Enterprise workloads are becoming more dynamic, moving across on-premises, edge and multicloud environments. As a result, data center operators are challenged with continually adjusting traffic-flow volumes and infrastructure to meet the needs and expectations of the business while complying with all the necessary security regulations. Security for the data center must evolve to keep up with the digital transformation and hybrid/multicloud adoption. The complexity of protecting not only physical data centers, but also the intersections of where the data center meets the virtual environment creates a unique situation.
Cisco Secure Data Center solutions
Cisco Secure Data Center solutions address today’s data center needs in three primary ways:
- Secure segmentation: Segmentation comprises compute resources, the network and virtualized environments. Products such as Cisco ASA (adaptive security appliance) 5585-X, Cisco TrustSec Security Group Access, Cisco ASA 1000V Cloud Firewall, Cisco Virtual Security Gateway, Cisco vPath technology and Cisco Nexus 1000V Series switches deliver highly secure, multitenant services that are built into the network fabric to ensure consistent policy enforcement throughout the hybrid data center environment and visibility to sensitive information as it flows through the network.
- Threat defense: Cloud computing, personal mobile devices and the collaboration trend have enabled more efficient business practices, but they also add new security risks to the data center. Cisco understands that today’s data transactions require deeper inspection. That’s why it developed products such as the IPS 4500 Series and ASA CX to protect infrastructures from advanced persistent threats and other sophisticated external attacks using threat intelligence, passive OS fingerprinting, and reputation and contextual analysis.
- Visibility: Cisco’s visibility tools give customers the insight they need to make decisions about who gets access to what kind of information, where segmentation is needed, data center boundaries—and whether these boundaries are physical or virtual, along with the ability to apply the right level of policy orchestration to maintain compliance and the overall security posture. Two primary visibility-enabling products are Cisco Security Manager 4.3 and Cisco Virtual Network Management Center, which simplify operations and compliance reporting. These products not only provide visibility into security elements in the network, but they also apply business context to network security.
What differentiates Cisco Data Center security?
Each of the products mentioned above is built upon the Cisco SecureX Architecture, which is a context-aware, network-centric approach to security. The SecureX Architecture enables consistent security enforcement throughout an organization, increased alignment of security policies with business needs, integrated global intelligence and simplified delivery of services and content. The result is end-to-end, automated security enforcement that’s transparent to the end user and more efficient for the IT organization. Some of the key Cisco Data Center security differences include:
- A full set of proven security features delivered without impacting business-critical services
- A dense high-speed firewall that scales to meet new data center demands
- Flexibility to integrate with complex multisite networks
- Flexibility to secure inter-virtual machine (VM) and multitenant architectures (zone and edge deployments)
- Operational consistency (policy and management) across physical, virtual, and cloud deployments while delivering form-factor-agnostic security solutions such as network-integrated and overlay platforms
- Transparent integration of policy movement into the network fabric through innovative designs such as VM-Fex, OTV, LISP and vPath
- Multicontext designs and clustering to scale virtual environments
- Integration of products into Cisco Unified Data Center with validated designs that are thoroughly tested
The Cisco SecureX Architecture uniquely brings together a network that provides contextual information and consistently enforces security policies, global threat intelligence and one of the broadest security portfolios in the industry