Demand for software defined networking (SDN) solutions is booming, so much so that it the market is expected to be worth $88 billion by 2024. SDN offers multiple benefits, including cost reduction, centralized management, quicker application deployment, enhanced scalability and reduced downtime, so it’s easy to see why it is so appealing to organizations that want to have more flexible and agile networks.
One of the market-leading SDN offerings is Cisco’s Application Centric Infrastructure (ACI), a multi-tenanted, intent-driven solution which provides advanced networking and security capabilities in data centers. As the name implies, it focuses on the applications that drive the business rather than network products, providing a centralized platform to manage application policies across both physical and virtual workloads. Cisco ACI automates IT workflows and security through whitelisting, policy enforcement and micro-segmentation, which in turn enables customers build agile and secure next-generation data centers.
A key benefit for organizations moving to a virtualized, software-defined environment such as ACI is that it enables and supports micro-segmentation. Segmentation makes it significantly easier to protect applications and data, by reducing the ability of hackers to move laterally across networks.
Cisco ACI’s microsegmentation capabilities enable this to be taken even further, by allowing individual servers to be isolated virtually into secure zones inside your data center. This level of granular application traffic filtering used to be prohibitively expensive and complicated in hardware-based environments, but virtualization has made it a viable option. What’s more with ACI, organizations can make network changes on the fly whenever they are needed, either to serve the needs of the business or when a problem occurs.
However, the rapid provisioning, granular control and agility offered by ACI environments also means that these virtualized networks can get very complex, very quickly. And when complexity starts to mount up, there’s a real risk of human error creeping in – which in turn leads to misconfigurations and security holes.
Furthermore, within the ACI environment there will be a range of security and network routing options in use, from ACI’s built-in security controls to leaf switches and virtual firewalls. Management of all these controls needs to be automated and orchestrated, to eliminate the need to make time-consuming, error-prone manual changes every time a new application is deployed or a new server added.
To mitigate these risks and deliver fully automated policy management across the Cisco ACI framework, AlgoSec’s security policy management solution integrates fully with ACI and extends its rich capabilities to build even more secure, compliant and agile data centers.
With AlgoSec, Cisco ACI customers get complete visibility and policy change automation across their data center environment. This creates a single source of truth for application connectivity policies in the ACI environment, eliminates inconsistencies and enables holistic management. It allows ACI users to automate configuration and control of security policies across the data center, including ACI contracts and the firewalls and routers on the ACI fabric that secure east-west traffic.
This automation gives more effective management over policies through an approval-based workflow model, with ‘what-if’ risk checks baked into change workflows. Any potentially risky changes are automatically flagged by the policy management solution to the security team before they are actually made, to ensure compliance is always maintained. AlgoSec also adds risk and compliance analysis for Cisco ACI contracts and wider security policies, and delivers out-of-the-box reports for multiple regulatory compliance standards such as PCI, SOX, NERC, HIPAA and others, which saves hours in preparations for audits.
For truly seamless integration, AlgoSec’s unique ‘Connectivity and Compliance’ App is available from the Cisco ACI App Center. It gives easy access to the main features of AlgoSec’s solution directly from the Cisco APIC user interface.
Of course, AlgoSec can also extend the same end-to-end orchestration of security management across organizations’ entire physical and cloud network environment, outside of the ACI fabric of their virtualized data centers. We will cover how this is achieved in our next blog.
Receive notifications of new posts by email.