Oren Seliger - Service Pro in...“Cisco has the right to require security controls on all...

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Oren Seliger IT Theatre Leader – EMEAR South

March 2013


1. Introductions

2. A little about Cisco

3. Cisco Current Mobility Landscape

4. Disruptive Industry Trends

5. Cisco Mobile Security Strategy

6. Migrating from Traditional to BYOD

7. Summary


High Touch

Local IT management

Asset Management

Procurement

Cisco on Cisco

Events Support – Global, Local

Technology Pilots and deployment service

Local Relationship with Service Providers (desktop/mobiles)

Mobility Services

Collaboration

Medium Touch

Video services

Print Services (SSC warehouses, etc…)

New employee Orientation

Exec Admin productivity trainings

New Employee Orientation

Low Touch

Software licensing/compliance

CVO

Campus onsite event support

Data backup/Credent

Webex and Collaboration

Unique Services

Executive Support Models

Connected Ops Engagement


IWE December 2009

• 300 locations in 90 countries

• 400 buildings

• 7 critical enterprise production data centers (and the Scientific

Atlanta, WebEx, Linksys data centers)

• 1500+ labs worldwide (500+ in San Jose)

• 70K+ employees & contractors

• 25,000 channel partners

• 110+ application service providers

• 210+ business and support development partners

• 43.2 B$ Revenues and 44.6 B$ Cash end of FY11

More than 180,000 people

worldwide in the extended

Cisco family

Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 5

Global Enterprise

70,000 employees 300 locations worldwide

48 data centers

1500+ labs

First Customer UCS

Nexus

Jabber (IM/Voice/Video)

CUCM

CUPC & Presence & Mobility

Telepresence

Webex Connect

WebEx Social (WxS)

Collaborative tools

Cisco Virtual Office

CUVA

Cisco Connected Workplace

….. And more

…

• Large Global Enterprise

• Unique combination of Cisco solutions

• First customer for most DC and UC solutions

Cisco Powered

3780 routers

4697 switches

7000+ Access Points

16,300 telework routers

191 MDS (Multilayer Director Switches)

14 CallManager clusters

17 IPCC sites


Versatility

Performance

Functionality

Ease of Operation

and Maintenance Security Cost of Ownership

Environment /

Green Enabling Innovation


So, will YOU be paying

for lunch?!?


29,864

iPhones

2.7% Growth

8,463

Android Devices

3.5% Growth

5,658

BlackBerry Devices

-10% Growth

844

Other Devices

-0.9% Growth

83,099

Windows PCs

30,990

Apple Macs

7,269

Linux Desktops

3,041

Desktop

Virtualization

35 % of clients today have Cisco IT services with > 1 Mobile device (37% in Dec)

TABLET BASED DEVICES

MOBILE SMARTPHONE DEVICES

DESKTOP LANDSCAPE

14,312 iPads

4.1% Growth Samsung Tablets

146

Nexus Tablets


972 users have 3 Devices 48 users have 4 Devices

Source Data: TMG and BES Server Stats via Adam Grimes – [email protected], EMAN Mobile Admin

http://eman-core.cisco.com/SERVICE/Mobile/Admin/index.pcgi


Security Challenges


1. Accidental loss/theft

2011: 55000 mobiles lost in London taxis in 6 months

2. Mobile malware on the rise

Geinimi Trojan on Android

Trojan.BAT.AACL on iPhone

3. SMiShing: phishing via SMS

http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=229000240&cid=RSSfeed_IWK_News



http://www.borntechie.com/entry/iphone-trojan-virus-infects-apple-firmware-and-computer-files/


Call history & SMS messages

Email & voicemail

Contacts and calendar events

Files stored on device or SD cards

Keyboard cache history (including passwords when typed)

Photos, web browsing history, GPS location history, …

Deleted data (images, email, voicemail, typing caches, ...)

…


Any Device & Consumerization

Users Want

• Anywhere/anytime access

• Device independence

• Personal data/applications

• Flexible configurations

IT Wants

Controlled network access

Predictable configurations

Data security

User lockdown

"You're Slowing

Me Down!"

"Stop Protesting

and Get in Line!"

