13
14. An Integrated Solutions Based Approach
Lab Tested. and Architect Approved.
Internet Edge
CORE
Physical
Data Center
DISTRIBUTION
Nexus 7018
VDC
Nexus 7018 Security,
SAN
ASA 5585-X ASA 5585-X Cisco Validated
Designs (CVDs)
VPC VPC VPC VPC VPC VPC VPC VPC VSS
VSS
Nexus
5000 Catalyst
Nexus
Series
Nexus
Unified
Computing
6500
SERVICES
Virtual
7000
Series
2100
Series
Nexus
System
Firewall ACE Data Center
VSG
Zone 1000V
Multizone NAM IPS
Virtualized
Multi-Service
Data Center (VMDC)
Proven. Compatibility | Scalability | Reliability
© 2012 Cisco and/or its affiliates. All rights reserved. 14
15. “59% of organizations lack the lab resources or test
environments to validate vendor claims for themselves.”
—SANS Institute
“Organizations clearly lack well-defined
standards, processes, and resources for determining
the resiliency of their critical network devices and
systems.... Need methodical resiliency validation
using a combo of real traffic, heavy load and security
attacks.”
—SANS and TOGAG
Cisco validated designs deliver RESULTS
© 2012 Cisco and/or its affiliates. All rights reserved. 15
16. Business Context
C
o
UNIFIED DATA
Compute Network Storage Management
m
p
u
t
e
N
CENTER
e
t
w
o
r
k
S
t
o
MANAGEMENT
r
a
g
e
Consistent Security Application Protection Business Context SECURITY
Data Center Virtual Multi-Service VALIDATED
Security CVD Data Center DESIGNS
Physical | Virtual | Cloud
© 2012 Cisco and/or its affiliates. All rights reserved. 16
17. • Always-on, security that is
integrated into the network fabric
• End-to-end security solutions for
physical and virtual environments
Physical • Mobility-optimized network
application protection
Cloud
• Centrally orchestrated network
policies from the application to the
network to the user
• Context-aware security to
Virtual differentiate risk from random
• Services to enable pervasive
security across the infrastructure,
within, and between clouds
© 2012 Cisco and/or its affiliates. All rights reserved. 17