Enterprises, governments, and organizations of all sizes are moving to the cloud in record numbers. The cloud can offer resiliency, but it also introduces new security challenges. Security needs to be baked in from the beginning, across the board.
Cisco has invested over $1 billion in people, infrastructure, equipment, and services to address the cloud market. Most recently, we launched the Cisco Intercloud, a network of clouds from multiple cloud service providers across the world designed to meet customers’ needs for a globally-distributed cloud platform that enables federated workloads that can be moved from one cloud to another.
Cisco Intercloud’s approach delivers flexibility, and challenges existing security models. We are no longer building, we are operating, federating, orchestrating, and instrumenting. Our goal is to have this new capability match or exceed controls built to date – transparently. We’re not there yet, as of this posting, and that’s okay – because getting the strategy right is the key to getting there.
Below is a short video I did on securing the Intercloud. Please join the conversation in the comments section.
Very encouraging plan. Agree with statement “security in cloud must match what was in Data Center.” As a government contractor we are subject to federal regulations. Among those regulations and assessments listed below, which are CISCO Planning to achieve (or achieved) in their cloud service offering?
FISMA Compliance
HITRUST Certification
FedRAMP Certification
PCI-DSS Certification
SOX Compliance
GLBA Compliance
And,
SSAE16 – SOC 2 Type 2 Assessment
Thank you,
Ken Kasprzak, CISSP
First I wanted to clarify what John Stewart is discussing in the original post. We believe that enterprises both commercial and in public sector will leverage resources from many cloud providers. And incremental value will come from connecting clouds (private to public, and public to public) and we are creating a platform to do this and provide security and privacy of users in data as you connect those services. Each cloud offering will have to meet compliancy requirements based on the customers it will support, like FISMA/FedRAMP in a federal instance or PCS, GLBA, and SOX in a financial use case. As for Cisco’s cloud applications go, we will support many of the compliances and certifications that you mention above. We currently support or in the process of supporting Sox, SSAE16, ISO 27001, FISMA, FedRAMP and HIPPA. Over the next 3 months we will document all the compliances and they will be hosted on our Web Site, so stay tuned..