Watch the Cisco Cloud Native Security SPOT-On Series
In this blog we introduce the Cisco Cloud Native Security SPOT-On Series. In this series we will take you through how to provide a cloud native infrastructure using code, what tools are needed to make this happen, and, most importantly, how we can secure these environments using the Cisco Secure portfolio.
In part 1 of this multi-episode series, we will introduce what we will be building, what types of security technologies we will be implementing throughout this series, and how the Cisco Secure portfolio can help provide visibility and security policy in a cloud native environment. Please follow along this series, as every blog post will also have a video containing demos too!
What will we be building?
First, we need somewhere to deploy our infrastructure. We will be deploying our infrastructure in Amazon Web Services (AWS). In AWS we will provision a Virtual Private Cloud (VPC) with all the necessary subnets, security groups, interfaces, route tables, internet gateways, elastic IP addresses, and elastic compute (EC2) instances. We will also be deploying an Elastic Kubernetes Service (EKS) cluster to manage and orchestrate our cloud native applications. There will be two EC2 instances provisioned, the first will host our Next Generation Firewall, which will be running Firepower Threat Defense. The second will host the EKS worker node, which will host our microservices applications.
We also need some tools to help us with provisioning and configuring our environment. We build a DevBox with all the necessary DevOps tools to accomplish this. On this DevBox we will install the latest versions of Terraform, Ansible, AWS CLI and Jenkins. We will use Terraform and the AWS CLI to provision the cloud infrastructure and applications. Ansible will be used to configure the Next Generation Firewall policy, and Jenkins will automate and orchestrate the build and deployment of the environment. There are a couple other tools we will be using such as GitHub for source code management and version control, Docker for deploying Ansible playbooks and Python scripts in our CI/CD pipeline, and the Kubernetes CLI (kubectl) to monitor and manage the cluster itself.
Securing the cloud native environment can become a little bit tricky because what exactly are we trying to secure? Are we securing the public cloud infrastructure, or the Kubernetes cluster, or the microservices running in the cluster, or how about the containers and the apps running inside the containers, and the APIs (Application Programming Interface) they are exposing? What about the authentication and authorization of the APIs, or how the data is encrypted in transit and at rest, or how many connections or requests can the app support, and are there any vulnerable libraries be used in these apps? There are so many questions that can arise when deploying your cloud-native app in AWS (or another IaaS provider). Lucky for us, the Cisco Secure portfolio provides solutions to answer all these questions.
In this series we will start with the infrastructure and make our way up to the application. In high-level, that looks like this:
- We will secure the cloud edge using Cisco Secure Firewall that will provide access control, intrusion prevention, and anti-malware.
- We will then provide visibility and security analytics into the cloud infrastructure and Kubernetes cluster using Cisco Secure Cloud Analytics.
- Cisco Secure Workload will provide micro-segmentation inside of the cloud infrastructure and micro-services applications.
- Cisco Secure Application Cloud Native will deliver Kubernetes and Container security providing container runtime protections, hardening and vulnerability management, CI/CD pipeline integration and API visibility and risk detection.
- Finally, we will secure the application itself by detecting code dependencies while continuously monitoring vulnerabilities and blocking exploits all during application runtime using Cisco Secure Application.
- We will also dive into other emerging technologies such as Cloud Security Posture Management (CSPM) using Cisco Secure Cloud Insights and what a cloud native firewall is and how it differs from a firewall deployed on cloud instance.
This is the first blog post out of a multi-episode series. Please follow along as we go! Also, check out this video for more detailed information and demos:
Cisco Secure Cloud Native Security – Part 1 – Introduction
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
LinkedIn | Twitter @CiscoDevNet | Facebook | Developer Video Channel
Share: