Cisco CVE-2023–20198 Vulnerability

Introduction

In today's digital age, the backbone of any successful business is its IT infrastructure. For medium-sized enterprises in the UK, the decision to manage this infrastructure in-house or to outsource it to a Managed Service Provider (MSP) is more critical than ever. With cyber threats on the rise and technology evolving at breakneck speed, the choice you make could either propel your business forward or leave it lagging behind the competition.

But beyond the surface-level considerations, what does each option truly cost? This article delves deep into the financials, peeling back the layers to reveal not just the obvious expenses but also the hidden costs and benefits that could significantly impact your bottom line. We'll provide a comprehensive analysis, enriched with the latest data, to help you make an informed decision that aligns with your business goals.

The Real Costs of In-House IT Support Engineers

1. Base Salary: More Than Just a Paycheque

At first glance, hiring in-house IT Support Engineers seems straightforward. You offer a salary, and in return, you get dedicated personnel to manage your IT needs. However, salaries in the IT sector can vary widely based on experience, qualifications, and the ever-changing demand for specific skill sets.

• 3rd Line Support Engineer: The average annual salary hovers around £52,569.‍
• 2nd Line Support Engineer: The average annual salary hovers around £35,046.‍
• IT Support Manager: For those in more senior positions, salaries can range from £56,950 to £70,092 per annum, depending on the complexity of the role and the size of the organisation.

But salaries are just the tip of the iceberg.

2. Additional Costs: The Hidden Financial Sinkholes

National Insurance Contributions (NICs)

Employers are required to pay NICs (Class 1) at a rate of 13.8% on earnings above the secondary threshold.

• For a £35,046 salary:
  • Threshold for 2024/25 (frozen at £175 a week): £9,100
  • Earnings subject to NICs: £25,946
  • Annual NIC's: £25,946 x 13.8% = £3,580.55

Pension Contributions

As well as National insurance, you may also need to make pension contributions on behalf of your employee.

If you automatically enrol an employee into a workplace pension scheme, then you must contribute a minimum of 3% of their qualifying earnings. If they voluntarily enrol into a workplace pension scheme, then you must contribute the 3% minimum if your employee earns more than £120 a week, £480 over four weeks, or £520 a month.

Qualifying earnings include your employee’s wages or salary, as well as any commission, bonus or overtime you pay them. For 2024/25, qualifying earnings fall between £6,240 and £50,270.

For an employee on £35,046 a year, after subtracting the lower threshold of £6,240 you would pay pension contributions on qualifying earnings worth £28,806. Therefore, if you automatically enrol this employee into a workplace pension scheme at the minimum requirement of 3%, you would pay £864.18 a year in pension contributions for that one 2nd Line Support Engineer.

Benefits and Training

The tech world doesn't stand still, and neither should your IT staff.

• Ongoing Training: On average, companies spend about £1,260 per employee annually on training and certifications to keep skills current.

Sick Leave and Absenteeism

Employee absence isn't just about lost productivity; it's a tangible cost.

• According to a report by The Guardian (September 2023), the average UK worker takes 7.8 sick days per year, the highest in a decade.
• Cost Implications: You still pay salaries during sick leave and might need to hire temporary staff or pay overtime to cover critical tasks.

Holiday Entitlements

• Employees are entitled to a minimum of 28 days of paid leave annually, including public holidays.
• Coverage Gaps: During holidays, you might face understaffing issues, potentially affecting IT support and maintenance.

3. Productivity and Support Capacity: Can They Keep Up?

Staff-to-Employee Ratio

Workforce.com (2023) surveyed medium-sized businesses and found that the median IT staff-to-employee ratio is 1:25, with the upper quartile ratio being 1:40. This means that one IT professional supports, on average, 25 employees, and in the upper quartile, one IT professional may support up to 40 employees. However, this ratio doesn't account for the complexities of individual businesses or unexpected IT crises.

Limitations of In-House Staff

• Working Hours: Typically, in-house IT staff work standard business hours (9 am - 5 pm). Any issues outside these hours may have to wait or incur overtime costs.
• Overtime Pay: If after-hours support is needed, expect to pay 1.5 to 2 times the regular hourly rate.
• Single Point of Failure: Relying on a small team or individual means that their absence can severely impact your operations.

4. Total Annual Cost per IT Employee: Adding It All Up

To adequately support 70 employees and ensure coverage during absences, you'll likely need at least 2 IT support engineers.

• Total Annual Cost: £40,750 x 2 = £81,501.46

And remember, this figure doesn't account for potential overtime, temporary staffing during absences, or the costs associated with recruitment and onboarding.

The Cost of Hiring a Managed Service Provider

1. Understanding the Pricing Models: What Does an MSP Really Cost?

When considering an MSP, one of the first questions that arise is the cost involved. MSPs offer various pricing models tailored to fit different business needs, with the per-user pricing model being particularly popular among medium-sized enterprises.

• Per-User Pricing Range: The cost typically ranges from £35 to £150 per user (or endpoint) per month. This wide range accounts for the diversity of services offered, the complexity of your IT environment, and the level of support required.
• Average Cost for Medium-Level Support: For a balanced package that offers comprehensive support without unnecessary extras, you can expect to pay around £52 per user per month in the UK. This estimate provides a realistic benchmark for budgeting purposes.

