6 min Security

Cisco moves to better secure hybrid cloud environments and apps

Insight: Security Platforms

Cisco moves to better secure hybrid cloud environments and apps

Cisco frequently uses the slogan “If it’s connected, it’s protected.” As a giant in the networking industry and a player in the security market, it also has the expertise to tie these two domains together. With Cisco Secure Access and Multicloud Defense, the company is taking on many aspects of security related to hybrid work and cloud environments. Ultimately, Cisco wants this to take a huge amount of work away from security teams.

Speaking with us at Cisco Live in Las Vegas, Cisco’s SVP for the Security portfolio Tom Gillis is clear about the role he sees for Cisco in the security market: “Where security and networking come together, Cisco can shine.” Well-known best practices such as zero-trust/least-privilege are great ideas but often difficult to manage consistently by IT administrators. Often, users have too much access which, in the event of a cyber-attack, can make them an attack vector with consequences. In addition, traffic between cloud environments creates unwanted extended access to private clouds that have a workload parked on Azure or AWS, for example. These two situations (user-to-app and app-to-app) need a solution, which Cisco is now coming up with.

Tip: Cisco XDR aims to reduce alert fatigue, increase signal to noise ratio

It is by no means the first initiative Cisco came up with: a few months ago, we already saw that it is taking big steps to expand its own Security Cloud with Cisco XDR. Since companies are mostly unprepared for attacks, any step toward simplifying security implementations is desirable.

Also read: Not all XDR platforms are created equal: quality telemetry is critical

Secure Access: user-to-app traffic defined

Where previously we were largely in the office, hybrid and remote work is now fully established. Unfortunately, organizations are still struggling to maintain security beyond on-prem. Every careful organization operates on a zero-trust basis to authenticate users. They also do this for employees working from home or elsewhere.

However, not every application is suitable for this. Sometimes, as a user, you suddenly have to connect with a completely different login method, for example a VPN. It’s an inconvenient obstacle that accompanies switching tasks. Time is money, and Cisco knows that, too. Gillis makes an anology to illustrate this inconvenience. “When you turn on a tap, nobody asks you whether you want it through a copper pipe or an iron pipe.” But that is what we do when it comes to connecting securely to applications. At the end of the day, you just want access. That’s why Gillis calls Cisco “the plumber”. They do the dirty work with an application like Secure Access so you as an organization don’t have to worry about the details.

Specifically, this means that you can address any application through Secure Access. As an IT administrator, you can adhere to zero-trust principles to keep all of this in check. Finance teams have access to financial data, sales can access sales files, et cetera. Everyone has “least privilege,” meaning only the access they need to get to work.

Secure Access works through hybrid Points of Presence (PoP), that is, through Cisco data centers and public cloud environment providers to provide as much access and speed as possible. This characterizes SSE (Security Service Edge): there is no centralized architecture with the data center as the base, but with multiple, fast options to make access as fast as possible.

The service integrates with Cisco Talos threat intelligence. The information from that source can provide organizations with the most up-to-date protection. Secure Access also uses ThousandEyes intelligence, which means networking is also included in the service package.

The platform provides browser-based access. It does so through an encrypted tunnel. User accounts here see only the applications and services for which they have authentication. Secure Access will have limited availability in July and a full release in October.

Cisco Multicloud Defense: as an interpreter for app-to-app traffic

The importance of security in authenticating user access is obvious. Yet Cisco sees that traffic between applications in the cloud also causes quite a few problems. No matter how enthusiastically an IT team maintains zero-trust, security gaps remain with a multi-cloud approach. Many organizations leverage the unique capabilities of Azure, AWS or Google Cloud to keep up a private cloud at the same time. That means a lot of app-to-app traffic, which is difficult to defuse.

Gillis argues that this private and public cloud environments speak two languages. Where the private cloud is built around an IP address from which it derives identity, services are central to a hyperscaler. They may have high security within their own domains, but have exceptional access when it communicates with other applications. This applies both to apps going from Azure to Google Cloud, or from AWS to a private cloud, et cetera. In short, a security layer between these domains must also adhere to zero-trust principles. Otherwise, apps talk to each other without being able to guarantee security.

That’s what Multicloud Defense needs to realize. Cisco built this on technology from Valtix, which it acquired in February. It offers Multicloud Defense as a SaaS. It works on any cloud, Cisco claims, because the company has taken the trouble to speak “the language” of cloud services. Again, this takes the effort away from end users and IT teams. Through a dashboard, privileges can be determined and these are executed by Cisco. It is the next example of the company incorporating security as an open platform.

Tip: Cisco builds integrated and open security platform; what does that mean?

Panoptica: major updates

Cisco also shared developments around Panoptica, the cloud-native platform that provides developers with security in the cloud. It handles all kinds of environments in one interface: containers, APIs, service mesh, Kubernetes and more. Panoptica now supports Cloud Security Posture Management, making the security of cloud environments a whole lot more transparent for developers. In addition, Cisco will integrate Panoptica into its existing full-stack observability (FSO) tools. There is a lot of innovation in this area to make FSO more powerful and more data insightful, such as CloudFabrix. This group has strong ties to Cisco, so we can expect more developments in the future that both parties can leverage.

Also read: CloudFabrix aims to turn all telemetry into OpenTelemetry