Security has been heating up for well over a decade. In 2013, we added fuel to the fire as the malware economy and large organizational breaches (not just incidents) hit the front page. We hunkered down and layered-in defenses with moats, walled perimeters and roving guards for when the bad dudes got in. And now we are losing our perimeter. We are losing control as massive trends, such as the cloud migration, a mobile workforce, and the addition of all those scary connected things, are pulling the perimeter apart. As this happens we’re often caught in the balancing act between driving the business forward by promoting connections with locking it down and providing protection.
To cool this phenomenon down, and to avoid locking down IT initiatives that are propelling business, organizations are rethinking how they look at access. We are realizing there was some truth in the old sect of security professionals who said to “trust no one,” and now we can add “trust no one thing.” From these cries arose the zero-trust framework.
Although not entirely new, it is becoming easier to achieve zero trust with advances in technology that are making it possible to continually authenticate and authorize access at many points within the network. We are now able to build security directly into the network and achieve a segmented network that continually authenticates the endpoint and authorizes access based on a least privilege model, to ensure endpoints only get the access they require to meet mission objectives.
Cisco Identify Services Engine (ISE) has been taking on secure access challenges for almost ten years. We recently performed a customer survey to find out how innovations within ISE are enabling a zero-trust approach in the workplace to manage the expanding perimeter and to build security and protection directly into the network.
3 ways to put the expanding perimeter on ISE and gain zero-trust
Asset Visibility: 75% of customers surveyed said the capability they value the most from ISE is knowing who and what’s on the network.
Gaining visibility is the first step. If we cannot correctly identify what is connecting, and gain endpoint visibility that is not only granular, but also dynamic with context that keeps up with the evolving threat landscape, it is impossible to enforce a policy that will control access to only what an endpoint requires to get the job done, and not risk disrupting business objectives.
Network Segmentation: 79% of respondents stated that the ability to use the network itself to enforce access policy was that value they achieve the most out of ISE.
Network segmentation is an outcome of effective asset visibility. Obtaining granular control of the endpoint, no matter where the endpoint is located, is difficult to achieve without granular visibility. In the past, the lack of visibility has been a major barrier to building zones of access based on trust. ISE implements segmentation precisely the way you intended and makes it easy to control policy consistently across wireless, wired, and VPN connections. Another 58% stated they achieve this value without buying more security products, which can increase CAPEX and often adds complexity with bolt-on solutions that do not recognize a platform approach.
Value without increasing costs: 79% agree that ISE significantly improved their security profile and reduced operational costs.
The organizations we partner with at Cisco have real challenges and a limited budget is one of them. The ISE team has been focusing on simplifying the user experience to ensure that customers can move to advanced use cases like network segmentation without increasing complexity and operational costs. And with a focus on interoperability and platform integrations, customers will be able to accelerate their protection as well as the value of existing solutions to gain an active arm of protection from passive security solutions without an increase in investment.
ISE has been cooling of network access and control for almost ten years, which explains why 95% of those surveyed said they would recommend ISE to a colleague or friend.