2. Beyond Basic IT Support: The Comprehensive Services MSPs Offer

Hiring an MSP isn't just about outsourcing your IT support—it's about partnering with experts who can enhance your operations, protect your assets, and position your business for future growth.

24/7 Support

• Round-the-Clock Assistance: Technology doesn't sleep, and neither do potential issues. MSPs provide support beyond standard business hours, ensuring that any problems are addressed promptly, regardless of when they occur.
• Minimizing Downtime: Immediate response to IT issues means less downtime for your business, translating to increased productivity and reduced operational losses.

Enhanced Cybersecurity

• Advanced Security Measures: Cyber threats are evolving rapidly. MSPs stay ahead of these threats by implementing real-time monitoring, sophisticated threat detection, and rapid incident response strategies to safeguard your data.
• Compliance Management: Navigating regulatory requirements like the General Data Protection Regulation (GDPR) can be daunting. MSPs help ensure your business remains compliant, mitigating the risk of legal penalties and protecting your reputation.

Software Licensing and Updates

• Managed Updates: Keeping your software up-to-date is crucial for security and efficiency. MSPs handle all updates and patches systematically, so you don't have to worry about disruptions or vulnerabilities.
• Licensing Management: Leveraging bulk purchasing agreements, MSPs can often secure better pricing on essential software like Microsoft 365, passing those savings onto you.

Scalability and Flexibility

• Adjustable Services: As your business grows or shifts focus, your IT needs will change. MSPs offer the flexibility to scale services up or down without the logistical challenges of hiring or laying off staff.
• Customized Solutions: MSPs can tailor their services to align precisely with your business objectives, providing support where you need it most.

Expertise on Demand

• Diverse Skill Sets: MSPs employ teams of IT professionals with expertise across various domains, from network management and cybersecurity to cloud computing and data analytics.
• Access to the Latest Technologies: Staying current with technological advancements can be costly and time-consuming. MSPs keep you at the forefront of technology without the need for continual in-house training.

3. Cost Calculation Example: The MSP Financial Breakdown

For 70 Employees (let's use even an average cost of £50 per endpoint):

• Monthly Cost: 70 users x £62= £4,340
• Annual Cost: £3,500 x 12 = £52,080

While this figure is slightly higher than the in-house option of one IT Support Engineer, it's crucial to consider the value-added services and potential cost savings in other areas.

4. Additional Advantages: More Bang for Your Buck

Beyond immediate services and support, MSPs offer significant advantages that enhance the overall value of your investment.

Consistent Support

• No Downtime Due to Absences: Unlike an in-house IT team, which can be affected by staff vacations, sick leave, or unexpected absences, MSPs provide uninterrupted support. This ensures that your IT systems are always monitored and maintained without any gaps in service.

Access to the Latest Technology

• Innovative Solutions: MSPs continuously invest in cutting-edge technology and infrastructure. By partnering with an MSP, your business gains access to the latest tools and solutions without the hefty upfront costs associated with procuring them independently. This keeps your operations efficient and competitive in a rapidly evolving technological landscape.

Predictable Costs

• Fixed Monthly Fees: Budgeting for IT expenses can be challenging when unexpected issues arise. MSPs typically offer fixed monthly fees, simplifying your financial planning and eliminating surprise costs. This predictability allows you to allocate resources more effectively across your business.

Risk Mitigation

• Shared Responsibility and Accountability: MSPs operate under Service Level Agreements (SLAs) that define the standards and expectations for service delivery. These agreements ensure accountability, with MSPs often financially liable for breaches, downtime, or failure to meet agreed-upon performance metrics. This shared responsibility reduces your business risk and provides peace of mind.

Head-to-Head Comparison

Let's put it all together in a side-by-side comparison:

Case Study: A Medium-Sized Retailer’s Dilemma

Consider a UK-based retailer with 96 employees. They initially managed IT in-house with two IT Support Engineers. They faced challenges such as:

• Limited Support Hours: Issues that occurred after 5 pm had to wait until the next day.
• Security Breaches: They suffered a ransomware attack that halted operations for days in 2022.
• Staff Turnover: One 3rd Line IT Support Engineer left for a higher-paying job, leaving them understaffed.

After switching to an MSP:

• Immediate Support: 24/7 helpdesk resolved issues swiftly, even during peak shopping hours.
• Enhanced Security: No breaches occurred, thanks to proactive monitoring.
• Cost Savings: Despite higher annual costs, they saved money by avoiding downtime and not having to invest in expensive security solutions.

Conclusion

While the initial annual cost of employing in-house IT staff (presuming the business only employs 1 to cover all the 70 endpoints) appears lower at £40,750.73 compared to £52,080 for an MSP, this doesn't tell the whole story. MSPs offer significant added value through:

• 24/7 Support: Reducing downtime and maintaining productivity.
• Advanced Cybersecurity: Protecting against threats that could cost millions.
• Scalability: Allowing your IT services to grow with your business seamlessly.
• Expertise: Access to a broad range of specialists without the overhead of hiring each one.

For medium-sized businesses in the UK aiming for growth, agility, and robust security, investing in an MSP may provide a better return on investment. However, businesses must weigh the importance of direct control and the personalised touch of in-house staff against the comprehensive services and expertise offered by MSPs.

