Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre...
Transcript of Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre...
23 April 2019
Data
Data has become a key
strategic asset. And a
potential vulnerability.
Data is no longer hard to acquire, maintain and
analyse. The strategic challenge is in turning it into
valuable information and insights – that drive better decision making and generate long-term business value. Another imperative is to manage the risks around security threats and data privacy.
Changing the role of IT
The new three M’s
Data as the
new
Material
Systems of
Intelligence
New Machines
Resulting in new
business
Models
Dimension Data can help you to
``
Connect Automate
`
Secure
Connect
`
Companies have
Digital Transformation
initiatives underway or
in planning
Believe that WAN is
extremely important or
important to the
success of DX
initiatives
Believe that digital
transformation will
require a
re-architecture of the
WAN
Companies who see
their existing WAN as a
barrier to success
Companies that use or plan to
use SD-WAN in the next two
years
Companies that will work with a
network/managed service provider
to implement SD-WAN
WAN transformation initiatives
underway or under evaluation
57%
87% 60%
57% 32%
94% 83%
66% 27%
Digital Transformation and the WANWhat IDC's SD - WAN and Advanced Data Networking Demand Study tells us
Networking for Hybrid CloudIrrespective of Hybrid IT consumption model
On-
Premise
Private
CloudIaaS PaaS SaaS
Data Centre
Virtualisation
Compute
Network
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Data
Data
Ownership with Client
Ownership with Provider
Data Networking focus
Network is constant across all
delivery methods, it is the
platform on which the
solutions are delivered. We
must ensure that it is able to
accommodate all solutions.
The Multi-cloud Reference Architecture Services Catalogue
Improve End User Experience
Improved application response times will
remove a major source of end user
dissatisfaction
Optimize Cost and Performance
Applying proven expertise to the design,
implementation, and management
Improve Application
Response TimesTransforming the network from a largely
MPLS architecture to a true hybrid WAN
Apply consistent policies
across your on-premise, cloud
and hybrid WAN environments
Reduce Risk and Implementation Times
Securing branch offices via the use of cloud
based services, on-prem solutions, or a
combination of both
Summary: Connect OutcomesWAN transformation to respond to agile business demands
Automate
`
2015
1 million Customers
2016
1.6 million Customers
2017
2.9 million Customers
2020
5.9 million Customers
-
1,000
2,000
3,000
4,000
5,000
6,000
7,000
2015 2016 2017 2018 2019 2020
Time to Market
2015
Demand
Demand
2016 – 1.6 million Customers2017 – 2.9 million Customers
Mode 1
Mode 2
Obstacles
Gap
Asian Bank Use Case: Challenges
Recommend Outcome
Current State
Discovery
Construct
Digital CultureSustainable
Strategy
Fix-1-Fix-ManySoftware-Defined
Everything
Zero Trust
Architecture
Digital Platform
(Tools)Operating Mode
(Process)Digital Culture
(People)
Agile Approach
1 2 3
A new digital operating environment
Infrastructure and applications
Service management functions
Communication and collaboration
Service desk Customer experience management Infrastructure management
Requirement mgmt Design Coding Testing Deploy
Service improvement functions
Reporting and dashboard Continuous improvement
Continuous monitoring
Continuous deployment
Continuous testing
Continuous build and integration
Develop and code
Plan
KPIs
Event
Incident
Problem
Request fulfilment
Access
Availability
Capacity
IT service continuity
Service level
Security
Transition support and planning
Change
Service asset and configuration
Release and deployment
Validation and testing
IT governance, compliance and security
Mode 1 services Mode 2 services
Understand and identify existing operating process
IT Admin
App
Developer
Request Re-request
Re-provision
Provision
Change Management
Update
Requirement
Change
Conflict
Mean time to Deploy: 3 weeks
Leading with DevOps cultureA higher efficiency new operating modelGuiding Principle – Fix 1, Fix Many, Digital Culture
IT Admin
App
Developer
Deploy
Consumer
Services
Auto-
Provision
Infrastructure-as-Code
Publish
Services
Requirement
Change +
Conflict
Rebuild
Build
Scrum Team(s)
Mean time to Deploy: under 1 hour
Eliminate repetitive tasks via
self-service capabilities, freeing
operations to innovate
Increase operational efficiencyacross hybrid IT environment by enabling
software-defined infrastructure
Reduce change failure rate by
removing manual tasks introduced by
human errors in day to day operations
Enable frequent code
deployment resulting in better
quality software
Automation enforces governance,
reduces risk and increase
compliance through execution of pre-
approved of workflows
Summary: Automation OutcomesOrchestrate and automate platforms to respond to agile business demands
Secure
`
Cybersecurity application risks in multi-cloud
AppCross-site request forgery
Client
Cross-site scripting
Man-in-the-browser
Session hijacking
Malware
DNS
DNS cache poisoning
Man-in-the-middle
DNS spoofing
DNS hijacking
Dictionary attacks
DDoS
DDoS
Eavesdropping
Protocol abuse
Man-in-the-middle
App Services
Access
TLS
DDoS
Key disclosure
Protocol abuse
Session hijacking
Certificate spoofing
API attacks
Injection
Malware
DDoS
Cross-site scripting
Cross-site request forgery
Man-in-the-middle
Abuse of functionality
Credential theft
Credential stuffing
Session hijacking
Brute force
Phishing
source: F5 Networks Global Corporate Strategy FY18
Create and understand a shared responsibility matrix
On-PremisePrivate
CloudIaaS PaaS SaaS
Data Centre
Virtualisation
Compute
Network
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Data Centre
Virtualisation
Compute
Network
(Connectivity)
Storage
Operating
System
Applications
Data
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Virtual Network
Functions
Data
Data
Ownership with Client
Ownership with Provider
Data Networking focus
Secu
rity
po
stu
re
Security evolution – Perimeter, Cloud, End Point
Visibility in a multi-cloud environment
3
Multi-cloud Security options
2
Understanding your security posture
1
Virtual SecurityCloud
(Applications) NGFW Micro Segmentation Public and Private Clouds
Protect your applications
when moving to the cloud
Protect your devices while utilising the
cloud
SecuringIaaS
SaaS Email, Web CASB, DNS.
