GSF 2011 Bill Mcgee 2-5 Securing Mobile Government
 

GSF 2011 Bill Mcgee 2-5 Securing Mobile Government

on

  • 467 views

Securing a Mobile Government

Securing a Mobile Government
Bill McGee

Statistics

Views

Total Views
467
Views on SlideShare
467
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

GSF 2011 Bill Mcgee 2-5 Securing Mobile Government GSF 2011 Bill Mcgee 2-5 Securing Mobile Government Presentation Transcript

  • Securing A MobileGovernmentBill McGee, Manager Security Solutions, CiscoGovernment Solutions ConferenceMarch 1, 2011© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  • Cisco 3Q10 Threat Report© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • Cisco Annual Security Report, December 2010© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • • What’s Happening Consumerization, Mobility, Virtualization, Collaboration • The Challenges We Face The current environment and the evolving threats Regulatory Requirements • Strategies A look at secure mobility solutions • AnyConnect Client • Cisco Virtual Office • TrustSec Access Control© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 60% 66% 45% 45% 57% Don’t need to Accept a lower- Work an extra Of IT staff Of IT staff said be in the office paying job 2-3 hours a unprepared to security is the (10%) for work days if allowed make biggest challenge flexibility to do so workforces for mobile remotely more mobile workforce© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  • Economic Uncertainty Service Efficiency Citizen Experience Governments of all sizes 1.3 Billion new networked Increasing Citizen are looking to maximize mobile devices in next Expectations investment while reducing three years Agent ↔ Self Service costs Impacting communications 9 to 5 ↔ 24/7 and service delivery Anyone, Anything, Anywhere, Anytime© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  • Mobile Collaboration and Virtualization Computing Social Media and Cloud Explosive growth Content rich, real time Agility, cost savings 462 M new devices per year 175 M Twitter users Most new servers virtual 40% plan move to cloud 1.2 B mobile users 500M + Facebook users Cloud computing services 4X video traffic by 2014 to grow to $44 B by 2013 Changing IT Environment. New Security Challenges.© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  • Mobile Worker Access from various devices (e.g., kiosks, PDAs, netbooks, laptops)Disaster Recovery Supply PartnerRequires greatest access Unmanaged desktop;flexibility to accommodatediverse devices andlocations; Access ? complex support issues Requires limited access torequirements vary widely corporate resourcesSecurity/access is criticalTeleworker Contractor, TempRequires consistent Access requirementsLAN-like performance vary greatly. Unmanaged or managed computers; access needs to be limited Remote Access Requirements Vary Greatly by User, Location, Desktop and Other Criteria© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • Cisco Connect World Report, Fall 2010© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  • • How do I manage multiple devices?• How do I manage a workforce in motion?• Where do I make policy decisions?• Where and how do I enforce policy?• How do I ensure consistency?• How can I scale this across my distributed network?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  • Common Regulatory Requirements • Control access to information, applications, records, etc. • Control ingress/egress of data • Ensure privacy for groups and individuals • Segment certain classes of users • Control access to devices, servers, and management platforms by both users and devices • Manage and inventory IP-enabled devices, and controlling their behavior based on policy • Enforce access policy beyond the ingress point • Monitor, record, and audit users and devices© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  • Service Efficiency Citizen Safety and Experience Security© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  • Government Service Efficiency Borderless Mobility Delivers  Integrated communications increases speed of decision making by improving collaboration and access to the right people at the right time Replacing legacy systems to reduce ongoing costs Improves worker flexibility and productivity by eliminating the requirement to be in the office for many job functions.© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  • Citizen Experience Borderless Mobility Delivers Citizen Contacts City for Inspection Approval Citizen interaction tailored to effectively communicate and more efficiently provide services Presence Helps Reduced time for question/issue Find Inspector to Sign Off on resolutions Permit so Business Can Business can Scale unique employee capabilities via Open to Open Customers virtual experts© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  • Safety and Security Borderless Mobility Delivers A Citizen Captures a Video of a Situation and Sends to Emergency Services Local Control Facilitated collaboration during incidents improves Relays Information and decision processes and accelerates response Video to First Responders IP- based video sharing enables efficient and more comprehensive situation analysis and response Coordinated Response Addresses Secure, integrated communications network Incident and enables all systems to interoperate and maintain Minimizes situational awareness Disruption© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  • • National cybersecurity awareness campaign• Help educate everyone• Tools and content to drive security awareness www.stopthinkconnect.org© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  • The World The World Un-Managed as We Knew It Today Devices Un-Managed Managed Devices Devices© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  • • Secure network connection and communication from endpoint devices• Move Security enforcement closer to the userAnyConnect Secure MobilityClient 3.0 Unified access interface for SSL-VPN, IPSec & 802.1X for LAN/WLAN MACsec / MKA data encryption in software ScanSafe mobile web security© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  • Network and Security Follows User—It Just Works Corporate Mobile Home Office User Office Broad Mobile Support Fixed and semi-fixed platforms Mobile platforms Persistent Connectivity Wired Wi-Fi Always-on connectivity Cellular/Wi-Fi Optimal gateway selection Automatic hotspot negotiation