While more and more organizations are transitioning to next-generation data centers and clouds, most IT departments still manually configure security policies through a device-centric management approach. Such approaches are not only time consuming – they also hinder the visibility, scalability, and unified management that next-gen networking can provide. This is why data centers need next-generation security.
In this video, Cisco Vice President of Product Management Scott Harrell talks about how Cisco’s Application Centric Infrastructure (ACI) automates security policies to better address the security issues data centers face today.
“You fundamentally have to assume these days that you’ve been compromised in some form or fashion, so we’ve evolved our security strategy and response,” he says. “We’re now pursuing a strategy that looks at what we do before an attack, during an attack, and after an attack so customers can respond to that.”
ACI simplifies the cumbersome process of manually dealing with firewall rules and ACLs by applying business processes and rules to network security. ACI enables system administrators to apply the security policies they want to wherever they want in the network – whether it’s physical, virtual, recently spun up, or being reactivated after not being operational for years.
Cisco ACI automates and centrally manages security policies using a unified policy abstraction model that works across physical and virtual boundaries. Harrell outlines how ACI-based security can help administrators:
- Roll out applications instantaneously and securely
- Program the security layer for more granular application security
- Reduce over provisioning of firewalls
“ACI enables you to actually go to more of a pay-as-you-go, consumption model,” he says. “It monitors the health of the underlying security infrastructure, and as it sees the load start to grow, it can spawn and create new security instances in a virtual context. That’s really powerful.”