16
Securing the Cloud Joshua McCloud
Securing the Cloud Joshua McCloud
Defense
Risk
Threat
Anti-virus
PC & Server
2000
WORMS
Hackers
Firewall & IDS/IPS
ICT Services
2005
SPYWARE / ROOTKITS
Criminals
Reputation & Sandboxing
Critical Infrastructure
2010
APTs CYBERWARE
Governments
Intelligence & Analytics
Society
Tomorrow
INCREASED ATTACK SURFACE
Collaborators
services reside in many clouds
endpoint proliferation
blending of business and personal use access through
any medium
Acce
ss S
ecur
ity
Clou
d Se
curit
y
Network Platform
Network Visibility
Context Aware Control
Context Aware Policy Tr
ustS
ec
Trus
tSec
Cisco SIO Threat Intelligence
Clou
d Se
curit
y
Secure Segmentation
Resilience Threat
Defense
Cloud Security
Nexus 7000 Nexus 6004 Nexus 6001 Nexus 1000v
UCS
Fabric Path
Virtual Device Context VLAN VRF
SGT
SGT
TrustSec
Identity
drop
ASA 5585X Virtual Security Gateway
VSG
VSG
ASA
ASA
ASA 1000v Cloud Service Router
CSR
CSR
Identity Services Engine
Stealth Watch
Threat Profile
Threat
Context
Context
User: Jane Smith Access Group: Guest Device: Laptop Location: Campus HQ Access Method: Wireless
ALERT User: John Doe Access Group: Finance Device: Android Phone Location: Remote Access Method: VPN
Traffic: P2P Destination: External Behavior: File Sharing Threshold: +167%
Cloud Security
Secure Segmentation
Resilience Threat
Defense
TOMORROW starts here.
