Today’s enterprise is a highly dynamic, and hyper connected environment where IT plays a critical role in connecting the users, devices, resources and corporate IT systems. Today’s employees are also highly mobile in nature and do not necessarily have a single workspace assignment. The IT departments are constantly being challenged by the organization’s Line of Business owners to keep up with the pace of rolling out new services to address market needs, while keeping up with user expectations.
At the same time, IT departments also are responsible for ensuring business continuity and an uninterrupted service. However, the toughest challenge that any IT organization faces is implementing a security architecture which not only satisfies the compliance and industry regulatory requirements, but also provides a sufficient amount of protection against unauthorized access, data breaches, etc.
The traditional way to implement a security architecture in this kind of an environment is by implementing security rules in Firewall for traffic traversing the network’s extranet/intranet or data-center perimeters. For implementing security policies within an organizations network, Identity-Based Networking using IEEE 802.1X is generally used. Read More »
Tags: 802.1x, Borderless Networks, Cisco Identity Service Engine (ISE), Cisco Security, Cisco Switches, Cisco TrustSec, Cisco Unified Access, Network Access Control, secure access, secure BYOD, Security Group Access, Security Group tags, SGT
This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and the Caribbean came to discover innovative ways that networking technologies can help them reach new markets and understand which solutions are right for their specific challenges.
Security was a hot topic this year!
Customers were able to connect with numerous experts for guidance and advice on security IT challenges that their company may be facing. Maintaining an appropriate security posture in “Bring Your Own Device” (BOYD) environments can be a challenge. This year I delivered a presentation about BYOD Security and Cisco’s TrustSec in an 8 ½ hour session titled “Bring Your Own Device – Architectures, Design and Operation” (TECRST-2020). Implementing BYOD requires a comprehensive solution that ensures the security and reliability of the network while enhancing user experience and productivity. The exponential growth of consumer devices and the need to maintain continuous connectivity to corporate and Internet resources has brought new challenges to corporate networks. Network managers struggle to provide adequate connectivity to employees while protecting corporate data. This session focused on the architecture and framework required to deploy the proper network infrastructure, security components and device management to support different endpoints, each with unique permissions into the network. A combination of lectures and live demos provided the information needed for customers to build an effective BYOD solution. The latest Cisco Validated Design guide (CVD) 2.5 for BYOD was covered highlighting different BYOD use cases, including TrustSec, converged access and the integration with Mobile Device Managers (MDM) to receive device posture information. Read More »
Tags: ACI, anyconnect, application centric infrastructure, cisco live cancun, Cisco Security, cisco sio, Security Group tags, SGT, TrustSec, vpn
In my previous Blogs I have talked about Megatrends including BYOD, the Next-Generation Workspace, Video and the Internet of Things. One unfortunate reality all of these trends have in common is that they are going to put additional stress on your current Network and Security Infrastructure and Operational Process.
TrustSec uniquely offers the welcome opportunity to improve and extend Security Policy Control and the same time make it easier to Operate and Maintain. This post concludes the mini-series on TrustSec. Previous Blogs have looked at TrustSec in the DC and applied to VDI. Here I have asked Dave Berry Cisco TSA to take a step back and look at the bigger picture from Network Access to the DC. Read More »
Tags: Cisco, Megatrends, network access, policy control, routers, SGT, TrustSec, vpn
In this blog, let us take a look at how Catalyst access switches enable and enforce context aware access to IT resources.
Many types of devices, including laptops, smartphones, and tablets, are used by end users to connect to the network wired, wirelessly, and remotely through VPN. With bring your own device (BYOD) access, the devices can be personal or corporate owned. Every enterprise has policies that dictate who can access what applications and databases, when and how. Traditionally, IT manages the policy either by introducing appliances at points in the campus where users connect or by manually configuring all the access switches. Appliances incur additional capital and operational expenses, whereas manual configuration of the switches requires maintenance of every switch. Moreover, the network can carry traffic using Ethernet, IPv4, IPv6, or other technologies, so the configuration must keep up with changes in technology, which leads to higher operational complexity and costs.
Read More »
Tags: 3560-X, 3750-X, 4500E, Cat 6500, catalyst, context-aware, secure access, Security Group tags, SGT
We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year. As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.
Check out: Fundamentals of High End Firewalls, Fundamentals of Intrusion Prevention and (TechWiseTV 115) Firewall Reinvention with the ASA-CX
So topically, Security in the Data Center is an easy hit of course. It almost sounds like an Oxymoron as many are convinced it is some kind of insurmountable obstacle. Nothing could be further from the truth. It seems to top many lists. [Watch 'Defending the Data Center' Right Now.]
As Cisco broadens the tool set with new models and deployment options, we broke this one down along party lines:
Read More »
Tags: ASA, ASA 1000V, cloud, firewall, IPS, security, SGT, TrustSec, virtual