This is our third preview of what Cisco will be showcasing at the 102nd National Retail Federation Convention and Expo on January 14 and 15, 2013 in New York City. We’ll be showcasing Cisco Bring-Your-Own-Device (BYOD) Smart Solution and see the technology that enables you to support mobile access that’s both easy and secure. Come learn how you can improve employee productivity and customer service with a highly secure BYOD environment. Please watch this video about the BYOD demonstration and then mark your calendar to join us at Cisco Booth #252 at NRF 2013. I look forward to seeing you there!
- 100% IT is struggling to keep up with mobility trends
- Mobile threats have doubled from 2010 to 2011
- Around four in ten American users are likely to click on an unsafe link
And with all of these changing dynamics, user expectations continue to rise while the risk of security vulnerabilities rises. Yet, one of the expectations is a demand for safe access to essential business productivity and collaboration applications from anywhere, on any device (personal or organization acquisition), along with a consistent experience across multiple device types. This is the new workspace.
So, how do recent data center security enhancements play an important role in an ever more mobile and Bring-Your-Own-Device (BYOD) reality? The reality of the ever-increasing proliferation of devices for each user gives rise to a need for increased scalability and security in the data center even more evident. Users who bring their own device expect a good experience accessing the applications that reside in the data center. IT wants to ensure that applications delivered from the data center or internally are appropriately accessed and protected from any malicious actions. Securing a mobile and BYOD environment does not simply start at the endpoint; it must take an architectural approach from endpoint traffic traversing through the network to the data center. Cisco takes a comprehensive approach to securing applications, content, and devices delivered to any workspace, in any location, based on type and posture, location and time, and user’s role—ensuring an uncompromised user experience and giving your employees the freedom to be highly productive.
In this last part of this series I will discuss the top customer priority of visibility. Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.
But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control. To learn more go to part 2 here.
As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities. This will maintain compliance, overall security and ease business operations.
By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center. Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture. These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.
Tags: ASA-CX, Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, Identity Services Engine, intrusion prevention, IPS, ISE, it security, netflow, network security, pci-dss, policy, security, server, threat defense, TrustSec, virtual, virtualization, VMDC
Hear how financial innovator Diebold gains visibility and control of the 87,000 devices on their network. David Kennedy, former Chief Security Officer at Diebold recognizes there is no stopping new mobile devices and sets course to secure the organization while ensuring the business may continue to generate revenue. Workers want to work their way securely and prefer that the security is transparent so that they have the optimal experience. He speaks to the unique granularity that the Cisco Identity Services Engine (ISE) offers to segment access by user, device, access method, posture, and time. So that engineers may have access to their codebase while marketing professionals like me have no access from my new iPad:
As anyone who attended Cisco’s recent “BYOD without Compromise” Webinar noticed, the BYOD phenomenon is changing company priorities, and is bringing up a lot of questions about the solutions available to scale, secure and operate a successful network. Replay the Webinar
Join us for our upcoming #ciscowifi TweetChat during which you’ll be able to engage in a real time BYOD discussion on Twitter with Cisco Technical Experts. What is a TweetChat?
April 17, 10-11am PST: TweetChat Topic: BYOD and Cisco ISE – use #ciscowifi.
First, I’ve put together just a few details based on the most popular questions posed during the recent webinar about Cisco’s approach to BYOD. And at the end of this post, I’ve also listed upcoming events for even more in depth technical discussions on a variety of BYOD topics.
Enhanced Identity Services Engine (ISE):
Cisco ISE is a context-aware, identity-based platform that gathers real-time information from the network, users, and devices. This enables IT to offer mobile business freedom with policy for when, where and how users may access the network..
ISE integrates with Prime Network Control System and supports BYOD with any 11n Wireless Access Point (even if you’re running your network in FlexConnect -- aka HREAP- mode)
In addition to managing on-boarding, Cisco ISE has full guest lifecycle management. It also allows IT to deny access to devices for a variety of reasons; such as who you are, what device it is, if you are running the latest OS or anti-malware or how you are accessing the network..
Posture -- Posture is the component of ISE platform responsible for enforcement of corporate security policies governing access to its enterprise network. For example, for non-corp owned devices, you can decide what is the minimal requirements based on the device type/OS etc. Setting this up ahead of time will avoid security issues with non-supported devices
ISE also provides real-time endpoint scans based on policy to gain more relevant insight. These automated features result in a better user experience and more secure devices. Cisco ISE uniquely leverages the network. It is essentially the brains for secure access and provides the policy to the network infrastructure (it is woven into the switches, routers, etc.)
New Prime Infrastructure:
Prime is a single package that provides complete infrastructure – wired and wireless, and mobility lifecycle management– configuration, monitoring, troubleshooting, remediation, and reporting. This solution includes: Prime Network Control System (NCS) for converged wired/wireless monitoring and troubleshooting, plus wireless lifecycle management, with new branch network management functionality; and Prime LAN Management Solution, for wired lifecycle management and Borderless Network services management.
Mobile Device Management (MDM):
To protect data on mobile devices and ensure compliance, Cisco is integrating with multiple Mobile Device Management vendors. This gives IT greater visibility into the endpoint as well control over endpoint access based on the compliance of these devices to company policy (such as requiring pin lock or disallowing jailbroken devices), and the ability to do remote data wipes on lost or stolen mobile devices. If you don’t have a supported vendor, we will not be able to get as rich detail about the status of that device, however, you still get the full wired/wireless policy.
Current MDM third party vendors: Zenprise, Good, Airwatch, MobileIron
Device Operating Systems:
Wondering about which OS is preferred on your mobile device?
Cisco offers broad mobile device OS support in Cisco AnyConnect VPN software, including IOS, Android, and Windows Mobile.
When it comes to virtualization, Cisco has created the Cisco Virtualization Experience Infrastructure (VXI), an end-to-end systems approach that delivers the next generation virtual workspace by unifying virtual desktops, voice, and video. Check out the link for more information on VXI, VXI with Citrix, VXI with VMware, Virtualization Services and validated Design Guides http://www.cisco.com/web/solutions/trends/virtualization/index.html
This is just a drop in the bucket. To get even more information on taking your organization beyond BYOD, don’t miss our upcoming technical deep dive webinars and in person events that speak directly to managing your growing network while you’re doing your best with limited resources. You can also check out Cisco’s BYOD solution, Prime and ISE:
- BYOD: www.cisco.com/go/byod.
- Cisco ISE: www.cisco.com/go/ise
- Cisco Prime: www.cisco.com/go/prime
- FAQ: BYOD Security: Secure BYOD QA
- Cisco BYOD Solution Days:
- April 12, Mobility Tech Deep Dive: Enhancing your network with Cisco Mobility Innovations
- April 25, Addressing BYOD Management Challenges with Cisco Prime.
- April 26, Prepare for High Density (as BYOD begins to crowd your network)
- May 17, Understand IPv6 for Mobility (Can your network support IPv6 for the deluge of new devices?)