Control PointsCloud Applications
Securing
End Point
(Users)
EDR CASB DNS Web Proxy Phones Laptops IoT
Software / Services SecuringDevices are the new
perimeter
Perimeter
(Infrastructure)
NGFW GatewaysLog
SourcesSIEM Datacentre WAN Branch OT
Appliances SecuringManage your on-premise
security infrastructure
Ap
pli
cati
on
s
Da
ta
``
`
Risk Control Visibility
Structure & Standardisation Process Mapping Roadmap Gaps
Align Platform OutcomesMeasure maturity Continually Measure
Security Posture
Measuring your cybersecurity risk Understanding your security
posture
1Understanding your risk tolerance
Security Architecture Reference Model
Access management
Data protection and visibility
Cloud (Applications)
Identity management
WAFData
Encryption
DB Activity
MonitoringHost DLP
Document
ExchangeIDM SSO
NACAAA MFA PAM
CASB
Operations
Asset / Config
Management
Incident
Management
Vulnerability /
Patch Management
Change
Management
Access
Management
Event Monitoring
and Management
Security
Analytics
Threat intelligence
Perimeter (Infrastructure)
SIEM
Gateway
DDOS
ProtectionFirewall IPS
VPNNetwork
AntivirusWireless
Web
GatewayNetwork DLP
DNSCyber
DeceptionWired
Network
Network
Sandboxing
Feeds Platform Analysis
Host security
Endpoint (Users)
Antivirus /
HIPS
Patch
ManagementConfiguration
Management
Vulnerability
ManagementMDMEDR
Multi-cloud control points
Understanding your security
posture
1Understanding your risk tolerance Managing your control points
Connectivity
Instant
Faster access to services
Empowerment
Applications
App App
Security Services
`
Security
Instant
Faster access to services
Empowerment
ApplicationsSecurity Services
`
`
App App
SaaS
IaaS
App App App App
Security Services
`
Applications
Data Centre
` Users`
Azureand other IaaS providers
and other SaaS providers
In multi-cloud, you need to bring your own security
SLB Access SSL
DNS FW DDoS
Proxy WAF Encryption
DNS FW DDoS
SLB Access SSL
Proxy WAF
Hygiene Access Analytics
CASB DLP MFA
Encryption WAF
Multi-cloud
Security options
2
SOC Operations
Instant
Faster access to services
Empowerment
Applications
App App
Managed Security Services
`
Instant
Faster access to services
Empowerment
Applications
Managed Security Services
`
`
App App
SaaS
IaaS
App App App App
Managed Security Services
`
Applications
Data Centre
`Threat
Intelligence`
Azureand other IaaS providers
and other SaaS providers
Visibility in your multi-cloud environment
Log Management & Analysis
Managed FW Managed WAF & DDOS
Endpoint Detection & Response
IPSManaged SIEM Managed VPN
DLPDatabase Activity Monitoring
Managed DNS RTM
Log Management SSL
Database Activity Monitoring DLP
Managed FW Managed WAF & DDOS
Managed DNS App Hygiene Services
Access Analytics
Encryption WAF
CASB MFA
Visibility in a
multi-cloud
environment
3
Apply consistent policiesacross your on-premise, cloud
and hybrid environments
Visibility and controlacross your multi cloud environment,
leveraging threat intelligence for
prediction, protection, detection,
and response to threats
Simplify and enhance your
overall security posture by abstracting,
automating, and orchestrating
security controls
Build, adopt, automate, and
scale cybersecurity capabilities for
an adaptive & agile cybersecurity
posture
Meet governance, risk and
compliance requirements by identifying
and addressing gaps
Multi-cloud cybersecurity needsOrchestrate and automate security controls to dynamically respond to cyber threats
Tools Process
People
`
Connect
Bandwidth
Latency
Visibility
Management
Cloud Peering
Summary
`
Secure
Visibility & Control
Cybersecurity Posture
Process & Policies
Automation & Orchestration
Risk & Compliance
Automate
`
Efficiency
Reduce Failure
Eliminate repetition
Compliance
Frequent Releases
23 April 2019