Moving to cloud is an individual journey for every organization. Many companies have taken the hybrid path and are working within multiple clouds. Yet others are still primarily on-prem but want to continue their transition to cloud seamlessly in their own time and at their own pace. 

No matter where in the cloud journey an organization is, options and flexibility are essential to being able to address the organization’s unique business requirements. With the increasing number of both managed and unmanaged devices connecting to corporate networks, simplicity and automation play a critical role in how agile an organization can be when meeting new opportunities and challenges. 

Flexible Deployment Models

Of ever-increasing importance are flexible deployment models that enable workloads and services to be divided between multiple public clouds and private infrastructure. Focus is no longer centered around the data center but rather across the distributed network that reaches out into the cloud. The ability to access any device, anywhere, makes managing security that much challenging. To succeed, organizations need to be able to secure network operations without slowing down the core business or the people behind it. They need to be able to deploy and manage security access and policies in the cloud without a VPN. 

As part of our commitment to provide a better overall experience for users at all levels, we’ve focused our efforts on how to simplify the transition to multi-cloud no matter where an organization is in its journey. With the release of Cisco Identity Services (ISE) 3.1, it is now possible for organizations to deploy ISE cloud-natively.  

Availability of ISE on AWS and the Azure cloud marketplace gives organizations more flexibility in how they operationalize ISE. Previously, NetOps or SecOps were responsible for deploying and maintaining ISE. With the new model introduced by ISE 3.1, InfraOps can deploy ISE on demand based upon the needs of the business.  SecOps and NetOps are then able to configure and apply the appropriate policies, either directly on the ISE UX or by taking advantage of APIs to automate setup. This introduces flexibility in policy deployment without SecOps/NetOps having to give up any control. 

Cisco ISE 3.1
With the new model introduced by ISE 3.1, InfraOps can deploy ISE on demand. SecOps and NetOps are then able to configure and apply the appropriate policies.

Scaling Out in a Distributed Network

With ISE 3.1 in place, it becomes possible to have centralized ISE clusters that can be scaled out in a distributed fashion to multiple branches of the organization. Management is kept on-prem while services are loaded to the cloud. ISE 3.1 is also equipped with rich APIs to automate policy and lifecycle management that simplify deployment to enable network access with zero-touch provisioning of resources from anywhere. 

For example, consider an organization that needs to spin up a remote branch office with trusted access quickly and securely. Rather than having to ship a box or manually spin up a new VM, workloads can now be managed and secured through a cloud service such as AWS. InfraOps is able to deploy ISE from anywhere to anywhere without requiring an on-site presence by connecting into a centralized ISE cluster in the cloud. SecOps can now access ISE from anywhere using any policy management UI. In addition, existing policies are automatically unified with the new deployment. 

This “lean branch” approach can be accelerated through automation. It unifies zero trust controls across the distributed network to ensure compliance and reduce risk while saving on equipment cost, simplifying deployment, and centralizing policy control. It also means organizations no longer need to deploy virtual machines or appliances on-prem. 

For organizations not familiar with the value of ISE, availability of the service in the cloud also provides an opportunity to evaluate ISE without having to make a full licensing commitment. Network managers can deploy a trial of ISE in their own AWS environment to experience the security it brings to cloud and hybrid computing. 

Secure access across the distributed network has never been easier, faster, or more flexible. No matter where an organization is on their cloud journey, ISE 3.1 gives IT teams the simplicity and flexibility they need to provide the agility and resilience their organization demands. 

Learn how ISE can simplify your transition to cloud. Or visit the AWS Marketplace and try ISE 3.1 for yourself. 

The Power is in the Community 

Our developer community is made up of thousands of customers who are contributing to these playbooks to automate what is driving their success based on their unique cloud strategy and need. Visit our ISE DevNet page for sandboxes, sample code, and to get engaged in the community.  


Check out our Cisco Networking video channel

Subscribe to the Cisco Networking blog


Justin Buchanan

Director of Product Management

Security Policy and Access