Cisco Cloud Consumption Assessment Service

Collaborative Professional Services

Cisco Cloud Consumption

Assessment Service

Territory Services Manager – BiH, Croatia, Serbia, Slovenia

Reduce Cloud Risks & Costs With Complete Visibility of Cloud Usage

Nata

š

a Mini

ć

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Need complete visibility across all clouds

10-15X

Cloud services purchased without

IT involvement (Cisco)

As Customers Leverage the World of Many Clouds

…

Requires new approach to manage

cloud/hybrid IT

0 50 100 150 200 250 300 350 400

Manufacturing Public Sector

Retail

Services

Technology

11x

14x

9x

14x

18x

Customer CSP estimates Services discovered by Cloud Consumption

Cloud Service Providers (CSP)

Shadow IT on the Rise

IT as a Cloud Service Brokerage

30%

Global 1000 companies that will broker two or more cloud

services by 2014 (Gartner)

Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Rapid Service

Delivery

Manage Cloud

Risks & Costs

Business

Agility

Outcomes

Users

Standardized

Portfolio

CSP Assessments/

On-Boarding

w

Service-Centric

Infrastructure

w

Policies/Tools

Processes/

w

w

Compliance

Security/

Public

Cloud

Customer

Opportunity

IT: Service Provider

and

Broker of Cloud/Hybrid Services

Private

Infrastructure

Hybrid

Cloud

4 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Discover Cloud

Usage & Define

Cloud Strategy

§

 

User-led cloud

adoption—with or

without IT

§

 

Applications/

infrastructure

migrated to

virtualized,

automated data

center

Journey to Cloud/Hybrid IT

From Shadow IT

à

Hybrid IT

§

 

Monitor public cloud

usage across

organization,

discover shadow IT

§

 

Cloud strategy &

infrastructure

roadmap based on

usage

§

 

Cloud PMO

§

 

Cloud lifecycle

management

including CSP

on-boarding & risk

mitigation processes

§

 

On-going cloud

monitoring

§

 

Private cloud

infrastructure

§

 

Widespread use of

ideal IT services

from private, hybrid

and public clouds

§

 

Managed portfolio

of cloud services

§

 

Automated,

service-oriented

§

 

Policy-driven apps

& services

§

 

Hosted cloud

infrastructure

Reduce cloud

risk & costs

Improve IT

responsiveness to

business

Correlate cloud

usage to business

outcomes

Little knowledge

cloud risks &

costs

Strategically

align LOB & IT

User-led Cloud

Usage

Hybrid IT

§

 

Cloud service

catalog & charge

back capabilities

§

 

Monitor public,

private, hybrid cloud

usage

§

 

Establish hybrid

cloud infrastructure

§

 

Seamlessly

transition workloads

to/between clouds

Establish Cloud

Management &

Private Cloud

Evolve to Hybrid

Cloud Service

Brokerage

G

re

at

er

Bu

si

ne

ss

Ag

ili

ty

5 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Journey Begins By Gaining Complete

Visibility of Cloud Usage

Consumption Analytics, Vendor Profiles, Spend

Data, Industry Benchmarks

Cloud Consumption Software & Analytics

Professional

Services

Cloud Usage

Data, No

Personally

Identifiable

Information

Customized

Dashboard

Customer

Collector

Known

Unknown

Analytics Reports Alerts Trending

w

w

w

Risk Mitigation

Cost Reduction

Cloud Lifecycle Management

Private, Hybrid Cloud

Internet

Gateways

Via Netflow

Web Security

Gateways

Customer

10-15X

More Cloud

Services

6 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cloud Consumption Web Portal Features

Customized Dashboard

Automated Cloud

Monitoring/Discovery

Cloud Vendor

Assessment

Detailed Analytics,

Reports & Alerts

User Information &

7 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CPS Cloud Consumption Assessment Helps Predict

Cloud Needs, Reduce Risks & Costs

Challenge

Risk/

Compliance

Benefits

Reduce security, privacy, and compliance challenges

to protect your brand and intellectual property.

Mitigate

Business Risk

Outcomes

Costs

Reduce cloud costs 10-15%.

Consolidate cloud

services.

Optimize

Costs

Visibility

Know what cloud services are being used in real-time

and predict cloud needs. Improve cloud service

performance by foreseeing infrastructure impact of

cloud.

Predict Cloud

Needs

8 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

*Flow Record includes Interface id, Source IP, Destination IP, Protocol, Source UDP/TCP Port, Destination UDP/TCP Port, ToS, Data Amount

Customer Data Collection Process

N

et

F

lo

w

v5

/v9

F

ro

m

In

te

rn

et

G

at

ew

ays

Customized

Web Portal

Customer Collector(s)

(Customer Supplied Hardware/VM)

HTTPS

W

eb

Se

cu

rit

y

G

at

ew

ays

Personally

Identifiable

Information (PII)

in log files, eg.

source IPs

X

PII Redaction &

Anonymization Utility

OK

PII (source IPs)

Replaced with

Tokens in Log

Files

Cloud Consumption

Server

(Multi-tenant Cloud-based)

Cloud Consumption

Collector Software

Flow Record*

Customer

9 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Customer Data Collection Requirements

Collector

§

 

