Allowing personal devices on the corporate network can make any IT professional cringe. Security is naturally a top concern – and the topic of today’s blog.
One dimension of security is about enabling network access. To do that properly, you would need to design and enforce a mobile device access policy, which may include attributes such as: what the device is, who the user is, where and when access is requested, and the health (posture) of the device. Another dimension of security is about maintaining overall device integrity regardless of the network (corporate or otherwise) it connects to.
In this video we only address the first. Cisco’s solution is based on a newly launched product, the Cisco Identity Services Engine (ISE). Watch the video to learn:
What is the Cisco ISE?
Can I treat corporate devices differently from personal ones?
What about guests in the organization, do I need a separate system?
Hope you found last week’s inaugural blog on the “Tablet Welcomed.” series interesting enough to come back.
Today, I am sitting down for an interview with Brett Belding, who was instrumental in designing a mobile device access policy for Cisco, in his role as the Senior Manager of IT.
I met Brett over Cisco Telepresence one early morning (when I typically I am still asleep, let alone in the office) to accommodate his Eastern time zone schedule. For the videophile readers, I should say that I pointed my camera directly to the Telepresence screen, which is why you may notice my reflection at certain points. However, this amateur video alone could be a case study for the quality of Cisco Telepresence.
Eighteen months ago, when the original Apple iPad was announced, I posted a blog here posing a simple question: “Apple iPad, in the enterprise?” The obvious answer, to me at least, was a resounding “Yes”. Today, it seems that professionals and employers alike would agree. The former like to bring and operate their own devices at work, and the latter are buying these devices to boost employee productivity.
In this six-part blog series titled “Tablets Welcomed.” I will be posting short video clips (3 questions in 3 minutes) of interviews with Cisco leaders, that walk you through the Cisco solution for providing access to any device, securely, reliably, and seamlessly.
Today, I am talking to Tom Wilburn, Vice President of Sales for Cisco Wireless, who has experienced this market transition firsthand. Watch Tom here as he answers:
- How has the influx of new mobile devices changed IT?
- What are the consequences companies need to confront?
- What are some compelling tablet use cases?
Inclusion in some government lists may not be such a good thing… for example, the government “no fly list” could be a bummer as you board your flight on your next family vacation. Yet, other government lists can make or break you when it comes to doing business with the Federal Government. Last week, the award winning Cisco CleanAir technology was placed on the all important DoD Unified Capabilities APPROVED PRODUCT LIST (DoD UC/APL). The DoD APL happens to be the official product list that DoD agencies are required to work from when making new acquisitions for network equipment such as routers, switches, WLAN, voice, video etc. With the latest Cisco DoD APL certification, the Cisco CleanAir 3500 Series Access Point becomes the first DoD approved product that supports “built-in” system level spectrum intelligence in support of mission critical wireless networks.
In some ways, the DoD APL is like an exclusive club for a select group of IT vendors –either you are a club member or you stand outside the gate. The process to get products listed on the APL is no cakewalk. First, even before products can be considered for the APL process, the products must meet a series of stringent DoD requirements and certifications such as DISA STIGS, FIPS & Common Criteria. Next, a DoD sponsor must agree to represent the vendor’s products throughout the APL certification process. The actual certification process itself involves several months of rigorous interoperability and Information Assurance compliance testing.
As organizations look to improve operations through centralized control, they often need to take into account what would happen if an area of the network fails. In many cases, having a centralized controller-based wireless architecture in organizations with multiple branch offices has prompted the question, “What happens if the WAN is slow, or even worse, goes down?”
Many organizations have been reluctant to implement a centralized wireless controller located in the data center or private cloud due to this concern. Without centralized control, these organizations have two deployment strategies available to them:
Implement wireless controllers at each branch site. This approach is perfectly fine for an organization with many Access Points per branch, or those that require high throughput for applications such as Video. However, many branches only require a few Access Points per location or require simple applications such as bar-code scanning and printing. For these organizations, local controllers become less cost effective, with the capital expense becoming prohibitive.
Implement access points running in autonomous mode. This approach eliminates the benefits of having any kind of centralized control such as the ability to centrally configure wireless policy and security setting on access points, WIPS capabilities and advanced mobility services like CleanAir, leaving the branch vulnerable and opening the corporate network to attacks.