By Don Abraham, Manager, PCM Canada Integrated Network and Security Solutions (INSS)
Staying Secure in a ‘Bring Your Own Device’ environment
In this article I am going to focus on what is top of mind for most CIOs today. If you haven’t guessed yet, it is most certainly security.
Before we dive into this topic, here are some really interesting facts on some of the many things that impact our world of IT today:
• Organizations that went from providing standardized desktops, laptops and mobile devices to allowing employees to use their own choice of personal productivity devices experienced a 200% increase in user satisfaction and a 25% decrease in associated costs.
• Organizations that went down the path of virtualization had a 50% decrease in server footprint, a 30% increase in application performance and a 95% reduction in time it took to get an application provisioned.
Security in the new paradigm
The traditional way of working was an employee using a corporate asset behind a firewall. If remote access was required it was usually with a managed corporate laptop, with a “corporate image” using managed anti-virus, connecting with a secure IPSEC VPN connection back to a Firewall.
The paradigm shift today is a rapid rise in the consumerization of the end-point. The explosion of unmanaged smart mobile devices and tablets and the demand for them in the enterprise have compounded security requirements in the face of anywhere, anytime, any device access to corporate data and infrastructure. With these types of pressures it is no wonder security is top of mind.
The old way of end-point predictability has gone. Mobile broadband wireless access has exploded along with the use of unmanaged end-points. This combination has changed where and how users access corporate date. Not only has end-point access changed, but with the advent of virtualization, cloud and software as a service, data itself has become mobile as well.
Cisco Partner Summit 2011, Feb. 28 – March 3. New Orleans, Louisiana
This year’s Cisco Partner Summit brought partners from all over the world to New Orleans; over 3,000 people attended. New Orleans post-Katrina has in many ways returned to normal. For visitors, you would not know there was a devastating flood. Downtown, the Warehouse district and the French Quarter have been completely restored. On the flip side, if you talk to some locals they will tell you the tourist areas are all fixed up but some of the residential neighborhoods still look the way they did the day after the waters receded. In any case, life is improving and many conferences and corporate events are happening there to assist in revitalizing the region.
The theme for the summit was IMPACT. There were a lot of great discussions around traditional Borderless networking, IP Communications, Collaboration, Virtualization, Data Centre networking, Unified Compute and of course Cloud Computing.
At the Partner Summit, Cisco introduced a new Security Architecture called SecureX. SecureX is not a product but a new approach to holistic, context-aware security. Wherever, whenever, on whatever device becomes possible. Dynamic security and security in depth happen flawlessly and seamlessly all because SecureX works on multiple devices, to identify the user, the location, the end-device and the data being accessed.
To secure the enterprise in this new world, Cisco has architected SecureX with important key features:
• It will use a higher-level policy language that understands the full context of a situation—the who, what, where, when, and how of security.
• It will allow for consistent policy enforcement independent of the underlying security scanning element.
• It will be hybrid in nature, spanning virtual and physical worlds, and on-premises and cloud worlds, to allow for seamless and consistent policy enforcement.
• It will have global knowledge of threats as they emerge and be able to correlate that information to protect applications and users in real time against those threats.
• It will allow for highly distributed security enforcement scanning, in effect pushing security closer to the end user or the application wherever they reside.
At the heart of SecureX is context awareness and Cisco Trustsec. Trustsec extends traditional context awareness through policy-based access control that identifies who a user is, what device they are using, if that device complies with corporate security policy and to what extent. Trustsec also identifies where the user is connecting from, whether from a wired corporate LAN, a mobile broadband connection or a WiFi hotspot. As a user moves in and out of these locations, Trustsec dynamically enforces security policies seamlessly.
Cisco has also brought this context awareness technology to its firewalls, IPS and IDS products as well as Ironport, routers and VPN software. In addition to this, Cisco partners with many security vendors such as RSA and others to extend context-awareness to 3rd party devices to further secure all aspects of your infrastructure.
If you are interested in a Network or Security Assessment, please contact PCM Canada. Our teams of highly skilled network and security professionals are experts in Cisco security solutions and can help you plan your transition to the new paradigm.
To discuss this please contact Don Abraham at email@example.com.
For more information on the solutions, products, and services that comprise the Cisco SecureX Architecture, please visit www.cisco.com/go/security.