In the end, the choice depends on your specific needs, risk tolerance, and long-term business strategy. But one thing is clear: in the rapidly evolving digital landscape, staying still is not an option.

Interested in exploring how an MSP could revolutionise your business's IT infrastructure? Contact us for a personalised consultation and take the first step towards a more secure and efficient future.

Cyber security is a prevalent issue facing businesses. In a recent Cyber Security Breaches Survey, it was found 45% of medium businesses and 58% of large businesses experienced cyber attacks in 2023.

While it’s crucial for businesses to protect themselves, the challenge is knowing the best way to do so. There needs to be a strict approach to eliminate risks.

Zero trust is a specific approach to cyber security, which puts emphasis on strict verification. It assumes everyone poses a risk to your security unless they have been comprehensively validated through careful checks.

We explore zero trust security in more detail and how to implement it effectively in your business.

What is zero trust security?

Zero trust is a security approach that moves away from the traditional model of trusting everything inside a network perimeter.

In a zero trust world, no one and nothing is trusted. Even users or devices that are already connected to the network will be subject to advanced checks. It focuses on verifying and securing access to resources based on strict identity verification, both within or outside the network perimeter.

There are three key principles of zero trust:

• Verify explicitly: Always authenticate and authorise devices and users, using all available data points
• Use least privilege access: Limit user access using Just-In-Time (JIT) and Just-Enough-Access (JEA), risk-based adaptive policies and data protection. Only give people the access they really need
• Assume breach: Never trust and always verify every request, regardless of its origin or resource accessed. Use end-to-end encryption and use analytics for visibility, threat detection and defence improvement

By following these principles, you can protect your network and limit the chance of unauthorised users hacking into your systems.

What are the core benefits of zero trust security?

As a security approach, zero trust offers several key benefits for enhancing security in today’s digital landscape.

1. It’s built for the hybrid world

Zero trust has been adapted to meet the complexities of modern environments, including mobile workforces. Traditionally, businesses relied on perimeter security strategies, using firewalls and network-based tools to validate users entering and leaving the network.

However, with digital transformation and hybrid cloud infrastructure, relying solely on a network perimeter is no longer sufficient. Zero trust acknowledges this shift by protecting user accounts, devices, applications and data wherever they are located.

2. Reduce the risk of attack

By assuming that no user or device is implicitly trusted, zero trust minimises the chances of an attack. It focuses on verifying access based on strict identity verification, regardless of location or network perimeter.

Even if an attacker gets through one entry point in your network, they’re likely to be prevented elsewhere, halting their efforts.

3. Enhanced security posture

Zero trust principles ensure that only authorised users and devices can access specific resources. This approach helps prevent unauthorised access, lateral movement and privilege escalation.

Moreover, it makes your security coverage more comprehensive. Many enterprises operate with a patchwork of security tools lacking integration. Security teams spend time on manual tasks, lacking context and insights. However, zero trust bridges the gaps, freeing up security teams for strategic work.

4. Improved visibility and monitoring

Zero trust emphasises continuous monitoring and visibility. Organisations gain insights into user behavior, network traffic and potential threats.

This visibility enables faster detection and response to security incidents, preventing your organisation being negatively impacted by potential attacks.

5. Adaptive access control

Zero trust allows organisations to implement adaptive access controls. Users are granted access based on contextual factors such as device health, location and behaviour. This dynamic approach ensures that access policies adapt to changing conditions.

It also mitigates insider threats by minimising the trust placed in any user or device. Even legitimate users are subject to continuous verification, reducing the impact of malicious insiders.

6. Data protection and compliance

Zero trust protects sensitive data by enforcing strict access controls. It limits data exposure and prevents unauthorised access to critical information, reducing the risk of data breaches.

This aligns with compliance requirements by enforcing strong access controls, auditing access events and protecting sensitive data. It helps organisations meet regulatory standards.

7. Cloud and hybrid environment readiness

As organisations adopt cloud services and hybrid environments, zero trust provides a consistent security framework. It works seamlessly across on-premises, cloud and remote environments.

Regardless of your environment, it offers adaptive and continuous protection, managing threats proactively.

8. User experience optimisation

Contrary to the perception that strong security hampers user experience, zero trust can enhance it. By enabling secure remote access and seamless authentication, users can work efficiently without compromising security.

It also prevents IT outages that halt productivity and frustrate users.

How to implement zero trust

If you are looking for a robust security approach that drastically reduces your chances of being impacted by cyber attacks, zero trust is for you.

Implementing a zero trust in a business involves several steps to enhance security and protect critical assets. Here are the steps you should follow:

1. Define the attack surface

Begin by identifying your organisation’s attack surface. This is essentially all the possible entry points an attacker can exploit to infiltrate a system, network or even physical devices. So, understand which assets, users and devices are part of your network.

Remember to consider both on-premises and cloud-based components. This will enable you to understand exactly the scale of protection required.

2. Implement controls around network traffic

Next, analyse how traffic flows within your network. This includes identifying any dependencies between systems. By doing so, you’ll understand the potential entry points.

You will then want to implement micro-segmentation to isolate different parts of your network. It allows you to control each section of your network and make it hard for attackers to navigate from one area to the next.

Finally, use network access control (NAC) systems to enforce strict access policies. This will determine who can access areas within your network, what authorisation they need to complete and how you’ll respond to those who fail verification.

3. Architect a zero trust network

Next, build your zero trust network. By this point, you will have mapped out how traffic moves to sensitive areas of your network.

With this understanding, put adequate protections in place with emphasis on gatekeeping your most critical assets.

One way to get this protection is through software-defined perimeter (SDP) tools, which a type of security solution that creates a secure connection between users and authorised applications, regardless of their physical location. You may also use identity-aware proxies, which act as intermediaries between users and the applications or resources they’re trying to access.

If you are unsure of the tools to utilise, a cyber security consultant should be able to guide your way. Remember to design a flexible system which is tailored to your environment.

4. Create a zero trust policy

Alongside your security protocols, you should develop zero trust policies. Set clear policies for user access, device authentication and data protection to minimise risk.

Commonly, organisations will implement is multi-factor authentication (MFA) to verify user identities. It uses biometric information or information only the user knows to ensure only authorised users gain access.

You can also define access controls based on roles and least privilege principles. This limits who has access to specific areas, meaning only those who need it have it. This reduces the risk of data breaches and hacks,

5. Monitor your network

Once you’ve set up your zero trust security network and policies, it’s crucial to monitor for risks. Continuously review network traffic and user behaviour to determine potential threats.

Use real-time analytics to detect anomalies and concerning patterns. When you find them, aim to respond promptly.

This monitoring can be automated to alleviate the burden on businesses. AI tools like Copilot for Security have been designed specifically for this, so are well worth considering.

Finally, remember that zero trust is an ongoing process. Regularly assess and adapt your security measures to stay ahead of evolving threats and protect your business effectively.

Get cyber security support

When implementing a zero trust approach, having the right tools is crucial.

Fortunately, there are many solutions at businesses’ disposal.

Microsoft promotes a zero trust framework as an organisation. As such, many of their security tools align closely with zero trust principles. This includes Microsoft Defender for Endpoint, which detects and responds to breaches, and Microsoft Intune to manage devices on the network.

And if you need guidance, Caledonian Tech can help. Our specialist IT consultants provide a wide range of cyber security solutions, helping you to abide to the core fundamentals of zero trust. We will fully tailor our advice to your business needs, leaving you with actionable insights to move forward with.

Plus, if you want hands-on support, we can operate a security centre for your organisation with our managed IT services.

CVE-2023–20198

The recent discovery of CVE-2023–20198 has put the cybersecurity community on high alert. This critical vulnerability, identified within Cisco’s IOS XE software, poses a significant threat by allowing unauthenticated attackers to gain privileged access to affected systems. Cisco was quick to acknowledge the flaw, issuing a public disclosure to inform and urge the relevant stakeholders to take immediate mitigating actions. This vulnerability not only underscores the relentless challenges faced in cybersecurity but also the imperative for vigilant monitoring and prompt action in addressing such security loopholes.

The core of CVE-2023–20198 lies in a flaw within the web UI feature of Cisco’s IOS XE software. This vulnerability is especially concerning as it allows remote, unauthenticated attackers to create accounts with high-level privileges on the affected systems, thus gaining control over them. The systems in jeopardy are both physical and virtual devices running Cisco IOS XE software, particularly when the HTTP or HTTPS server feature is enabled and exposed to the internet or untrusted networks.

The Common Vulnerability Scoring System (CVSS) has rated this flaw a 10.0, the maximum severity score. This score reflects the potential catastrophic impact the vulnerability could have on affected systems if exploited, including complete system compromise and data breach. Such a high rating stresses the urgency for mitigation measures to prevent potential exploits

CVE-2023–20198 isn’t an isolated incident. Past vulnerabilities, like the infamous Heartbleed and EternalBlue, have shown the potential fallout when critical security flaws are exploited. These instances led to widespread data breaches and were instrumental in facilitating notorious cyber-attacks. The landscape of threats is ever-evolving, and each historical incident of a critical vulnerability provides lessons in the perpetual game of cat and mouse between cybersecurity professionals and malicious actors. The emergence of CVE-2023–20198 adds a new chapter to this ongoing narrative, underscoring the necessity for robust, proactive security measures in the face of relentless cyber threats.

The fix

In addressing the vulnerability CVE-2023–20198, Cisco has provided clear steps to mitigate the risks associated with this critical flaw. Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems, which is the core avenue for exploitation in this case. This can be done by executing the no ip http server or no ip http secure-server command in the global configuration mode of the affected devices. If both HTTP and HTTPS servers are in use, both commands are required to fully disable the HTTP Server feature. Additionally, Cisco has laid out a decision tree to help users determine the necessary steps for their particular environment. The steps include checking if you are running IOS XE, and if the HTTP server or HTTP secure-server is configured. If these services are required for other functionalities, restricting access to these services to trusted networks is advised

The emergence of CVE-2023–20198 is a stern reminder of the incessant vulnerabilities lurking within the complex architectures of network systems. This specific vulnerability within Cisco’s IOS XE software has shed light on the crucial necessity for robust cybersecurity practices and prompt action to mitigate potential threats. By exploiting the web UI feature, unauthorised attackers can create privileged accounts, posing a significant risk to both physical and virtual devices, especially when the HTTP or HTTPS server feature is enabled and exposed to untrusted networks.

The alarming CVSS score of 10.0 amplifies the potential catastrophic impact on affected systems, urging for immediate mitigation measures. Past incidents like Heartbleed and EternalBlue have painted a clear picture of the potential havoc such vulnerabilities can wreak if left unaddressed. The lessons from history echo the importance of a proactive and well-informed approach towards cybersecurity.

Cisco’s prompt action in disclosing the vulnerability and providing clear mitigation steps exemplifies the proactive stance organisations must take in confronting cybersecurity challenges. The advised disabling of the HTTP Server feature on internet-facing systems is a practical step towards closing the vulnerability window. Additionally, the decision tree provided by Cisco aids users in understanding the necessary steps tailored to their specific environment, thus fostering a more secure network infrastructure.

As the narrative of CVE-2023–20198 unfolds, the broader call to action for organisations is to bolster their cybersecurity posture. This includes regular vulnerability scanning, effective patch management, and the adoption of advanced threat intelligence services. Ensuring the enforcement of stringent cybersecurity measures among third-party business partners and fostering a culture of security awareness are equally crucial. Through a concerted effort in enhancing cybersecurity practices, organisations can better shield themselves against the evolving threats and ensure a more secure operational landscape.

CVE-2023–20198 underscores the critical need for vigilant monitoring, swift action, and continuous improvement in cybersecurity protocols. By adhering to the recommended mitigation steps and embracing a proactive cybersecurity approach, organisations can significantly reduce the risks associated with such vulnerabilities and foster a more resilient and secure network environment

Imagine configuring a network for hundreds of virtual machines, each requiring unique policies and settings. Cisco ACI simplifies complex network management through an integrated, policy-driven solution.

Network professionals embrace Cisco ACI for its ability to centralize automation and orchestration, optimizing data center operations with speed and precision - a true paradigm shift in network architecture.

Understanding Cisco ACI

Cisco ACI redefines the approach to data center networking with an application-centric philosophy. This foundational shift from traditional networking constructs facilitates a more dynamic and flexible data center architecture.

By abstracting the complexity inherent in managing individual network components, ACI provides a unified control plane across a fabric of interconnected nodes. This simplifies provisioning, monitoring, and management across the network, enhancing operational efficiency with a declarative model for network configurations.

With Cisco ACI, the emphasis on automation and integrated analytics becomes a cornerstone of modern data center operation, allowing for rapid scaling and adaptable infrastructure suited to evolving business needs.

Cisco ACI Fundamentals

Cisco ACI streamlines data center management, revolutionizing traditional network paradigms through centralized automation and policy-driven approaches.

With Cisco ACI, operational efficiency isn't just an aim—it's a definitive outcome, enabled by a nuanced convergence of advanced technologies.

As a fabric-based architecture, ACI enables comprehensive points of integration, ensuring seamless connectivity across devices and applications, with a consistent policy framework that spans the entire data center infrastructure.

Integrating virtual and physical environments under one policy model, Cisco ACI reduces complexity and enhances network agility, paving the way for a future-ready data center ecosystem.

Key Features and Capabilities

Cisco ACI boasts a myriad of features designed to enhance, streamline, and secure network environments.

• Unified Fabric: A single fabric encompassing physical and virtual network elements.
• Centralized Policy Management: Simplified governance across the network through a common policy framework.
• Scalability: Dynamic response to changing workloads and application requirements.
• Multi-Tenancy: Secure separation of resources between different organizations or departments within the same infrastructure.
• Automation: Streamlined operations and reduced manual intervention.
• Visibility and Monitoring: Real-time network insights and advanced telemetry.
• Security: Robust protocols for threat detection and mitigation.
• Integration Capabilities: Compatibility with a range of third-party vendors and orchestration tools.

These features result in a highly agile infrastructure capable of evolving with business demands.

Further reinforcing the infrastructure is the aim towards minimizing operational complexities, a goal that ACI achieves with its automated provisioning and policy compliance features.

ACI Deployment Models

In an ACI deployment, there are mainly two models: Standalone and Multi-Site. Standalone caters to a single data center, emphasizing unified control and simplicity. Multi-Site extends capabilities across multiple data centers, allowing for enhanced disaster recovery and operational flexibility.

The Standalone model is often favored by organizations seeking to harness the power of ACI within a singular data center environment. This ensures high availability and agile management of resources, without the complexity of distributed architectures. The Multi-Site model, conversely, orchestrates across geographical boundaries, crucial for businesses requiring robust business continuity plans.

Selecting between Standalone and Multi-Site necessitates a comprehensive evaluation of an organization's specific needs and future scalability. Each deployment model underpins ACI's centralized policy-driven approach, ensuring a cohesive network fabric regardless of architectural complexity.

Standalone Fabric Deployment

The Standalone deployment model remains a cornerstone for enterprises embarking on data center modernization with Cisco ACI. It is inherently designed to optimize the operations within a single fabric, eliminating interdependencies associated with multi-fabric setups.

Operationally, the model streamlines network provisioning and management. This simplification is akin to reducing the moving parts in a complex system.

