Avatar

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, as illustrated in a few case examples.

As the Dutch philosopher Erasmus once said, “prevention is better than cure.” Most organizations’ security approaches have focused primarily on erecting defensive systems to prevent attackers from compromising information and systems through exploiting security weaknesses associated with technology, process, or people in the organization.

Continue reading “Getting More Responsive Security by Learning From Disaster Responses”



Authors

Meng-Chow Kang, PhD, CISSP, CISA

Director and CISO

APJC region, Cisco Systems, Inc

Avatar

This blog was originally published on the Citizen Schools inspirED blog and reposted with permission from Citizen Schools.

Meeting every student’s academic needs in the classroom can be challenging but is essential to their success. Many of the public middle schools Citizen Schools partners with are reaching students who are academically all over the map, with many falling below grade level.

In order to provide customized support to the highest-need students, we began “blended learning” pilots this year focused on core math instruction. Blended learning, which pairs computer-aided instruction with face-to-face classroom methods, enables Citizen Schools’ staff in four pilot programs across the country to offer more personalized and more efficient academic support during the expanded learning day.

st-math-photo-3-300x300Partnered with Cisco Foundation and MIND Research Institute, the blending learning math program utilizes Spatial-Temporal (ST) Math instructional software to focus on improving students’ math skills, with the aim of increasing student proficiency for long-term success.

Launched this September, over 350 students are utilizing the ST Math instructional software at four schools across the country. And after 3 months of implementing the pilots, the initial feedback and support from our school partners is positive.

Continue reading “Blending Learning Pilots Take Off with Citizen Schools and MIND Research Institute”



Authors

Alexis Raymond

Senior Manager

Chief Sustainability Office

Avatar

Cisco partner Provista IP Communications* provided a solution to Canadian Natural Resources that delivered a flexible off-shore wireless network supplying data mobility whilst remaining secure and manageable.

When you search for case studies in Oil and Gas there are lots that cover the carpeted areas of organizations – office areas mainly, but fewer that actually reach outside to places like manufacturing or refinery areas, or even oil rigs. That’s why I was pleasantly surprised to read the case study from Provista. Provista are a Cisco partner based near Glasgow with a presence in North-East Scotland and the Midlands in England.

You’ll hopefully remember my blog: Ferguson Group Ltd keeps an Eye on Operations with Cisco Physical Security, in which I talked about the coming of a new ‘space-age’ equivalent for Scotland. In that blog we looked at physical security and video in particular. With this Canadian Natural Resources (CNR) case study we can see how the Cisco technologies go further out to inhospitable environments and help keep workers away from danger, and more productive if they have to be off-shore.

Read the case study and you’ll see the provision of Cisco wireless technologies helped enable CNR overcome some business challenges:

1.  “The cost of resourcing engineering consultancy and deployment time was significantly higher due to travel restrictions.”

2.  “It would be difficult to ensure that installed wireless networks would remain active in the event of a single device failure.”

3.  “Canadian Natural regularly had guest visitors to their off-shore oil platforms and thus requested a secure, but separate, connection for guests to make use of.”

Provist goes on to say that there were some major business benefits are being achieved:

  1. Cost/Safety: “Provista’s solution ensured that there was no need for highly-trained technical staff to be present at the remote sites.”

  2. Lower Downtime: “Canadian Natural technical staff have a longer window of time to deploy replacement equipment in the event of a failure.”

  3. Worker/Guest Productivity: “Employees and guests can be more productive off-shore as a result of the wireless network access.”

The case study goes on to talk about the implementation and Cisco elements for management and control. This is an example of how Oil and Gas customers will often start building networking infrastructure in the carpeted areas (like CNR did) and then extend out to non-carpeted areas such as oil platforms. The number of oil rigs that have a pervasive WLAN is actually relatively low. Sure, there are numerous proprietary networks for sensors and the like, but we’re now seeing the implementation of WIFI on rigs that are providing converged (i.e. compatibility and convergence with IT and OT – or Operational Technologies systems and networks), as the Internet of Things, and the Internet of Everything continues its journey of becoming more pervasive. This is a convergence based on Industry standards.

Continue reading “Cisco Partner Case Study in Oil and Gas – Canadian Natural Resources by Provist”



Authors

Peter Granger

Senior Sales Transformation Manager

Avatar

As usual, in the post-Supercomputing / post-US-Thanksgiving-holiday lull, the work that we have all put off since we started ignoring it to prepare for Supercomputing catches up to us.  Inevitably, it means that my writing here at the blog falls behind in December.  Sorry, folks!

To make up for that, here’s a little ditty I wrote to tide us all over until we all return after the new year.

Continue reading “Holiday wishes”



Authors

Jeff Squyres

The MPI Guy

UCS Platform Software

Avatar

Chances are you might be reading this blogpost on a device other than a laptop or desktop computer.  I’d also wager that the device you’re using to read this post handles double-duty – that is, you use it for both work (e.g., checking email, reviewing confidential documents) and play (e.g., Vine, Flappy Bird, social media).