New Approach Needed


IWE December 2009

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 22

2009

Mobile BYOD Mandate

Mobile Mail and Wi-Fi on iPhone, BlackBerry, Android, etc.

2011

AnyConnect on Trusted Devices

Tablet Support

2012

Virtual desktop on VXI endpoints, BYOD smartphones & tablets

2013+

BYOD for non-Cisco laptops

2003-2008

Corporate-Paid Devices

Good Mobile Client


Computing

Device IP Phone

WebEx Social CUVA

Camera

Basic Entitlement Services - Cisco

IM / Chat /

Meetings

(v / v)

Immersive

TelePresence

http://onetandberg/C9/Movi/Movi Images/15macbookpro_wMovi 2.jpg


IWE December 2009

Wireless Everywhere

Mobile

Devices

Hardware VPN

(always on, wireless)

Software VPN

Extension Mobility

Softphone: Cisco

Jabber or Webex

CUCI


Local and Remote Wipe

Encryption and Management

4 Digit PIN

10 Minute Timeout

Trusted Devices

Alternative Devices


Management

10 Minute

Timeout Network

Edge

Remote and

Local Wipe Core

Network

Encryption

4 Digit

PIN


Fully integrated into the provisioning cycle


• HR policy

• Signed yearly by every employee

• Added the following section to cover personal devices:

“Cisco has the right to require security controls on all electronic and computing devices used to conduct Cisco business or interact with internal networks and business systems, whether owned or leased by Cisco, the employee or a third party. Cisco also has the right to inspect at any time, all messages, files, data, software, or other information stored or transmitted on these devices.”


Inside the Enterprise

NCS Prime

Identity Services Engine (ISE)

Outside the Enterprise

Cisco WLAN

Controller

AC NAM

MDM

CSM / ASDM

AC VPN (All Mobile)

AC Cloud Web Security (All PCs)

IronPort WSA

Wired Network Devices

Cisco Catalyst

Switches

AnyConnect NAM

30


IWE December 2009

ISE Auth. Policy Definition IDENTITY SERVICES ENGINE

Device Type Location User Posture Time Access Method Custom


101% more devices 58% more users 300% more data usage

38% fewer cases 28% higher satisfaction 33% lower cost per user

*2 year comparison


IWE December 2009

• Client choice

• Virtualization

• Disaggregation

• Security

• Always available

• Reliable

• Collaboration


IWE December 2009

Platform

“Platform Virtualization – disaggregation of operating system from the physical device”


What You Get:

• Cisco owned laptop same as current offering

• App Store • Content V • Software V

What You Get:

• VXC Device • App Store • Content V • Software V • VDI Session

What You Get:

• A stipend to buy your own device

• App Store • Content V • Software V

What You Get:

• App Store • Content V • Software V • VDI Session

Reduction in TCO

Compared to Cisco Laptop Increase in TCO

Compared to Cisco Laptop

Reduction in TCO Compared to Cisco Laptop

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 Security Framework

Virtual Desktop Infrastructure • Entire desktop session hosted in a data center

• Paired with Zero Clients or Thin Clients (VXC)

• Core to Cius offering

Software Virtualization • Software streamed to your laptop or VDI

• Granular license management

• Reduces VDI cost over time

• Supports App Store strategy

• Leveraging Microsoft AppV and Citrix XenApp

Content Virtualization • Data synced to the internal cloud (like DropBox,

iCloud)

• Enables access for any device

• Reduces VDI cost over time

• Replaces two current offerings

• Mitigates security risks

App Store

• One stop shop

for application

and service

shopping and

subscription

management

• IWE, Mobile,

and Desktop

catalogs

• Leveraging

existing

products

(NewScale,

AppHQ)

Any End Device • Mobile smartphone

• Tablet

• Cisco IT Asset

(eg: Lenovo, Mac, Linux)

• Cisco VXC or Cius


IWE December 2009


IWE December 2009

Evolution of security controls

Source: Derived from Dan Hitchcock's “Evolution of Information Security Technology”

Thank you.

Oren Seliger - Service Pro in...“Cisco has the right to require security controls on all...

Documents

Transcript of Oren Seliger - Service Pro in...“Cisco has the right to require security controls on all...