Within a standalone fabric, Cisco ACI's policy model provides a declarative framework for automated network behavior, with application-centric policies driving the configuration. The single-fabric approach amplifies these benefits by confining their scope to an easily manageable domain.

Adopting a Standalone fabric deployment does not preclude future expansion into a Multi-Site configuration. Cisco ACI's architecture facilitates seamless growth, allowing for the eventual interconnection of additional sites without disrupting the existing operational paradigm. This ensures investment protection and adaptation to growing network demands while retaining the initial ease of management inherent in Standalone fabric scenarios.

Multi-Site Orchestration

Multi-site orchestration in Cisco ACI allows for centralized policy management across multiple ACI fabrics.

• Scalability: Effortlessly expands network capabilities without compromising performance.
• Consistency: Ensures uniform policy application across geographically dispersed data centers.
• Flexibility: Enables varied operational models and seamless policy integration.
• Segmentation: Provides inter-site connectivity while maintaining tenant isolation.
• Disaster Recovery: Enhances business continuity through stretched policies for multi-site availability.

It grants the ability to stretch networks and policies over large distances with minimal complexity.

This orchestration simplifies operational workflows, promoting an agile and resilient network architecture that can swiftly respond to diverse enterprise demands.

Navigating ACI Architecture

Understanding Cisco ACI’s architecture requires comprehending its spine-and-leaf topology, which forms the backbone of modern data centers. The Application Policy Infrastructure Controller (APIC) sits at the heart of Cisco's ACI, acting as the centralized point of automation and management for policy enforcement across the fabric, providing cohesion and consistency.

In terms of physical and virtual infrastructure, ACI's tight integration with hypervisors and virtual switches enables streamlined management of both environments via a common policy framework. This nexus of hardware and software components is designed to facilitate robust networking, security, and operational agility, underpinning the holistic ACI ecosystem.

To truly master ACI, one must grasp the nuances of "application-centric" design and "policy-driven" automation that distinguish Cisco's approach to networking, driving efficiency in the face of ever-growing complexity.

Spine-Leaf Topology Explained

The spine-leaf topology is a scalable, high-performance network framework pivotal to Cisco ACI.

1. High-Availability: The design provides multiple paths for data flow, eliminating single points of failure.
2. Low Latency: Ensures minimal hop counts between any two points, providing quicker data transfer rates.
3. Scalability: Facilitates easy expansion of the network without major infrastructure overhauls.
4. Non-blocking Architecture: Offers ample bandwidth by allowing simultaneous data transmission across the network.
5. Easy Management: Simplifies network provisioning and management through its predictable structure.

Each leaf switch connects to every spine switch, creating a mesh that allows for rapid interconnectivity.

In essence, this topology is essential for implementing Cisco ACI's advanced features, such as policy-based automation and application-aware networking.

The Role of the APIC Controller

The APIC is the command center of Cisco ACI.

Within Cisco's Application Centric Infrastructure (ACI), the Application Policy Infrastructure Controller (APIC) plays a critical role. This policy-based software controller centralizes access to all fabric information, turning complex management tasks into simple operations. It is designed to streamline network automation, simplify operational processes, and provide flexibility in network operation through an intuitive user interface.

It serves as a single source of truth for the network.

Central to network policy enforcement and automation, the APIC programmatically manages the state of the network. It interacts with the leaf and spine switches through a declarative model, pushing configurations and ensuring that the network adheres to the predefined policies. These policies encapsulate the requirements of applications, maintaining a dynamic and responsive network infrastructure.

The APIC drives the automation of network provisioning.

The role of the APIC transcends traditional device configuration by focusing on the abstracted intent of the network. It functions as a masterful orchestrator, translating application requirements into network policies and injecting them across the fabric. Additionally, its robust API enables third-party integration and the development of custom applications to extend its functionality further.

APIC ensures secure and consistent policy application across data centers.

By leveraging the APIC, network administrators can orchestrate complex environments with ease, achieving a synchronous state across multiple fabric sites. Continuous monitoring and health scores enable proactive management of network health. Significantly, the introduction of the APIC in Cisco's ACI fabric ushers in a new era of network governance, termed intent-based networking. This paradigm focuses on business outcomes and simplifies the network's alignment to those objectives, underpinning Cisco's commitment to advancing network agility.

Managing and Automating Networks

Automating networks with Cisco ACI transforms tedious manual configurations into dynamic, policy-driven processes. This automation underpins Cisco ACI's intent-based architecture, ensuring a seamless, agile network operation.

Within a Cisco ACI environment, the APIC serves as the nerve center for automation, orchestrating the provisioning and configuration of network resources. Its decluttered approach to policy enforcement simplifies the otherwise complex task of managing multi-tenant environments, providing IT professionals with an invaluable tool for operational efficiency.

By employing an advanced level of automation, Cisco ACI mitigates human errors and accelerates deployment cycles. This efficiency is a testament to programmability taking center stage in modern network management, representing a considerable leap from traditional networking paradigms.

ACI Policies and Security

In Cisco ACI, security policies are tethered to application endpoints, streamlining protection across the data center. These policies, known as contracts, define explicit permissions for communication between application components, enacting a rigorous whitelist model for traffic regulation.

Contracts leverage micro-segmentation to confine security scopes. This granularity fortifies network defense, curbing the lateral movement of threats within the infrastructure.

