living in a multicloud world - cisco · premise private cloud iaas paas saas data centre...

27
23 April 2019

Upload: others

Post on 21-Jun-2020

11 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

23 April 2019

Page 2: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Data

Data has become a key

strategic asset. And a

potential vulnerability.

Data is no longer hard to acquire, maintain and

analyse. The strategic challenge is in turning it into

valuable information and insights – that drive better decision making and generate long-term business value. Another imperative is to manage the risks around security threats and data privacy.

Page 3: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Changing the role of IT

The new three M’s

Data as the

new

Material

Systems of

Intelligence

New Machines

Resulting in new

business

Models

Page 4: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Dimension Data can help you to

``

Connect Automate

`

Secure

Page 5: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Connect

`

Page 6: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Companies have

Digital Transformation

initiatives underway or

in planning

Believe that WAN is

extremely important or

important to the

success of DX

initiatives

Believe that digital

transformation will

require a

re-architecture of the

WAN

Companies who see

their existing WAN as a

barrier to success

Companies that use or plan to

use SD-WAN in the next two

years

Companies that will work with a

network/managed service provider

to implement SD-WAN

WAN transformation initiatives

underway or under evaluation

57%

87% 60%

57% 32%

94% 83%

66% 27%

Digital Transformation and the WANWhat IDC's SD - WAN and Advanced Data Networking Demand Study tells us

Page 7: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Networking for Hybrid CloudIrrespective of Hybrid IT consumption model

On-

Premise

Private

CloudIaaS PaaS SaaS

Data Centre

Virtualisation

Compute

Network

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Data

Data

Ownership with Client

Ownership with Provider

Data Networking focus

Network is constant across all

delivery methods, it is the

platform on which the

solutions are delivered. We

must ensure that it is able to

accommodate all solutions.

Page 8: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

The Multi-cloud Reference Architecture Services Catalogue

Page 9: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Improve End User Experience

Improved application response times will

remove a major source of end user

dissatisfaction

Optimize Cost and Performance

Applying proven expertise to the design,

implementation, and management

Improve Application

Response TimesTransforming the network from a largely

MPLS architecture to a true hybrid WAN

Apply consistent policies

across your on-premise, cloud

and hybrid WAN environments

Reduce Risk and Implementation Times

Securing branch offices via the use of cloud

based services, on-prem solutions, or a

combination of both

Summary: Connect OutcomesWAN transformation to respond to agile business demands

Page 10: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Automate

`

Page 11: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

2015

1 million Customers

2016

1.6 million Customers

2017

2.9 million Customers

2020

5.9 million Customers

-

1,000

2,000

3,000

4,000

5,000

6,000

7,000

2015 2016 2017 2018 2019 2020

Time to Market

2015

Demand

Demand

2016 – 1.6 million Customers2017 – 2.9 million Customers

Mode 1

Mode 2

Obstacles

Gap

Asian Bank Use Case: Challenges

Page 12: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Recommend Outcome

Current State

Discovery

Construct

Digital CultureSustainable

Strategy

Fix-1-Fix-ManySoftware-Defined

Everything

Zero Trust

Architecture

Digital Platform

(Tools)Operating Mode

(Process)Digital Culture

(People)

Agile Approach

1 2 3

Page 13: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

A new digital operating environment

Infrastructure and applications

Service management functions

Communication and collaboration

Service desk Customer experience management Infrastructure management

Requirement mgmt Design Coding Testing Deploy

Service improvement functions

Reporting and dashboard Continuous improvement

Continuous monitoring

Continuous deployment

Continuous testing

Continuous build and integration

Develop and code

Plan

KPIs

Event

Incident

Problem

Request fulfilment

Access

Availability

Capacity

IT service continuity

Service level

Security

Transition support and planning

Change

Service asset and configuration

Release and deployment

Validation and testing

IT governance, compliance and security

Mode 1 services Mode 2 services

Page 14: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Understand and identify existing operating process

IT Admin

App

Developer

Request Re-request

Re-provision

Provision

Change Management

Update

Requirement

Change

Conflict

Mean time to Deploy: 3 weeks

Page 15: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Leading with DevOps cultureA higher efficiency new operating modelGuiding Principle – Fix 1, Fix Many, Digital Culture

IT Admin

App

Developer

Deploy

Consumer

Services

Auto-

Provision

Infrastructure-as-Code

Publish

Services

Requirement

Change +

Conflict

Rebuild

Build

Scrum Team(s)

Mean time to Deploy: under 1 hour

Page 16: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Eliminate repetitive tasks via

self-service capabilities, freeing

operations to innovate

Increase operational efficiencyacross hybrid IT environment by enabling

software-defined infrastructure

Reduce change failure rate by

removing manual tasks introduced by

human errors in day to day operations

Enable frequent code

deployment resulting in better

quality software

Automation enforces governance,

reduces risk and increase

compliance through execution of pre-

approved of workflows

Summary: Automation OutcomesOrchestrate and automate platforms to respond to agile business demands

Page 17: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Secure

`

Page 18: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Cybersecurity application risks in multi-cloud

AppCross-site request forgery

Client

Cross-site scripting

Man-in-the-browser

Session hijacking

Malware

DNS

DNS cache poisoning

Man-in-the-middle

DNS spoofing

DNS hijacking

Dictionary attacks

DDoS

DDoS

Eavesdropping

Protocol abuse

Man-in-the-middle

App Services

Access

TLS

DDoS

Key disclosure

Protocol abuse

Session hijacking

Certificate spoofing

API attacks

Injection

Malware

DDoS

Cross-site scripting

Cross-site request forgery

Man-in-the-middle

Abuse of functionality

Credential theft

Credential stuffing

Session hijacking

Brute force

Phishing

source: F5 Networks Global Corporate Strategy FY18

Page 19: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Create and understand a shared responsibility matrix

