Cisco Blogs

Even Security Administrators Deserve a Break – Part 1 of 2

May 26, 2011 - 1 Comment

By now, most of us have heard Cisco executives utter the words, “Work is no longer a place you go, but what you do.” Now we’ve all heard hundreds of these snappy one-liners in our careers, written by some marketer for the sole purpose of making a particular presentation more memorable. And like you, I easily dismiss catchphrases soon after the completion of the presentation. But for me, this one is different – because it’s so true. In fact, looking back over just the past 10-15 years, I find it hard to believe how much technology has changed the way we all live and work.

I remember coming into the office every single day to work long hours in the same building to complete all my work in a timely manner, using a desktop computer that was plugged into the wall and tethered to a physical Ethernet connection. Business trips were disruptive, because they caused work to grind to a halt. And there was an obvious line between work and home, since so little could be accomplished outside the four walls of the office. But today, things have changed dramatically. With our laptops, pads, smart phones, and VPN tunnels, we can truly be productive anywhere, anytime. We work from home, airplanes, hotel rooms, drop-in centers, and yes, even our local coffee houses. We don’t have to necessarily go to work to be at work. The world is our office.

But while technology advances have certainly made most of our lives remarkably easier, they’ve had the diametric opposite effect on security administrators. That’s because when I had my desktop with its physical Ethernet connection, I was one person in one location. From a security perspective, I was a constant, so the security administrators at my company only needed to identify my computer’s IP address and write policies against it. Done. But now I can literally be anywhere in the world, at any time of day or night, using just about any device I can think of, to gain access to the corporate network.

So now the security administrator has to write scores of policies to cover any given situation. Even when I’m in the office, I’m not tethered to an Ethernet. I have a laptop, which I take to meetings. Policies have to account for when I move across the wireless access points within the office, or even to a conference room in a different building; I access my email from my mobile phone, and other corporate applications from my tablet, both of which are my personal devices, and therefore uncontrolled assets from a security perspective; I log in from hotel rooms and airport hotspots when I travel; and I work from home in the evenings and some days. Each of these situations requires a policy. And that’s just me – multiply that by even a thousand employees in a mid-size company, and it’s easy to see how the number of security policies can quickly balloon out of control!

It’s the security administrator’s job to ensure that I can securely access the corporate network, regardless of where I am and what device I use, while still somehow keeping out the bad stuff. Yet traditional security policies are becoming increasingly difficult to configure, manage, and troubleshoot – and are prone to errors. It’s about time technology advancements made security administrators’ lives a bit easier.

In the next few weeks, Cisco will make an announcement around new functionality that will make great strides toward improving the lives of security administrators – the first installation of what will soon become full context-aware security. Please check this blog again on Wednesday, June 15th for more details!

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Hi All,

    The second part of this post will now be posted on June 23rd … sorry for the delay!