Additionally, contracts enforce policies without hindrance from the physical layout, offering consistent security postures across heterogeneous environments. Such flexibility distinguishes ACI from traditional network security approaches.

ACI's policy model is further bolstered by the integration of third-party security solutions. This ecosystem enables heightened security vigilance, optimizing protection through collective intelligence from multiple security players.

These security policies are complemented by comprehensive monitoring and analytics capabilities, providing unparalleled visibility into network activity. Real-time telemetry feeds into sophisticated threat detection engines, facilitating rapid response to potential breaches.

Consequently, ACI's constructs foster a security-first network architecture. Segmentation, centralized policy enforcement, and advanced monitoring converge to establish a robust, agile security paradigm within the data center.

Integration with Third-Party Tools

Cisco ACI's architecture natively supports a wide range of third-party tools, aiding in amplified functionality and integration. From security appliances to orchestration software, ACI's third-party ecosystems extend its capabilities, enabling specialized functions and advanced features.

For instance, in the realm of security, Cisco ACI integrates seamlessly with industry-leading next-generation firewalls (NGFWs) and Intrusion Prevention Systems (IPS). This fusion equips administrators with the power to infuse ACI's policy-driven fabric with state-of-the-art security services, thereby enhancing the overall protection envelope of their network infrastructures. These synergies ensure that the latest threat intelligence and advanced inspection techniques reinforce the robustness of the network fabric.

Moreover, with regard to automation and orchestration, ACI's API-centric design permits a harmonious relationship with leading DevOps tools. This juxtaposition allows for agile application deployment, streamlined configuration management, and consistent policy application across complex, multi-vendor ecosystems. Utilizing these tools can markedly reduce operational overhead, and bring about a more dynamic and responsive IT environment.

Further solidifying ACI's role in complex network environments, the integration with cloud management platforms exemplifies its multi-cloud strategy. By interfacing with solutions like VMware vRealize or OpenStack, ACI extends its policy framework into public and private cloud domains, crafting a unified fabric that seamlessly spans across on-premises data centers and cloud-based resources. Such integrations accommodate the evolving need for flexibility and scalability within enterprise networks, ensuring consistent policy governance and operational simplicity across diverse architectures.

Public Cloud Solution Service Offerings

AWS, Azure, and Google Cloud provide comprehensive suites of cloud services, each excelling in different areas:

• AWS is known for its wide range of services, especially in computing, storage and networking. With services like EC2, S3, and VPC, AWS provides powerful and scalable tools for businesses to build and scale their applications. In addition, AWS specializes in AI / ML with Amazon SageMaker, which provides a variety of tools for companies looking to add automation to their operations.
• Azure has a strong connection to the Microsoft ecosystem, making it a natural choice for companies that already utilise Microsoft products. Azure Virtual Machines, Blob Storage, and Virtual Networks provide powerful infrastructure services, while Azure Machine Learning and Cognitive Services provide powerful AI/ML capabilities, especially for industries familiar with the Microsoft environment.
• Google Cloud is best for data analytics and AI/ML. Services like BigQuery, Compute Engine and Vertex AI make it a platform for businesses that prioritize data-driven decision-making and need advanced machine learning tools. Google’s focus on open source and developer-friendly tools also makes it popular with startups and developers.

For many organisations, one of the above features will resonate with their goals and objectives. But there are other areas to consider:

Security: Ensuring Robust Protection

Security is another critical factor to consider when choosing a cloud provider, and AWS, Azure, and Google Cloud all offer extensive security features and compliance certifications.
AWS is known for its advanced security tools, including Identity and Access Management (IAM), Shield for DDoS protection, and GuardDuty for threat detection. These tools, combined with AWS’s numerous compliance certifications, such as GDPR and HIPAA, make it a reliable choice for businesses with stringent security and regulatory requirements.

On the other hand, Azure deeply integrates security within its services, particularly through Azure Active Directory and Azure Security Centre. Azure’s strong focus on enterprise security is reflected in its comprehensive compliance portfolio, which supports key regulations like GDPR and FedRAMP, making it particularly attractive to businesses operating in heavily regulated industries.

Google Cloud emphasizes encryption and a zero-trust security model, offering robust features such as IAM and the Security Command Centre. This approach to security is especially appealing to organisations that prioritise data privacy and need to adhere to regulations like GDPR in the UK and Europe and CCPA in the US. Google Cloud’s emphasis on security and privacy makes it a strong contender for businesses focused on maintaining strict data protection standards.

To this degree, all three offer excellent security – though an organisation already routed in Microsoft security measures may lean into Azure.

Key Differentiators Between Public Cloud Solutions

As a final step of evaluating AWS, Azure, and Google Cloud for your business’s needs, it is important to consider how they differ.
AWS boasts a broad range of services and a large global network of data centres, making it a good option for flexible and scalable solutions. However, navigating its extensive ecosystem can be complex, requiring a steeper learning curve.

Azure’s strength rests on its seamless integration with Microsoft products, making it ideal for enterprises already using Microsoft tools Azure also excels at hybrid cloud capabilities, allowing businesses to manage and move workloads between on-premises and cloud environments easily.

