cisco borderless networks enabling the borderless organisation
Post on 25-Feb-2016
84 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Borderless NetworksEnabling the Borderless OrganisationMark Jackson, Technical Solutions Architect
marjacks@cisco.com
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Securing Organisations a Decade Ago
Branch Office
Main Campus
Data Center
Viruses
Denial ofService
Unauthorized Access
System Penetration
Telecom Fraud
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Defense for the Last Decade Cisco Self-Defending Network
Branch Office
Main Campus
Data Center
IntegratedBuild security into the network
CollaborativeMake security work together as a system
AdaptiveAdjust defenses based on events and real time info
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Blurring the Borders:Consumer ↔ Workforce Employee ↔ PartnerPhysical ↔ Virtual
Mobility WorkplaceExperience Video
1.3 Billion New Networked Mobile Devices in theNext Three Years
Changing Way We WorkVideo projected to quadruple IP traffic by 2014 to 767 exabytes*
Mobile Devices
IT Resources
Anyone, Anything, Anywhere, Anytime
Operational Efficiency Program
Government ICT Strategy
Market Transitions
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Changing Environment - Shifting Borders
IT Consumerisation
Device Border
Mobile Worker
Location Border
Video/Cloud
IaaS,SaaS
Application Border
External-FacingApplications Internal
Applications
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Information Security and Assurance
Government ICT Strategy
Public Sector Network
Government Cloud
Shared Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Borderless Government
“The Public Service Network will allow the delivery of services to any location and, through standards, will enable unified communications in terms of voice, video and collaboration capabilities.”
“Developments in ICT mean it is now possible for different teams, offices or even organisations to share the same ICT infrastructure.”
“…data sharing is an essential element of joining up services and providing personalisation. This means that there must be effective, proportionate management of information risk.”
“The need to continue to transform public services and to use ICT to enable transformation of the way the public sector runs and operates has become more pressing.”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Anywhere, Any Device Access
Location
Device
Application
More Diverse Users, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Secure Borderless Network ArchitectureEnabling Mobility, Extending Security
Corporate Office
Branch Office
Local Data Center
SECURITY and POLICY
Airport Mobile User Attackers Partners
Citizens Coffee Shop Home Office
Always-On Integrated Security and Policy
802.1X, TrustSec, MACsec, MediaNet
Outside the Corp EnvironmentInside the Corp Environment
CORP DMZ BORDER
Xas a Service
Infrastructureas a Service
Softwareas a Service
Platformas a Service
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
What Does TrustSec Do?
1
4
2
Who are you?An 802.1x or a Network Admission Control (NAC) appliance authenticates the user.
What service level do you receive?The user is assigned services based on role
and policy ( job, location, device, etc.).
What are you doing?The user’s identity, location, and access
history are used for compliance & reporting.
Where can you go?Based on authentication data, the network
controls user access.
3
Enforces Access Policy
IdentifiesAuthorised Users
PersonalisesThe Network
Increases Network Visibility
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Security Group Access Control
SGTs
Current network access control segmentation methods (VLAN, ACL, Subnet) are topology dependent and operationally intensiveSecurity Group Tags are topology independent and streamline the deployment of role-based access control Attribute based access control assigns an SGT to users, devices, or virtual
machines based on their role Security Group ACLs (SGACLs) enforce access policy based on source and
destination SGT Transport of SGTs is secured via NDAC & 802.1AE MACsec This is an emerging technology, expanding in platform availability and adoption
SGACLs
Authz RulesIndividuals ResourcesAuthz Rules
Security Groups
Employee
Non-Europe Employee
Security GroupsDestination
Internet
Confidential
Print/Copy
Access Rules
Access Rules
Source
Partners
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Delivering a Platform to Enable Shared Services
DD D D D D D D DVV V V V V V V V
Cisco TrustSec Technology: Next-Generation Security
Single unified platform enforcing policy
Duplicated Infrastructure, increased cost and complexity
Shared Workspace Environment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
AnyConnect Secure Mobility ClientNetwork and Security Follows User—It Just Works
Next-Gen Unified Security User/device identity Posture validation Integrated web security for always-on
security (hybrid)
Persistent Connectivity Always-on connectivity Optimal gateway selection Automatic hotspot negotiation Seamless connection hand-offs
Corporate Office
Mobile User
Home Office
Secure, Consistent Access
Voice—Video—Apps—Data
Broad Mobile Support Fixed and semi-fixed platforms Mobile platforms
Wired
3G/Wi-Fi
Broadband
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
ChoiceDiverse Endpoint Support for Greater Flexibility
Acceptable Use
Access Control
Data Loss Prevention
Threat Prevention
Intranet
Corporate File Sharing
Access Granted
Always On Security
AnyConnect Client
SecurityRich, Granular Security Integrated into the network
ExperienceAlways-on Intelligent Connection for SeamlessExperience and Performance
WSA ASA
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Enabling Seamless Remote and Mobile Working
Secure Mobile ConnectivityUnmanaged Devices, Risk ofData Loss, and Lack of Access
Mobile Government Worker
Cisco AnyConnect Secure MobilitySimple, Powerful Access – Anywhere, Any Device
AcceptableUse
Access Control
Data Loss Prevention
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
From Self-Defending Network to Secure Borderless Networks
Keep the Bad Guys
Out
FirewallAccess
IntrusionPrevention
Block Attacks
ContentSecurity
Email & Web
Self-Defending Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
From Self-Defending Network to Secure Borderless NetworksSelf-Defending Network
Enable Secure Borderless Access
FirewallAccess
IntrusionPrevention
Block Attacks
ContentSecurity
Email & Web
Policy & IdentityTrusted Access
Secure MobilityAlways On
Cloud SecurityHosted/Hybrid
New Security Requirements
Keep the Bad Guys
Out
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
An Architecture for Borderless Government
The Borderless Organisation Needs a Borderless Network Architecture.
1
Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network Innovation.
2
The Cisco Borderless Network delivers the Platform to transform service delivery.
3
top related