Allowing personal devices on the corporate network can make any IT professional cringe. Security is naturally a top concern – and the topic of today’s blog.
One dimension of security is about enabling network access. To do that properly, you would need to design and enforce a mobile device access policy, which may include attributes such as: what the device is, who the user is, where and when access is requested, and the health (posture) of the device. Another dimension of security is about maintaining overall device integrity regardless of the network (corporate or otherwise) it connects to.
In this video we only address the first. Cisco’s solution is based on a newly launched product, the Cisco Identity Services Engine (ISE). Watch the video to learn:
What is the Cisco ISE?
Can I treat corporate devices differently from personal ones?
What about guests in the organization, do I need a separate system?
It’s been a busy couple of weeks around here and we’ve got a fresh batch of newsfor partners!
In this week’s Partner Update newscast, Andrew finds out that even though an actual cloud can’t stream his music, Cisco’s new Cloud Partner Program offers everything partners need to capitalize on the growth of cloud, which is expected to reach $172 billion by the year 2014.
We also get to hear Andrew’s top video tips, find out why his suit needs to go to the dry cleaners, learn about networking myths, find out how one customer deployed VXI and virtual desktops, and we answer your technical questions.
Watch this week’s Partner Update newscast.
Keep reading for a transcript of what we covered, links to what we shared, and additional information. Read More »
This post is the first in a new series we’ll be featuring called Your Questions: Answered. In this series, we track down the answers to partners’ toughest technical questions. You can submit your questions here, post on the Cisco Channels Facebook page, or drop us a note on Twitter.
When Cisco recently introduced the Identity Services Engine (ISE), you likely started fielding questions, with many customers concerned about whether Cisco Network Admission Control (NAC) and Cisco Access Control System (ACS) will cease to be supported or become end-of-life. (Kind of like how I felt when the iPhone 4 came out and I was stuck with the iPhone 3G).
To help you address customer questions, I went out looking for answers on what’s up with ISE, NAC, and ACS. First up, a little about ISE: It has similar functionality to NAC and ACS, combining the functionality of those two existing products onto a new platform. Your customers can gather information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network, create and enforce consistent policy from the head office to the branch office, and combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management with this single product. And that’s just the beginning--I’ll share details on how to find out more about ISE later in this blog.
Back to the issue at hand — I chatted with Brian Sak, Cisco’s Consulting Systems Engineer and expert on Borderless Networks Security products. He filled me in on the most frequently asked questions that he’s been getting from partners around ISE.
Are NAC and ACS being replaced by ISE?
No, both NAC and ACS have ongoing roadmaps, developments, and new releases planned. If ISE does not meet your customer’s current needs, your customers can still use NAC or ACS. Cisco will not stop innovations on NAC and ACS anytime in the near future.
Should I encourage my NAC and ACS customers to migrate to ISE now?
The answer varies based on your customers and their requirements. Check out this handy chart in the Partner Community Discussion Forum (log in required) to help you determine if ISE is the right fit, right now for your customers.
Mark Twain once wrote, “Everybody complains about the weather, but nobody ever does anything about it.” Security policy is a lot like that. Creating a security policy is at the top of the list for anyone looking to really secure their network. But the devil is in the details.
Among the things a security policy needs to cover are:
All physical and virtual devices
All access methods
All resource classifications and locations
All compliance requirements
All of the OSI layers, from the physical layer up the stack to the application layer
AND the policy needs to be applied uniformly across the entire distributed enterprise