On-PremisePrivate

CloudIaaS PaaS SaaS

Data Centre

Virtualisation

Compute

Network

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Data Centre

Virtualisation

Compute

Network

(Connectivity)

Storage

Operating

System

Applications

Data

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Virtual Network

Functions

Data

Data

Ownership with Client

Ownership with Provider

Data Networking focus

Secu

rity

po

stu

re

Page 20: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Security evolution – Perimeter, Cloud, End Point

Visibility in a multi-cloud environment

3

Multi-cloud Security options

2

Understanding your security posture

1

Virtual SecurityCloud

(Applications) NGFW Micro Segmentation Public and Private Clouds

Protect your applications

when moving to the cloud

Protect your devices while utilising the

cloud

SecuringIaaS

SaaS Email, Web CASB, DNS.

Control PointsCloud Applications

Securing

End Point

(Users)

EDR CASB DNS Web Proxy Phones Laptops IoT

Software / Services SecuringDevices are the new

perimeter

Perimeter

(Infrastructure)

NGFW GatewaysLog

SourcesSIEM Datacentre WAN Branch OT

Appliances SecuringManage your on-premise

security infrastructure

Ap

pli

cati

on

s

Da

ta

``

`

Risk Control Visibility

Page 21: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Structure & Standardisation Process Mapping Roadmap Gaps

Align Platform OutcomesMeasure maturity Continually Measure

Security Posture

Measuring your cybersecurity risk Understanding your security

posture

1Understanding your risk tolerance

Page 22: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Security Architecture Reference Model

Access management

Data protection and visibility

Cloud (Applications)

Identity management

WAFData

Encryption

DB Activity

MonitoringHost DLP

Document

ExchangeIDM SSO

NACAAA MFA PAM

CASB

Operations

Asset / Config

Management

Incident

Management

Vulnerability /

Patch Management

Change

Management

Access

Management

Event Monitoring

and Management

Security

Analytics

Threat intelligence

Perimeter (Infrastructure)

SIEM

Email

Gateway

DDOS

ProtectionFirewall IPS

VPNNetwork

AntivirusWireless

Web

GatewayNetwork DLP

DNSCyber

DeceptionWired

Network

Network

Sandboxing

Feeds Platform Analysis

Host security

Endpoint (Users)

Antivirus /

HIPS

Patch

ManagementConfiguration

Management

Vulnerability

ManagementMDMEDR

Multi-cloud control points

Understanding your security

posture

1Understanding your risk tolerance Managing your control points

Page 23: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Connectivity

Instant

Faster access to services

Empowerment

Applications

App App

Security Services

`

Security

Instant

Faster access to services

Empowerment

ApplicationsSecurity Services

`

`

App App

SaaS

IaaS

App App App App

Security Services

`

Applications

Data Centre

` Users`

Azureand other IaaS providers

and other SaaS providers

In multi-cloud, you need to bring your own security

SLB Access SSL

DNS FW DDoS

Proxy WAF Encryption

DNS FW DDoS

SLB Access SSL

Proxy WAF

Hygiene Access Analytics

CASB DLP MFA

Encryption WAF

Multi-cloud

Security options

2

Page 24: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

SOC Operations

Instant

Faster access to services

Empowerment

Applications

App App

Managed Security Services

`

Instant

Faster access to services

Empowerment

Applications

Managed Security Services

`

`

App App

SaaS

IaaS

App App App App

Managed Security Services

`

Applications

Data Centre

`Threat

Intelligence`

Azureand other IaaS providers

and other SaaS providers

Visibility in your multi-cloud environment

Log Management & Analysis

Managed FW Managed WAF & DDOS

Endpoint Detection & Response

IPSManaged SIEM Managed VPN

DLPDatabase Activity Monitoring

Managed DNS RTM

Log Management SSL

Database Activity Monitoring DLP

Managed FW Managed WAF & DDOS

Managed DNS App Hygiene Services

Access Analytics

Encryption WAF

CASB MFA

Visibility in a

multi-cloud

environment

3

Page 25: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Apply consistent policiesacross your on-premise, cloud

and hybrid environments

Visibility and controlacross your multi cloud environment,

leveraging threat intelligence for

prediction, protection, detection,

and response to threats

Simplify and enhance your

overall security posture by abstracting,

automating, and orchestrating

security controls

Build, adopt, automate, and

scale cybersecurity capabilities for

an adaptive & agile cybersecurity

posture

Meet governance, risk and

compliance requirements by identifying

and addressing gaps

Multi-cloud cybersecurity needsOrchestrate and automate security controls to dynamically respond to cyber threats

Page 26: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

Tools Process

People

`

Connect

Bandwidth

Latency

Visibility

Management

Cloud Peering

Summary

`

Secure

Visibility & Control

Cybersecurity Posture

Process & Policies

Automation & Orchestration

Risk & Compliance

Automate

`

Efficiency

Reduce Failure

Eliminate repetition

Compliance

Frequent Releases

Page 27: Living in a Multicloud World - Cisco · Premise Private Cloud IaaS PaaS SaaS Data Centre Virtualisation Compute Network Storage Operating System Applications Data ... across hybrid

23 April 2019