Collection performed via Netflow and/or Web

Security Gateway Logs (ScanSafe, IronPort,

Blue Coat, McAfee, Websense, Symantec)

§

 

Collection completed by software

§

 

Customer needs to provide hardware/virtual

machine

§

 

CPU: 4-core Intel Xeon 3 GHz or better

§

 

RAM: minimum 16 GB, 32GB preferred

§

 

Disk: 1TB, OS: CentOS 6.4

§

 

Required access to cloud server: port 8080

§

 

Customer has full control of hardware at all

times

§

 

The collector is silent, only receives data from

Netflow or Web Security Gateways

Privacy

§

 

Collector only collects network statistics and

logs –

NO

payload data or personal identifiable

information (PII) is collected

§

 

Tools provided for source IP addresses

encryption (PII), encryption of PII is done on

the collector

§

 

To provide URL privacy, we can also provide

Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

11 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Total Traffic (GB)

Cloud Usage

§

 

<Finding Summaries>

CSPs  

2,549  

31%  

Websites  

5,626  

69%  

Corporate  

1,542  

60%  

Non-­‐

Corporate  

1,007  

40%  

12 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CSP Count by Service Type

Traffic by Service Type (GB)

Cloud Usage

§

 

<Finding Summaries>

 1,332    

 1,495    

 32    

 820    

 708    

 24    

IaaS  

SaaS  

PaaS  

Total  

Corporate  

129   134   25  

34  

22  

2  

IaaS  

SaaS  

PaaS  

13 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Top Corporate CSPs: Traffic (GB)

Cloud Usage

§

 

<Finding Summaries>

Top 20 CSPs: Traffic (GB)

Akamai  -­‐  IaaS   Google  -­‐  SaaS   AMAZON-­‐AWS-­‐ EC2-­‐3  -­‐  IaaS   Ustream.tv  -­‐   IaaS   Doubleclick   -­‐  SaaS   NeuLion  -­‐  SaaS   Facebook  -­‐   SaaS   turner  -­‐  SaaS   Wordpress  -­‐  SaaS   llnwd  -­‐  IaaS   Oracle  -­‐  SaaS   msecnd  -­‐  IaaS   innovid  -­‐  SaaS   ggpht  -­‐  IaaS   NTT  America  -­‐   IaaS   SoSlayer  -­‐  IaaS   Concur  -­‐  SaaS   AMAZON-­‐AWS-­‐ EC2-­‐3  -­‐  IaaS   Oracle  -­‐  SaaS   NTT  America  -­‐   IaaS   SoSlayer  -­‐  IaaS   Concur  -­‐  SaaS   Yammer  -­‐  SaaS   Yahoo!  Mail  -­‐  SaaS   MobileIron  -­‐  PaaS   Adobe  -­‐  SaaS   Liveperson  -­‐  SaaS   HP  -­‐  IaaS   CORPTAX  -­‐  SaaS   Dropbox  -­‐  IaaS   Bluekai  Inc.  -­‐  SaaS   Box  -­‐  IaaS   Kaltura  -­‐  IaaS  

14 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CSP Category

CSP Category: With CDN

Cloud Usage

§

 

<Finding Summaries>

Office   Produc^vity   56%   Compute   22%   Service   Management   4%   Finance  and   Accoun^ng   3%   Collabora^on   3%   Cloud  Drive/ Storage   3%   Telecom   3%   Others   6%   Content   Delivery   Network   44%   Office   Produc^vity   32%   Compute   12%   Service   Management   2%   Finance  and   Accoun^ng   2%   Collabora^on   2%   Cloud   Drive/ Storage   2%   Telecom   1%   Others   3%  

15 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

VENDOR NAME

SERVICE TYPE

CATEGORY

TRAFFIC GB

SRC_IPS

Akamai

IaaS

Content Delivery Network

673

6,675

Google

SaaS

Office Productivity

480

10,393

AMAZON-AWS-EC2-3

IaaS

Compute

168

3,244

Oracle

SaaS

Service Management

31

1,087

NTT America

IaaS

Telecom

22

1,207

Softlayer

IaaS

Compute

21

2,294

Concur

SaaS

Finance and Accounting

20

1,641

Yammer

SaaS

Collaboration

15

1,642

ShareFile

IaaS

Cloud Drive/Storage

15

190

MobileIron

PaaS

Application Development

Platform

11

1,363

Box

IaaS

Cloud Drive/Storage

4

168

SAP

SaaS

Enterprise Resource Planning

3

402

Kaltura

IaaS

Content Delivery Network

3

350

16 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

17 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Risk Analysis: Common Controls

Findings

•

 

Found 18 controls which are adequately

implemented, but 10 are inadequate

•

 

Risk Impact of 12 controls are of very high in

nature, while majority are in high category

Risk Score

•

 

1 high and 19 medium level risk control

Conclusion

•

 

Top 5 controls that needs attention are;

1.

 

Process to recover from service outage

of cloud provider

2.

 

Improvement of SIEM data sources

3.

 

Improve logging, monitoring and access

restriction capabilities for security

management system

Very High: Improve Control Measures immediately

High: Improve Control Measures

Medium: Review Control Measures

18 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Assessing Risk of Cloud Consumption