Cisco good and bad
The bellwether Cisco was the latest to note this “business softness” laying blame on the world economy in general terms and slower than expected enterprise deals in its latest quarter more specifically.
After its Q1 2020 financial call in November Cisco took the additional action of revamping some of its business units and leadership with an eye towards increasing its competitive tactics – primarily in the cloud arena. For example it rolled its Enterprise Networking and Data Center networking teams into one group, and that includes cloud computing.
As a whole from the Cisco point of view things aren’t gloomy by any means. In fact one of the company’s core-strategy shifts – a move to a software and subscription model – is clearly going well. Software subscriptions are now at 71% of the vendor’s total software revenue, up 12 points year-over-year, according to CEO Chuck Robbins. Comparatively four years ago that number was a third or less, he said.
And that is good for Cisco as a business, Robbins said. “This transition to software not only aligns to how our customers want to consume our technology, but we also believe it will lessen the impact of macroeconomic shifts in the future.”
Cisco dances in the cloud
Software in a variety of forms will be the focus for Cisco in 2020, and perhaps no area will be more important than its hybrid-cloud-interconnect strategy.
“Cisco will continue to have a significant focus on tying together cloud offerings from AWS, Microsoft, Google and other different cloud manifestations as it looks to help bring consistency across and mitigate the complexity of hybrid-cloud environments,” said Brad Casemore, IDC research vice president for data-center networks.
Foretelling the importance the company puts on cloud interconnect integration, in December Cisco tied ever-closer to AWS by extending its SD-WAN technology to manage and automate connectivity between branch offices and the AWS Cloud via the AWS Transit Gateway, which lets customers connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway.
With this new support customers will be able to apply network segmentation and security policies to cloud traffic flows. The package will also enable policy exchange between Cisco SD-WAN Controller and AWS Transit Gateway, which will let IT teams implement consistent network and data security rules, said Sachin Gupta, senior vice president, product management, with Cisco Enterprise Networking.
Casemore also expects Cisco will further enhance its Application Centric Infrastructure (ACI) Anywhere technology, which gives customers the flexibility to run and control applications anywhere they want across private or public clouds or at the edge while maintaining consistent network and security policies across their entire domain.
ACI Anywhere lets policies configured through Cisco’s SDN Application Policy Infrastructure Controller (APIC) use native APIs offered by a public-cloud provider to orchestrate changes within both the private and public cloud environments, Cisco said. Cisco’s Orchestrator helps provision and manage the implementation across multiple sites and services.
The driving force with ACI Anywhere is that IT teams have been forced to make a hard choice: Stay with their on-premises data centers with a rich set of tools of their choice for automation or assurance or security; or move to the cloud, where a different set of capabilities can make consistent compliance a true challenge. ACI Anywhere removes that challenge and places workloads where it makes the most sense regardless of the platform or hypervisor, Cisco says.
Cisco has embarked on this ACI Anywhere expansion strategy already. In addition to its SD-WAN extension to AWS in December, Cisco also extended ACI Anywhere to AWS Outposts. Outposts offers AWS-designed hardware that lets customers run compute and storage on premises, while connecting to AWS’s cloud services.
In September Cisco added new pieces of ACI Anywhere that integrates Microsoft Azure clouds and a cloud-only implementation of ACI. It also rolled out Cisco Cloud ACI for AWS that lets users configure inter-site connectivity, define policies and monitor the health of network infrastructure across hybrid environments, Cisco said.
“Cisco will deepen the functionality of ACI in multicloud environments and move closer to intelligent automation of these system to ease operational complexity,” Casemore said.
Others think Cisco needs to take bolder steps towards integrating hybrid clouds.
“Overall, I think it’s clear that Cisco needs to get into ‘the cloud’ in a more effective way. I think their recent reorg shows they understand that,” said analyst Tom Nolle, president of CIMI Corp. “Cloud Interconnect is a sideshow,” he said. “What’s needed is infrastructure-independent development and deployment, which would relegate ‘cloud interconnect’ to nothing but a network gateway.”
“Cloud players like VMware and Amazon are already thinking of cloud interconnect holistically, as a broad resource partnership that lets all clouds, all data centers, edge and core, all coexist under a common ‘resource pool’ model,” Nolle continued. “Rival Juniper bought HTBASE, which could have accomplished that for Juniper if they really understood their own acquisition. Cisco needs to recognize this broader vision, and get a place in it.”
While the cloud is a big growth area for Cisco, it will also further develop SD-WAN, which is a big deal because IDC says almost 95% of enterprises expect to be using it within 24 months. Cisco takes that a step further and says that as of August 2019, 70% of the Fortune 100 are using some form of Cisco’s SD-WAN. In addition, Cisco’s 2019 Global Networking Trends Survey, found that over 58% of organizations globally have deployed SD-WAN in some form, and over 94% believe they will deploy some form of it within the next two years.
It’s also a big deal because Cisco late this year said it had 20,000 customers using its SD-WAN across its Viptela and Meraki lines.
