Cisco Borderless Networks Enabling the Borderless Organisation

19
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Borderless Networks Enabling the Borderless Organisation Mark Jackson, Technical Solutions Architect m [email protected]

description

Cisco Borderless Networks Enabling the Borderless Organisation. Mark Jackson, Technical Solutions Architect m [email protected]. Securing Organisations a Decade Ago. Viruses. Main Campus. Unauthorized Access. Denial of Service. Branch Office. Data Center. System Penetration. - PowerPoint PPT Presentation

Transcript of Cisco Borderless Networks Enabling the Borderless Organisation

Page 1: Cisco Borderless Networks Enabling the Borderless Organisation

Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Borderless NetworksEnabling the Borderless OrganisationMark Jackson, Technical Solutions Architect

[email protected]

Page 2: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Securing Organisations a Decade Ago

Branch Office

Main Campus

Data Center

Viruses

Denial ofService

Unauthorized Access

System Penetration

Telecom Fraud

Page 3: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Defense for the Last Decade Cisco Self-Defending Network

Branch Office

Main Campus

Data Center

IntegratedBuild security into the network

CollaborativeMake security work together as a system

AdaptiveAdjust defenses based on events and real time info

Page 4: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Blurring the Borders:Consumer ↔ Workforce Employee ↔ PartnerPhysical ↔ Virtual

Mobility WorkplaceExperience Video

1.3 Billion New Networked Mobile Devices in theNext Three Years

Changing Way We WorkVideo projected to quadruple IP traffic by 2014 to 767 exabytes*

Mobile Devices

IT Resources

Anyone, Anything, Anywhere, Anytime

Operational Efficiency Program

Government ICT Strategy

Market Transitions

Page 5: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Changing Environment - Shifting Borders

IT Consumerisation

Device Border

Mobile Worker

Location Border

Video/Cloud

IaaS,SaaS

Application Border

External-FacingApplications Internal

Applications

Page 6: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

Information Security and Assurance

Government ICT Strategy

Public Sector Network

Government Cloud

Shared Services

Page 7: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Borderless Government

“The Public Service Network will allow the delivery of services to any location and, through standards, will enable unified communications in terms of voice, video and collaboration capabilities.”

“Developments in ICT mean it is now possible for different teams, offices or even organisations to share the same ICT infrastructure.”

“…data sharing is an essential element of joining up services and providing personalisation. This means that there must be effective, proportionate management of information risk.”

“The need to continue to transform public services and to use ICT to enable transformation of the way the public sector runs and operates has become more pressing.”

Page 8: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Anywhere, Any Device Access

Location

Device

Application

More Diverse Users, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data

Page 9: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Secure Borderless Network ArchitectureEnabling Mobility, Extending Security

Corporate Office

Branch Office

Local Data Center

SECURITY and POLICY

Airport Mobile User Attackers Partners

Citizens Coffee Shop Home Office

Always-On Integrated Security and Policy

802.1X, TrustSec, MACsec, MediaNet

Outside the Corp EnvironmentInside the Corp Environment

CORP DMZ BORDER

Xas a Service

Infrastructureas a Service

Softwareas a Service

Platformas a Service

Page 10: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

What Does TrustSec Do?

1

4

2

Who are you?An 802.1x or a Network Admission Control (NAC) appliance authenticates the user.

What service level do you receive?The user is assigned services based on role

and policy ( job, location, device, etc.).

What are you doing?The user’s identity, location, and access

history are used for compliance & reporting.

Where can you go?Based on authentication data, the network

controls user access.

3

Enforces Access Policy

IdentifiesAuthorised Users

PersonalisesThe Network

Increases Network Visibility

Page 11: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Security Group Access Control

SGTs

Current network access control segmentation methods (VLAN, ACL, Subnet) are topology dependent and operationally intensiveSecurity Group Tags are topology independent and streamline the deployment of role-based access control Attribute based access control assigns an SGT to users, devices, or virtual

machines based on their role Security Group ACLs (SGACLs) enforce access policy based on source and

destination SGT Transport of SGTs is secured via NDAC & 802.1AE MACsec This is an emerging technology, expanding in platform availability and adoption

SGACLs

Authz RulesIndividuals ResourcesAuthz Rules

Security Groups

Employee

Non-Europe Employee

Security GroupsDestination

Internet

Confidential

Print/Copy

Access Rules

Access Rules

Source

Partners

Page 12: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Delivering a Platform to Enable Shared Services

DD D D D D D D DVV V V V V V V V

Cisco TrustSec Technology: Next-Generation Security

Single unified platform enforcing policy

Duplicated Infrastructure, increased cost and complexity

Shared Workspace Environment

Page 13: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

AnyConnect Secure Mobility ClientNetwork and Security Follows User—It Just Works

Next-Gen Unified Security User/device identity Posture validation Integrated web security for always-on

security (hybrid)

Persistent Connectivity Always-on connectivity Optimal gateway selection Automatic hotspot negotiation Seamless connection hand-offs

Corporate Office

Mobile User

Home Office

Secure, Consistent Access

Voice—Video—Apps—Data

Broad Mobile Support Fixed and semi-fixed platforms Mobile platforms

Wired

3G/Wi-Fi

Broadband

Page 14: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

ChoiceDiverse Endpoint Support for Greater Flexibility

Acceptable Use

Access Control

Data Loss Prevention

Threat Prevention

Intranet

Corporate File Sharing

Access Granted

Always On Security

AnyConnect Client

SecurityRich, Granular Security Integrated into the network

ExperienceAlways-on Intelligent Connection for SeamlessExperience and Performance

WSA ASA

Page 15: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Enabling Seamless Remote and Mobile Working

Secure Mobile ConnectivityUnmanaged Devices, Risk ofData Loss, and Lack of Access

Mobile Government Worker

Cisco AnyConnect Secure MobilitySimple, Powerful Access – Anywhere, Any Device

AcceptableUse

Access Control

Data Loss Prevention

Page 16: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

From Self-Defending Network to Secure Borderless Networks

Keep the Bad Guys

Out

FirewallAccess

IntrusionPrevention

Block Attacks

ContentSecurity

Email & Web

Self-Defending Network

Page 17: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

From Self-Defending Network to Secure Borderless NetworksSelf-Defending Network

Enable Secure Borderless Access

FirewallAccess

IntrusionPrevention

Block Attacks

ContentSecurity

Email & Web

Policy & IdentityTrusted Access

Secure MobilityAlways On

Cloud SecurityHosted/Hybrid

New Security Requirements

Keep the Bad Guys

Out

Page 18: Cisco Borderless Networks Enabling the Borderless Organisation

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

An Architecture for Borderless Government

The Borderless Organisation Needs a Borderless Network Architecture.

1

Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network Innovation.

2

The Cisco Borderless Network delivers the Platform to transform service delivery.

3

Page 19: Cisco Borderless Networks Enabling the Borderless Organisation