Seamless connection hand-offs Next-Gen Unified Security Secure, User/device identity Consistent Posture validation Access Integrated web security for always-on security (hybrid) Clientless and desktop virtualization Voice—Video—Apps—Data© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  • Architecture Overview AnyConnect User Interface Management Head-ends Services Interfaces Service Provider Integration AnyConnect Platform Architecture Head End Devices Trustsec and Cisco MedianetWired switches and NAC ASA Remote Access Web Security Cloud WebWireless controllers Appliances ISRs Security© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  • Flexible Workspaces Retaining employees and talent Ensuring employee satisfaction Increasing workforce productivity and efficiency Maintaining business continuity and disaster recovery Controlling rising cost of real estate and overhead Managing and deploying mobile devices and infrastructure Maintaining security Supporting a variety of mobile devices© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  • Corporate Office Home Office Single© 2010 Cisco and/or its affiliates. All rights reserved. Phone Line Wireless Network Same Secure Application Resource Access Cisco Confidential 28
  • Cisco Virtual Office Cisco Virtual Office Express Optimized for - site-to-site resilient Optimized for - express deployment Unified Communications Services include Unified Full featured management platform, Communication, policy definition, services include UC, policy identity and automated configuration definition, identity, and automated push. configuration push Cisco ASR or ISR G2: ISR G2: Head-End VPN Head-End VPN Corporate Corporate Campus Campus Cisco Manage Express Configuration Engine AAA Virtual Office AAA (ACS optional) (MEVO)© 2010 Cisco and/or its affiliates. All rights reserved. (ACS optional) Cisco Confidential 29
  • Remote Site Head-End Site Cisco Unified Cisco 800 Series Secure Cisco Secure Zero Touch Phone 7900 Series Wireless Router Router with VPN Management© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  • Lowers Real Estate and Overhead Costs Increases Productivity Enables Business Continuity Planning Decreases Carbon Emissions Enables Next Generation Workforce Helps meet compliance such as PCI© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 31
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  • How dodoon mywantof this? Where is controlnetwork? What is on my network? Who I they all to go?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  • Non- Non-Authenticating Authorized Access Guest Access Devices • How can I restrict access • Can I allow guests • How do I discover to my network? Internet-only access? non-authenticating • Can I manage the risk of • How do I easily create a devices? using personal PCs? guest account? • Can I determine what • Common access rights • Can this work in wireless they are? when on-premises, at and wired? • Can I control their home, on the road? • How do I monitor guest access? • Are endpoints healthy? activities? • Are they being spoofed?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  • Identity Other Authorization Information Conditions (Controlling Access) Vicky Sanchez Group: Broad Access Employee, Marketing Wireline Full-Time 3 p.m. Employee Limited Access Time and Date Frank Lee Guest/Internet Guest Wireless 9 a.m. Group: Quarantine Contractor Posture Location Deny Access Security Camera G/W Agentless Asset MAC: F5 AB 8B 65 00 D4 Group: Guest Francois Didier Consultant Device Access Track Activity for HQ—Strategy Remote Access Type Type Compliance 6 p.m.© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  • Differentiated Access Remote/Mobile Workers •Users & Devices • AnyConnect w/802.1X •Guests • NAC Agent •Non-User Devices Centralized Policy Internet •Posture Assessment Guests Users and •Client Management Endpoints ISE •Centralized Policy Creation STOP •Policy Distribution and Control Directory •Monitoring & Troubleshooting Service •Device Profiling Non–User •Guest Services Identity–Based Devices Wireless Firewall Access • ASA Enforced 802.1X Identity Policy • Switch-based Virtual Cisco Campus Authentication Data Center Catalyst Network • MACsec Encryption Switch • Hop-by-Hop Data STOP Inspection Protected • Security Group Tagging Resources • Security Group-based Nexus 7000 Enforcement Switch© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
  • • With a Cisco TrustSec solution in place, organizations are able to: Secure Network Secure Access Secure Endpoints Resources • Provide unified access • Enforce device health • Tag data and enforce policy for wired, through posture policy using Secure wireless, and VPN assessment Group Access connections • Secure communications • Secure access to and • Provide role-based between endpoints and between Data Center access for any user the network resources (static and or group virtual) • Provide self-service guest access • Ensure switch-to-switch data security using MACsec encryption© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
  • 1 Do I Have a Consistent Access Policy Architecture Across My Network for all Users and Devices? Does my wireless network provide pervasive, reliable and scalable coverage to support new mobile devices? Can I manage my wired and wireless networks together? Can my network provide guest access? 2 Can My Network Deliver Real-Time Collaboration Experiences? Can I deliver video and collaboration across any network? Can Mobile Devices Access My Network Securely, Reliably 3 and Seamlessly? Can my wireless network proactively mitigate the impact of wireless interference? Can I ensure security for mobile devices like the Cius, iPad, iPhone, BlackBerry and Android?© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
  • Enable Borderless Experiences The The RIGHT RIGHT User Device From ANY At Location ANY Time Securely, Reliably, Seamlessly 40© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  • Always on connectivity with mobile devices that you may not procure Attacks targeting your users, exploiting trust and “in policy” actions Collaboration and social media as the new communication tools The ongoing need for education and awareness© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
  • Resources www.stopthinkconnect.org/ www.cisco.com/go/fedsecurity www.cisco.com/security www.cisco.com/go/security www.cisco.com/go/designzoneBill McGee, bam@cisco.com
  • Thank you.