Imagine arriving at the airport for your next trip, excited to embark on your journey. As you make your way through the airport, you’re asked to present your passport and boarding pass at various checkpoints before you’re granted access to the different areas of the airport. In the same way, your network is a bustling digital airport with various terminals and gates. And just like how airport security checks for credentials to ensure only authorized passengers have access to certain areas, a Zero Trust approach requires that devices and users present their credentials to access certain parts of the network.

Why Zero Trust Matters More Than Ever  

As organizations transition to borderless IT environments, traditional business boundaries have become blurred, resulting in practically everyone becoming an insider and significantly amplifying risks across all facets of the business. The traditional perimeter-based security models are no longer sufficient to defend against modern security threats. To address this, organizations must adopt a new security paradigm, based on the principles of Zero Trust: never assume trust, always verify, and enforce least privilege. Zero Trust is a comprehensive approach to cybersecurity that eliminates the assumption of trust and continuously monitors and assesses the security posture of devices after application access is granted.›

For organizations struggling to protect their networks against security threats, Cisco SD-WAN simplifies the zero-trust journey. Cisco SD-WAN meets you where you are to achieve desired zero trust outcomes – whether securing hybrid or remote work, protecting cloud environments, or gaining visibility into devices. With its networking and security convergence capabilities, Cisco SD-WAN provides the necessary tools to build a Zero Trust model that ensures security across all facets of an organization’s digital operations.

 Secure Everywhere, with Cisco SD-WAN 

You need to secure your users, networks, workloads, applications, and in a way that works for your business. Cisco SD-WAN can help you achieve that by implementing a Zero Trust model that delivers four functional requirements:

  1. Establish trust for users, devices, and applications driven by visibility and context
  2. Enforce trust-based access based on the principle of least privilege
  3. Continuously verify trust to detect any change in risk even after initial access is granted
  4. Respond to change in trust by investigating and orchestrating responses to potential incidents

The integration between Cisco SD-WAN and Cisco Identity Services Engine (ISE) provides a powerful set of security features that enables IT teams to employ zero-trust security functions for the traffic that goes through an SD-WAN fabric. Additionally, the use of SDRA (Software-defined Remote Access) extends the application of zero-trust principles to remote users, providing enhanced security for organizations. The integration between the two allows Cisco ISE to support the configuration of security posture policies in the SD-WAN fabric. When a device or an IoT endpoint connects to the network, the posture of the device is evaluated based on the configured policy, and an authorization decision is made based on that outcome. Moreover, Cisco ISE shares the security group tags (SGT) and session attributes with the Cisco SD-WAN ecosystem, enabling IT teams to create identity groups and associate security policies in Cisco vManage to allow access by specific user groups to applications over the SD-WAN fabric, all the way to the edge. Additionally, Cisco ISE supports a periodic reassessment of device posture, allowing for changes in authorization and security policies at the SD-WAN edge. Any change in the posture will cause a change of authorization, which results in a different security policy being implemented in the SD-WAN edge. This approach ensures that the network and endpoints work together seamlessly to provide zero trust capabilities.

Achieve Zero Trust Your Way with Cisco SD-WAN

While we recognize that implementing a Zero Trust model is a game-changer for your network security, we understand that it can be challenging to apply these functions across an entire multi-IT environment in a way that meets your business outcomes. That’s why we’re here to help. The evolved SD-WAN security architecture is designed to support this changing security paradigm and is ready to meet you wherever you are in your zero-trust transformation. So, whether you’re embarking on a journey through the airport or securing your network, the key is to have a comprehensive approach to access control.

Join our webinar, where our subject matter expert will define the fundamentals of the Zero Trust approach and outline how Cisco SD-WAN can help you build a Zero Trust model that fits your security needs, regardless of where you are on your journey. Discover how to enhance your organization’s security posture in today’s borderless environments by implementing Zero Trust and exercising total control across the fabric.


 Register for our Accelerate your Zero Trust journey with Cisco SD-WAN webinar

Apr 25, 2023 10:00am – 11:00am PDT


Sunakshi Tickoo

Product Marketing Manager

Enterprise Networking & Cloud Product Marketing