Cisco Blogs


Cisco Blog > Security

The Expanding Burden of Security

July 8, 2014 at 6:00 am PST

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.

KT_sandman

In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,

Dimension Data Series #4- The Opportunities and Risk of Secure Mobility from the Top Down

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address the opportunities and risk of secure mobility from the top down. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security can be found here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies can be found here. The third blog in this series discussing how to close the gap between vision and real-world implementation can be found here.

Throughout this blog series, we’ve discussed several key aspects of implementing secure mobility policies and programs to ensure organizations can reap the benefits of mobility now and in the future. It’s clear that mobility is a top priority for IT and business leaders and most have a clear vision of the role mobility can and will play in their organization. Overall, they see both the risks and the rewards.

That said, responses gathered in the recent Dimension Data Secure Mobility Global Survey point to a gap between that overall vision and the likely real-world outcomes organizations will face – given that a number of crucial initial steps can ultimately save time, reduce costs, and, most importantly, ensure appropriate security controls are in place.

In this post, I’ll highlight the real opportunities and risk regarding mobility and security – and how business leaders can address the disparity between vision and actual deployment now and for years to come.

Understanding the Opportunity and the Real Risk

The threat to an organization’s proprietary information is certainly foremost in the minds of IT and security leaders. Interestingly, 71% of respondents of the recent Dimension Data survey indicated that their business leaders view employee utilization of personal mobile devices as potentially dangerous, costly and not business critical.

IT concerns about secure enterprise mobility risk are many. These include the introduction of malware into the environment from largely unmanaged devices or devices that organizations have little to no control over and the data leakage challenges by allowing users to have various parts of data outside of the network. In addition, many IT leaders ask:

  • “How are we actually going to deploy mobility security?”
  • “How are we going to support the users?”
  • “Will our IT help desk be able to meet the around-the-clock requests that today’s users demand?”

Read More »

Tags: , , ,

Dimension Data Series #3: Closing the Gap Between the Secure Mobility Vision and Real-World Implementation

Mobile security is a top concern for IT and business leaders. This blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies and mobility goals. This blog will address closing the gap between secure mobility vision and real-world implementation. The first blog in this series discussing how concerns outweigh actions when it comes to mobility security is here. The second blog in this series highlighting how IT and business leaders can work together to develop secure mobility policies is here.

There is a gap between the vision for secure mobility and the real-world implementation.

How do we know a gap exists? A recent Dimension Data Secure Mobility Survey report indicates 79% of IT leaders believe mobility is a top priority and 69% of those surveyed already have a mobility roadmap in place. The vision looks good, right? However, only 29% of those implementing their roadmap have tested their core applications, and only 32% have conducted a security audit of the applications.

Today, IT is faced with the challenge of providing any user from any location on any device access to any of the corporate applications, all while keeping assets and users secure. These perimeters add up to a complex equation and it’s contributing to this gap in IT leaders’ approach to vision and action for mobility deployments. How can IT and business leaders work to address this disparity?

Listed below are a few steps that should be considered to help turn the secure mobility vision into a reality. Taking a careful assessment of what mobility can offer and applying these steps can make the difference between a successful implementation and being derailed by unforeseen problems.

Read More »

Tags: , , , , ,

Mobile Security: Actions Speak Louder than Words

Mobile security is a top concern for IT and business leaders. This guest authored blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies to achieve mobility goals. We are pleased to introduce our guest author Darryl Wilson, Director, Enterprise Mobility for Dimension Data Americas, as the first in this series – Darryl will address how a balanced approach to security can yield better business results. 

didata

 

 

dwilson

By Guest Contributor Darryl Wilson

Director, Enterprise Mobility for Dimension Data Americas

Darryl Wilson has more than 15 years of experience overseeing large scale network communications projects both from a technical delivery and pre-sales perspective. Wilson’s areas of expertise include unified communications, network performance, troubleshooting and optimization.

 

The evolution to a mobile-centric workforce has been relatively short, thanks to an explosion of innovation and emerging mobile and cloud technologies. Just a few years ago, BYOD was a hot topic of conversation and mobile device management (MDM) solutions offered a simple way to secure an influx of devices and users.

However, today we are seeing that the tactical implementation of MDM solutions is not enough to control a multi-device, multi-vendor, and multi-OS mobility landscape. In fact, most of the companies I work with are using solutions that have not been optimized or customized for today’s ever-changing mobile world. In addition, security concerns have left many organizations feeling like they need to choose between control and truly reaping the business value mobility offers.

Cisco_DimensionData#1_4.9.14

For example, in a recent Dimension Data Secure Mobility Survey Report, 79% say mobility is a top priority for their organization. However, the report indicates that a much smaller segment of those IT leaders’ actions back it up. Seventy-seven percent of those surveyed believe data is the greatest concern pertaining to mobility, yet only 55% have a mobility roadmap in place. If securing company data and successfully implementing a mobile policy is of such importance, why aren’t more IT leaders taking strategic action?

Read More »

Tags: , , , , , ,

Summary: Navigating Security Threats in a Mobile World

Security plays an important role in the success of mobility implementations worldwide. We assume security threats are always present, however it’s not always apparent where threats may arise from. Being aware of these potential risk areas is crucial.

Business decision-makers must gain insight into where these breaches are occurring. They should also understand why it is important for them to care, and how they can be aided by technical decision-makers to solve these issues moving forward.

Here’s a brief look into the where, the why and the how of embracing a secure approach to enterprise mobility and what it means for business leaders.

Cisco_NavigatingSecurityMobileWorld

Where are security threats? Today’s organizations are facing a greater attack surface as advanced mobile devices and public cloud services foster new attack models and increasing complexity within networks. To cover the entire attack continuum, organizations need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on traditional endpoints, on mobile devices, and in virtual environments.

How can threats be thwarted? The best approach is a proactive one, rather than a reactive one, especially when many organizations may not know when they are under attack. Business leaders must work with IT teams to institute a formal program for managing mobile devices and to ensure that any device is secure before it can access the network.

Why does a balanced approach to mobile security matter? In a recent blog post, I discussed the need for organizations to deploy a balanced approach to mobile security. This approach should focus more on protecting the network and proprietary data and less on implementing overly broad restrictions. IT needs to approach security with a user experience mentality. After all, if you overly manage devices, your adoption will be low and so will your return on investment (ROI). This approach can lead to greater opportunities to align threat intelligence and security best practices.

To learn more about this balanced approach to mobile security, read the full blog: Navigating Security Threats in a Mobile World.

Tags: , , , , , , , , , , , , ,