The transition to SD-WAN is accelerating, thanks to the pervasive adoption of cloud services. Businesses are adopting SaaS apps like Microsoft Office365 and others, wrote Cisco’s Gupta in a blog about its SD-WAN customers. “Our surveys show our customers have, on average, 30 paid SaaS applications each. And that they are actually using many more: over 100 in several cases,” he wrote.
SD-WAN is critical for businesses adopting cloud services, acting as a connective tissue between the campus, branch, IoT, data center and cloud, Gupta said. “It brings all the network domains together and delivers the outcomes business requires,” he said. “It must align user and device policies, and provide assurance to meet application service-level agreements. It must deliver robust security to every device and every cloud that the enterprise’s data touches.”
What’s critical for Cisco is the intersection and integration of the network and security – it is moving them closer together. That’s particularly important in the SD-WAN arena as those two technologies become intertwined., said Lee Doyle, principal analyst at Doyle Research. “You’ll see tighter integration and a more consolidated approach at the branch so customers won’t have to manage so many piece-parts individually,” Doyle said.
Hints of this tighter integration came last month when Cisco Meraki rolled out a software feature called Adaptive Policy that lets businesses group users, applications and devices so they can apply security policies based on client, intent, and identity. Adaptive Policy is an extension of Cisco’s enterprise Software-Defined Access software that customers can group users and devices within networked segments according to their access privileges.
The idea is to secure user, device and application access to microservices, containers, and other applications from one location, Cisco said.
Meraki also tied in tighter with Cisco’s cloud-based Umbrella security gateway. According to Cisco, Umbrella can provide the first line of defense against threats on the Internet. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers attacker infrastructure and blocks requests to malicious destinations before connections are established and without adding latency. It is meant to stop phishing and malware infections earlier, identify already infected devices faster and prevent data exfiltration, Cisco says.
“Consolidation at the branch will be a key push for Cisco as they have all the security and networking technology to make SD-WAN and branch implementations better. They will consolidate and extend those technologies,” IDC’s Casemore said.
Cisco sees the future here, but it’s really centered around a Kubernetes ecosystem that includes both deployment and application development, both cloud-native and legacy, monolithic application models, Nolle said. “Connection tools like SDN and SD-WAN, and computing models like edge computing, are all slaves to application development and deployment, and Cisco needs to step up its game there,” Nolle added.
Better security for cloud interconnect, SD-WAN and other environments will be an area where experts expect Cisco to show a lot of activity.
That will reveal itself in continued efforts to interlock and integrate security as the company moves toward more holistic security, Casemore says. “One of these key areas will be around the evolution of its Tetration product towards more workload, cloud-protection areas,”he said.
Introduced in 2016, Cisco Tetration Analytics gathers information from hardware and software sensors and analyzes the information using Big Data analytics and machine learning to offer IT managers a deeper understanding of their data-center, private- and public-cloud resources.
Tetration includes the ability to improve enterprise-security monitoring and simplify operational reliability. Another key benefit of Tetration is as single tool to collect consistent security telemetry across the entire data center and analyze large volumes of data in real time. In a multi-cloud enterprise, Tetration can lock-down tens of millions of whitelist policy entries across thousands of applications and offer application segmentation to support secure zero-trust implementations.
Cisco’ defines zero trust as an all-inclusive approach to securing authentication and access, while offering segmentation and policy-setting capabilities across an organization’s networks and applications. It is one of the strategies put forth to protect all things cloud across the industry, experts say. Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero-trust network access.
In Cisco’s case customers can expect the company to continue adding zero-trust capabilities across its software portfolio.
A recent Forrester Wave report stated that Cisco has spent significant time and expense to realign much of its security portfolio to enable or enhance zero trust, includng integrating and operationalizing authentication, supported by technology it acquired with Duo. “The integration of Duo’s strong authentication offering and the simplicity of its UIs and tooling have strengthened the Cisco offering considerably,” Forrester wrote.
Cisco paid $2.35 billion in cash and stock for network-identity, authentication and security company Duo in 2018. Cisco says Duo helps protect against breaches with cloud-based software that verifies the identity of users and the health of their devices before granting access to applications.
“The combination of Cisco’s networking and device-tooling, new offerings for analytics and cloud workloads, and Duo’s focus on users and endpoints supports multiple components of ZTX,” Forrester wrote. “Deployment and ease of use are strengths across the portfolio.” The report describes Cisco as a well-positioned zero-trust player.”
Challenges in 2020
“Cisco’s challenge here is that the right steps include upgrading their SD-WAN products to include specific zero-trust connectivity management, and they’re afraid to do that because it might overhang their existing security products,” said Nolle. “They need to broaden their vision of security to envelop SD-WAN but also to secure cloud-native, Kubernetes-distributed applications.”
Zero trust is also reflected in Cisco’s overarching security Threat Response platform which includes a number of core Cisco products, among them Umbrella, advanced malware protection for endpoints, and intrusion protection.
Experts predict Cisco will continue to fill out and improve integrations with its threat platform especially where it involves the cloud and access at the network edge, exeperts said.
Cisco says its security business grew 22% year-over-year from Q1 2019 to Q1 2020, and experts expect the company to continue that success in 2020.