Cisco CEO Chuck Robbins: Moving To The Cloud Alone Isn’t A Security Cure-All

Moving to the cloud won’t solve all security woes, Cisco CEO Chuck Robbins tells CRN. A holistic approach to architecting a secure overall environment is what’s required in today’s hybrid cloud world, solution providers add.

Relying solely on the public cloud for security by moving entire enterprise infrastructures off-premise is a short-sighted approach to security, especially in today’s world where hybrid cloud reigns dominant, solution providers say.

Following the large SolarWinds breach, which had hackers compromising Microsoft’s source code, the Redmond, Wash.-based tech giant in February urged its customers in a blog post to embrace the cloud for security, warning customers with on-premises services that they are ultimately responsible for protecting their own infrastructure.

But simply moving to the cloud isn’t the end-all, be-all of security postures, channel partners say. That’s because most businesses need a blend of both cloud and premises-based environments.

Cisco CEO Chuck Robbins agrees and sees the importance of both cloud security and protecting data in premise-based environments. “I think you could make a case for either, to be honest,” he told CRN. Many customers are choosing hybrid cloud, so premise-based security can’t be ignored.

“On-prem, if you don’t build a good, robust security architecture, then you’re going to have problems. If you don’t have good hygiene with your employees and the operational stuff, which, the most prevalent issues are redundant passwords or passwords taped to computers or people clicking on a phishing email. Those are the kinds of things that if you could cut those out, then it won’t matter where this stuff is,” Robbins said.

[Related: Cisco’s Oliver Tuszik: ‘We Need Partners’ To Be Successful With Consumption-Based IT]

The architecture of the environment and having the right security technology in place is what matters, he said.

For customers and channel partners, the consideration shouldn’t be security on-premise versus cloud security, said Bob Cagnazzi, president and CEO of Presidio, one of Cisco’s largest partners.

“I think it’s myopic to look at those as two distinct elements because we’re operating in a hybrid cloud world with most of our clients, even if it’s just SaaS,” he said. “Security is going to be on-premise and it’s going to be cloud-based depending upon the application and depending upon the client’s investment in on-premise security.”

Where partners come in is in the architecting of a robust security profile that understands the levels of security each workload requires, Cagnazzi said.

“One security can be better than the other at any point in time, but the real objective for us with our clients is to look at that entire platform to say, ‘Alright, based upon the investment in your risk profile, how do we maximize your security and compliance across the entire platform – both on-premise and in the cloud?’,” he said. “It’s not an either/or discussion on who’s got better security. It’s really, ‘Let’s start with where your workloads are going to be sitting.’”

Some workloads will move to the cloud, while others will stay on-premise. Still other workloads will move around over time, Cagnazzi said. “How do we make sure that the security travels with it and it’s got the security profile that you want around that data, or that workload, or application, or service in any way, shape or form.”

Going to the cloud doesn’t flip a security switch, said Kent MacDonald, senior vice president of strategic alliances for Long View Systems, a Cisco Gold partner. “You should have the same, or a lot of the same principles when going to the cloud as if you are building a new data center,” he said.

Calgary, Alberta-based Long View Systems offers managed cloud and managed infrastructure services to its customers. The firm has been helping customers architect and secure their cloud environments. “I think there’s a gray area in understanding the demarks of who is responsible for security. When it’s in your data center, you know you own it,” he said. “I think that there are some assumptions or misconceptions that we have to educate and form around the cloud experience.”

Cisco has been “leaning in” to security with a heavy focus on securing workloads in any location with its secure access service edge (SASE) solutions for both data center and cloud environments, MacDonald said.

“Data has to move by a network. Cisco is certainly the network company. Now, how do you make sure that you [secure] the hybrid cloud experience?” he said. “Cisco has made a lot of progress there.”