You’re not alone.  Everywhere you turn, you’ll see someone using a smartphone or tablet to be productive – both on corporate and non-corporate networks, for example, a coffee shop’s guest network.  For enterprise IT, this means that the scope of managing an “enterprise network” has really expanded beyond controlling user access to a company intranet to controlling user access to company data across the “extended network” – wherever and however employees choose to do that.

The increased risk due to a larger “attack surface”, fundamentally changes how you approach access control and security.  Traditional Network Access Control (NAC) was technology that, while complex and complicated to deploy, worked well enough when enterprise IT controlled the intranet and the procurement of allowed devices.

However, as the Enterprise Mobility, a.k.a. Bring Your Own Device (BYOD), phenomenon accelerated to become the new corporate norm, traditional NAC wasn’t as effective anymore, due to technology that was overly complex to scale with an overarching need for multiple 802.1X supplicants that generally targeted on more “traditional” endpoints like Windows PCs. As a result, enterprises turned to mobile device management (MDM) platforms as a new way to secure just those mobile devices.  These MDM solutions were definitely easier and less expensive to deploy and manage than NAC and offered a tangible security ROI.

Even today, many organizations continue to use MDM (and its successor, enterprise mobility management or “EMM”) as a bit of a security silo to secure and manage these devices.  However, as is implied, this strategy has a couple of caveats:

  1.  MDM/EMM can enforce device policies (e.g., PIN lock, encryption, whitelisted applications) but offers zero enforcement capabilities for actual network access policies – e.g., restricting corporate network access to financial databases or sales document repositories. The device may be secured, but network access is potentially wide open.
  2. Obtaining 100% full compliance with installing/configuring the MDM/EMM agent on endpoints is nigh impossible, since the MDM/EMM solution works in isolation from other security solutions. Thus, compliance relies heavily on end-user cooperation and participation, which makes it highly likely that non-compliant devices could gain access to the network. From there, who knows what might happen, if the device is compromised.

The net-net here is that enterprises that leveraged solely MDM/EMM to protect their devices and networks are potentially achieving only part of their security objectives.

Fortunately, network access control platforms have seen a renaissance in the past few years and have evolved substantially.  In my last post, I highlighted a recent white paper that discussed how NAC is evolving away from simply basic access or admission control and transforming into a more sophisticated set of controls for endpoint visibility, access, and security – technology dubbed “EVAS” by some. Unlike its overly complex and complicated ancestor, the newest generation of NAC solutions (or EVAS) utilize advanced contextual data gleaned from a number of different sources – including EMM/MDM – in order to enforce granular, dynamic network access policies. In essence, these solutions leverage the network as a sensor in order to make proactive access control decisions e.g., applying different access policy depending on the device being used or the compliance state of the device; or enforcing access to prevent unauthorized lateral movement across a network) throughout the extended network – regardless of how authorized users or devices connect.

This evolution has transformed NAC from a limited security hindrance into a powerful business enabler for enterprises, with more advanced solutions going beyond simple access policy and integrating with other network and security solutions to share data and improve the efficacy of all solutions. For example, here at Cisco, when I attempt to access the network with my iPad, the Cisco Identity Services Engine (“ISE”) (our NAC/EVAS solution) sees my device’s attempt to connect.  It checks the profile and posture of the tablet to ensure that it is compliant with our mobile device wireless access policy (i.e., with MDM/EMM software installed).  If not, Cisco ISE, which is integrated with an EMM/MDM software solution, redirects me to install that software first in order to become compliant before I gain whatever access my particular level of authorization allows on the network.  With this integration between the two solutions, my tablet is now secured with the MDM/EMM software, and my level of access to network resources is seamlessly controlled, down to the letter, courtesy of the NAC/EVAS solution. Caveats solved.

Ultimately, this is just the beginning. Enterprises have realized that the “new NAC” can serve as a viable centerpiece for not only securing access but also for integrating with existing and previously silo’ed security and productivity solutions – like EMM/MDM – that may already be deployed in the enterprise network.

At the end of the day, NAC sure isn’t what it used to be…but that’s, actually, a very good thing.

For an additional perspective on NAC, market trends, and solutions, I invite you to look at the newly-released 2014 Gartner Magic Quadrant for Network Access Control (NAC).



Authors

Dave D'Aprile

Sr. Product/Solutions Marketing Manager

Secure Access and Mobility Product Group

Avatar

To celebrate 30 years of innovation at Cisco (#We are Cisco), we’ve asked Cisco Champions what they think is the most important Cisco innovation to date. Cisco Champions are seasoned IT technical experts and influencers who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champions program encompasses different areas of interest, such as Data Center, Internet of Things, Enterprise Networks, Collaboration and Security. Cisco Champions are located all over the world.
(Cisco Champions are not representatives of Cisco. Their views are their own)

Here are their top answers.

