Cisco Blogs


Cisco Blog > Security

The Expanding Burden of Security

July 8, 2014 at 6:00 am PST

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.

KT_sandman

In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,

Cisco Meraki, Now with ISE!

We’ve been hearing from some of our customers that they are interested in using Cisco Meraki in their branches alongside their Cisco infrastructure in their main offices, but were worried about having to deal with too many segregated policy management systems.

Good news: Interoperability between Cisco Meraki and ISE is here. Administrators can now define a single user access policy across on-premise and cloud-managed networks.With this interoperability, Cisco infrastructure customers can now deploy Cisco Meraki in their branches in the same network as other Cisco equipment, with all devices across the network managed under ISE for unified access policy management.

Read more about the Cisco Meraki and ISE interoperability in the blog post: Got ISE?

To get a free Meraki wireless access point and learn more about the solution, join one of our online webinars. See the  complete schedule and choose from a range of webinars featuring Meraki customers, product and solution overviews, and topics like BYOD.

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Get Your Mobile Workspace Solution now – from Cisco and Citrix

Mobility and Strategy InitiativesHaving an enterprise-wide mobility strategy provides a competitive advantage as a recent IT survey from Cisco concluded.  Working with many customers over the last couple of years we have come to recognize that mobility is a multi-stage journey that every organization is taking at its own pace. While some of you might think of this journey as just getting your employees’ devices onto your network, there is significantly more to the journey – device-focused leads to application-focused, which then leads to experiences-focused.

Being a dad to my 5-month old son, I can relate our customers’ mobility journey to the 3 stages a child goes through in his first year as they learn to be mobile – roll, crawl, and walk!

Babies start off without the ability to move from one spot to the next– think of this as your enterprise 10 years ago before the popularization of smartphones.  Then babies learn to roll.  Suddenly, the world opens up to them.  This is the first stage of the mobility journey – similar to a device focused BYOD strategy.  The focus here is to provide a secure onboarding experience for your users while having the right policies in place to enable context-aware secure access control. The Cisco Unified Access solution – with ISE for policy, Prime Infrastructure for management, and converged wired and wireless network – provides the foundation for enable this BYOD solution.  However, would you really want to stop at the rolling stage of development?

The next step for kids is learning to crawl. This is often the most exciting stage as kids can now move with intent. Crawling provides true mobility to the kid as he can explore the fascinating world around him and get access to all his toys. This is the application-focused strategy in your mobility journey. Now that you have enabled secure access for your workforce, you can decide on the right set of applications to enable your workforce to be productive – on the go. This is where Cisco has been working with our ecosystem partners to provide a complete mobile workspace solution.

One of these ecosystem partners is Citrix and in this blog, I’d like to highlight a first-of-its-kind solution for employee mobility, that Cisco & Citrix have developed in close collaboration.

This new Cisco Mobile Workspace Solution with Citrixbuilt on the Citrix Workspace Suiteprovides the complete hardware and software technology stack for delivering all the applications, content, and tools workers need on any device. This new Workspace Solution is excellent for companies moving into the second stage of their mobility journey – where their focus is on providing all the applications, content and services their employees need on their devices.

This solution can help your employees, partners, and consultants work and collaborate on their mobile and desk devices, from pretty much anywhere. Read More »

Tags: , , ,

Cisco IT’s Identity Services Engine Deployment: Cluster and Server Sizing

When sizing clusters for devices in our Identity Services Engine (ISE) deployment, Cisco IT uses a “3+1” formula: For every person we assume three devices (laptop, smartphone, and a tablet) plus one device in the background (security camera, printer, network access device, etc.). In a company the size of Cisco, with roughly 80,000 employees, the math is simple: Read More »

Tags: , , , , , ,

Cisco IT’s Identity Services Engine Deployment: First Capabilities to Roll Out

Cisco IT is deploying Identity Services Engine (ISE) globally. ISE is a security policy management and control platform that automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. We’re running ISE 1.2 Patch 3 globally and evaluating Patch 5 for its guest networking enhancements. Over the next few months, I’d like to share some of our best practices and lessons learned as we continue our ISE deployment. Much of the background and deployment work before my blog can be found in this published article. Read More »

Tags: , , , , , , ,