Google Cloud, finally, has a strong emphasis on data analytics, AI/ML, and open-source technologies, making it an excellent choice for companies prioritizing data-driven decision-making and cutting-edge technology. Its developer-centric approach and competitive pricing are particularly attractive for startups and innovative businesses.
Again, a point in the above is likely to resonate with an organisation.

Choosing the Right Public Cloud Solution: What’s Right For Your Organisation?

The choice between AWS, Azure, and Google Cloud, therefore, depends largely on your organisation’s needs as well as your existing IT infrastructure.

Broadly speaking, AWS offers unmatched service variety and global reach, Azure works best in hybrid cloud and enterprise integration, while Google Cloud leads in data analytics and AI/ML.
Assessing these factors carefully will help you select the cloud provider that best aligns with your strategic goals.

As an expert in cloud solutions, Akita supports can help organisations get the most from any of these platforms. Our consultants can advise on selecting the right public cloud solution for your organisation’s requirements, and then assist with implementation and ongoing management.

To discuss a public cloud solution with our experts, please get in touch!

The Edge of Innovation

Industries such as manufacturing, healthcare, and logistics, where dependable, low-latency, and high-capacity communication is crucial, stand to gain immensely. These sectors can look forward to more reliable machine-to-machine communication, reshaping how they interact with products and services.

Driving Adoption

Adoption hinges on improving customer experiences—a lesson learned from the smartphone revolution catalysed by email. Recognising 5G as a catalyst for enhancing customer interaction is vital for businesses aiming to stay ahead in the competitive landscape. Rather than focusing on the technology, companies should prioritise the impact on end-users.

Overcoming Barriers

Despite the excitement, the path to widespread adoption of private 5G networks still faces challenges. Addressing these will require a concerted effort involving technology providers, policymakers, and industry stakeholders.

Key hurdles include:

• Limited Vendor Ecosystem: Transitioning to private 5G networks presents challenges for traditional service providers accustomed to centralised control
• Compatibility Issues: 5G’s compatibility with legacy devices and the need for infrastructure upgrades is a cause for concern
• Regulatory Complexities: Complex regulations can delay the rollout of private 5G networks
• Security Concerns: Increased connectivity heightens security risks, requiring stronger security measures

Collaborative Strategies

The journey towards the widespread adoption of private 5G networks requires a careful balance of innovation and tradition. Given the varying requirements across sectors, tailoring strategies to specific use cases is crucial. However, striking the right balance will create a secure, seamlessly integrated ecosystem that supports new and established communication infrastructures.

Embracing a Symbiotic Future with NSC

The transition towards private 5G networks represents a strategic shift towards a more dynamic, responsive communication infrastructure.

Viewing this evolution not as a threat but as an opportunity for integration will allow for a harmonious ecosystem that leverages the strengths of both emerging and established players.

Ultimately, the successful deployment of private 5G networks hinges on overcoming barriers through innovation, collaboration, and a keen focus on customer experience. This approach will ensure that businesses and users alike can harness 5G’s full potential, paving the way for a new era of connectivity.

‍

The Rise of New Technologies

From the realms of artificial intelligence to the interconnectivity promised by the Internet of Things (IoT), emerging technologies are reshaping our world in unprecedented ways. Take, for instance, the development of blockchain technology. Initially conceived for digital currencies, its potential for secure, transparent transactions is now being used in diverse sectors like supply chain management and voting systems. These technologies are not just tools; they are gateways to possibilities previously unimagined.

The Risk of Technology-First Strategies

Sometimes, companies get caught up in the excitement of new technology, much like purchasing advanced power tools but forgetting essential working parts of a house. This approach can lead to impressive but ultimately unliveable structures. Starting with an exciting new technology instead of focusing on user needs can make these investments pointless.

Creating Value with Technology

The key to successfully adopting new technologies is to see their value from a user’s perspective. What advantages do they offer? How do they improve customer service? By envisioning the future through the eyes of the user, companies can develop a plan to make that vision a reality. This user-centric strategy ensures technology acts as a bridge to the future, rather than just being a shiny new toy or another gadget with limited benefit.

‍

What is Applied Observability?

Applied observability goes beyond just the basics of mobility. It draws from various fields, like Agile software development, to better connect with and understand customers. It’s not just about new technology; it builds on established methods like LEAN to meet today’s IT and mobility challenges and has real-time evolution based on continuous observability at its core.

Why LEAN Matters

Originating from manufacturing process improvement, the LEAN methodology has evolved into an essential component of IT and continuous improvement. It aims to cut out unnecessary steps and focus on what customers really need, which requires a significant mental shift in management structure and operations.

A Real World Example

Think of it like a bus service: the traditional approach would look at sticking to the schedule, but LEAN and applied observability focus on what passengers actually need. This approach could lead to more efficient and customer-centric solutions, like providing a taxi service instead of multiple buses, thereby enhancing customer experience and reducing waste.

Future Implications in the Mobility Society

As we move towards a future dominated by real-time, product-based services, industries will increasingly rely on platforms that can observe and analyse data in real-time. This shift is not just about adopting new technologies but about a fundamental change in perspective—observing and adapting to real customer needs in the context of the Mobility Society.

Embracing Change with NSC

Organisations need to adopt applied observability to thrive in this evolving environment, where data leads the way to innovation and customer-focused changes. It’s crucial for staying relevant and proactive.

‍