Avatar

‘Data center anywhere’ requires security everywhere

It’s 9am. Do you know where your data is? If you’re like most businesses today, it’s everywhere. Your data center is no longer a physical place – it’s wherever your data is – on-premises, in SaaS-based applications, and in public clouds. In fact, Gartner predicts that by 2022, 50 percent of enterprise-generated data will be created and processed outside a traditional, centralized data center or cloud.

Companies like Cisco are working hard to make your data center more flexible and efficient – enabling you to extend workloads beyond the perimeter for new applications that require computing to be performed closer to the user experience. This week at Cisco Live Barcelona, we are unveiling several unique innovations in our data center architecture that allow digital enterprises to follow their applications and data anywhere. But what happens to security in this dynamic, multi-cloud environment?

Challenges of securing data everywhere

Cisco recognizes that there are three critical pillars for achieving a “data center anywhere” environment: 1) integrated architecture to seamlessly run and manage multiple platforms,
2) automation to streamline operations and reduce complexity, and 3) SECURITY.

Let’s focus on the security piece. The challenge with securing data that can be found anywhere is that you need to have security EVERYWHERE, not just at the perimeter. Attackers know that your data is now highly distributed, and that you may be having a harder time keeping track of it. They know that this provides them with another layer of obfuscation and opportunity for carrying out theft.

Today’s security must therefore be pervasive – built in and integrated across the network, cloud, applications, and endpoints. This makes it harder for attackers to slip through the cracks and take advantage of the distributed nature of computing.

Cisco data center security

Enabling a decentralized data center environment requires a security strategy that spans three important areas: visibility, segmentation, and threat protection. These capabilities define
the Cisco Secure Data Center offering.

Three pillars of Secure Data Center

Visibility – If you can’t see it, you can’t secure it. That’s why Cisco offers in-depth network and threat visibility in any data center and across any cloud. Our visibility and security analytics platform,
Cisco Stealthwatch, lets customers see exactly who is in their environment and what is happening on the network, dramatically aiding in threat detection and response. Likewise, Cisco Tetration provides full visibility into application components including workloads, processes, and application behavior in the data center.

Segmentation – Segmenting your network reduces your attack surface. It can prevent attackers from moving laterally across the network, and block legitimate users from accessing restricted resources. The Cisco approach provides multi-layered segmentation that helps consolidate policies and automate enforcement across the perimeter, data center fabric, host level, and in the application process. This is made possible through Cisco Next-Generation Firewalls, Cisco Application Centric Infrastructure (ACI), and Cisco Tetration.

Threat Protection – By now we all know that threat protection is a process, not a single product.
Cisco’s data center protection consists of various levels of threat sensors to prevent attackers from stealing data or disrupting operations. Cisco Next-Generation Firewalls allow you to block more threats and quickly mitigate those that do breach your defenses. For further protection, threat intelligence and context are shared across Cisco Tetration, Cisco Stealthwatch, and the Cisco Identity Services Engine (ISE) to accelerate detection and automatically quarantine infected hosts.

Cisco’s data center security is also strengthened by the recent addition of Duo Security to our portfolio. With Duo Security, organizations can implement customized access control and multi-factor authentication for each individual application. These granular access control policies are especially beneficial for organizations moving their data to the public cloud.

So I ask again, it’s 9am, do you know where your data is?

The truth is that in today’s dynamic environment, you may not always know exactly where everything is at all times. But with the right mix of tools and intelligence, you don’t have to know. Instead, you can rest assured that wherever your data may go, it will remain protected.

By using a common set of integrated technologies and security policies across platforms, organizations can significantly enhance their data defenses.