Cisco Nexus Series
The most important innovation for me is the Data Center Networking Solution with Nexus Portfolio N2K, N5K, N7K, and N9K, that allows us to address all challenges for our customers. I really appreciate the new campus solution based on C6800 with IA switches which uses the same technology as FEX. It really simplifies architecture and reduces OPEX with a single point of management.
Bertrand Bordereau
Bertrand Borderaeu
Network Consulting Engineer
@BBordereau Continue reading “Top Cisco Innovations”



Authors

Rachel Bakker

Social Media Advocacy Manager

Digital and Social

Avatar

What’s new and trending for the industry? Well, predictions for the upcoming year as a motif is certainly not new but is definitely trending, considering the deluge of pundits concentrating their well-informed thoughts about which industry happenings will emerge through hyperbole and into reality. Amongst go-to industry resources I find myself perusing is LNS Research, who has chosen to break down their Top Three 2015 predictions by industry trend/topic: Industrial IoT; Industrial Energy Management; Environmental Health and Safety; and Asset Performance Management.

Another annual favorite that I’ve blogged about in the past—including commentary on Cisco relevance—is IDC Manufacturing Insights, who this year took on a refreshing, new format entitled IDC Futurescape: Worldwide Manufacturing 2015 Predictions. The team of IDC manufacturing practice analysts quantify and qualify their ten most critical imperatives to be addressed by global manufacturers in 2015 and beyond—based on the coalescence of technology and line of business interests—including a few that are very pertinent to Cisco’s Internet of Everything (IoE) initiatives:

  • In 2015, customer centricity requires higher standards for customer service excellence, efficient innovation, and responsive manufacturing, which motivates 75% of manufacturers to invest in customer-facing technologies.
  • By 2016, 70% of global discrete manufacturers will offer connected products, driving increased software content and the need for systems engineering and a product innovation platform.
  • By 2018, 40% of Top 100 discrete manufacturers and 20% of Top 100 process manufacturers will provide Product-as-a-Service platforms.
  • In 2015, 65% of companies with more than 10 plants will enable the factory floor to make better decisions through investments in operational intelligence.
https://www.youtube.com/watch?v=ggXUaHqdqzs&list=PLAAF67A702C266F9E&index=14

Before the analyst predictions pushed their way onto my laptop screen, I was asked by Cisco’s press relations team to put forward my top 3 for the industry. So on All Saints Day, before heading out on weeks of travel to China, India, and several of the United States outside my home residence, I produced three ideas that didn’t make it to our PR megaphone. As part of this blog, I’ve decided to share these three predictions, with some relevant observations from my Nov-Dec travels and customer interactions …

Continue reading “2015 Manufacturing Industry Predictions”



Authors

Chet Namboodri

Senior Director

Global Private Sector Industries Marketing

Avatar

Today’s definitive agreement for purchase of the Rockstar patents by a subsidiary of patent clearinghouse RPX Corporation, with simultaneous licensing of the portfolio to more than 30 technology companies, including Cisco, represents a victory for common sense. It also puts to rest a wayward and misguided business model that threatened to add costs to industry and consumers with no benefits to innovation or economic development.  This step should also send a strong message to companies who toy with the idea of “monetizing” their patent portfolios through transactions with private equity and non-practicing-entities, or by shaking down other industry participants: They will find themselves isolated. In short, they will end up as net losers if they initiate a game based on short-sighted greed.

We’re taking a different approach. Working with RPX, we devised a licensing model where even those who chose not to join with more than thirty of their peers in this purchase will still have the chance to license on comparable and fair terms.  Kent Walker, the general counsel of Google, was instrumental in pulling this together. Brad Smith and Bruce Sewell, the general counsels of Microsoft and Apple, deserve huge credit for working with the other Rockstar members – Blackberry, Ericsson and Sony – to reach a consensus that produced this positive result.

The origins of “Rockstar” are found in the smartphone patent wars that began several years ago. While we have no quarrel with companies using their patents to stop the copying of differentiating features without permission (and in fact commented favorably on the direct Apple-Samsung litigation), the driving up of patent valuations as each side in the war sought to bulk up for battle ended up serving no one other than lawyers and middlemen. Rockstar’s litigation strategy turned out to be inconclusive, keeping many lawyers very busy but with little money changing hands to date.

Continue reading “A Grammy-Class Outcome to the Rockstar Patents”



Authors

Mark Chandler

Retired | Executive Vice President

Chief Legal and Compliance Officer

Avatar

Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment.

One of the challenges information security management teams face is justifying their value proposition to the business to ensure that security requirements receive adequate resource allocations. The paradox here is that if security management within an organization is effective, the results typically show no observable outcome (i.e., no security incident). Interestingly, even if a security incident is not present, it does not necessarily mean that good security management practices are in place. They might be missing because of a security detection mechanism flaw, or simply because the attacker has no interest in carrying out an attack during that time period.

On the other hand, when a security breach occurs, the security manager is often questioned for failure to anticipate and prevent the incident. Security managers therefore often fall back on past or external incidents as a form of justification. Business managers frown on these explanations because they normally do not believe they are no better than their peers or competitors in the industry. Continue reading “Issues and Dilemmas in Information Security Practices”



Authors

Meng-Chow Kang, PhD, CISSP, CISA

Director and CISO

APJC region, Cisco Systems, Inc