SlideShare a Scribd company logo

Kela

Cisco Case Studies
Cisco Case Studies

One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management.

Technology
1 of 3
Download to read offline
Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 7500 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960-S, 3750-X, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960-S Series Switches •• Cisco Catalyst 3750-X Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform Cisco Service Provider
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
iSpot- Cisco
iSpot- CiscoiSpot- Cisco
iSpot- CiscoCisco Case Studies
 
Top Right Group
Top Right GroupTop Right Group
Top Right GroupCisco Case Studies
 

More Related Content

What's hot

Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 

What's hot (20)

SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For You
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed Networking
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoT
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it management
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and Software
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for Change
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILE
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio Guide
 

Viewers also liked

Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemCisco Case Studies
 

Viewers also liked (15)

iSpot- Cisco
iSpot- CiscoiSpot- Cisco
iSpot- Cisco
 
Top Right Group
Top Right GroupTop Right Group
Top Right Group
 
EDIF-Cisco/EMC2
EDIF-Cisco/EMC2EDIF-Cisco/EMC2
EDIF-Cisco/EMC2
 
Cable&Wireless Worldwide
Cable&Wireless Worldwide Cable&Wireless Worldwide
Cable&Wireless Worldwide
 
Banca d'Alba
Banca d'Alba Banca d'Alba
Banca d'Alba
 
Topdanmark- Cisco
Topdanmark- CiscoTopdanmark- Cisco
Topdanmark- Cisco
 
Auchan
AuchanAuchan
Auchan
 
Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing System
 
Fastweb
Fastweb Fastweb
Fastweb
 
ATEA
ATEAATEA
ATEA
 
Carta carmen
Carta carmenCarta carmen
Carta carmen
 
Oman Arab Bank
Oman Arab Bank Oman Arab Bank
Oman Arab Bank
 
Boon Edam
Boon EdamBoon Edam
Boon Edam
 
Alfa bank
Alfa bankAlfa bank
Alfa bank
 
Viju case study
Viju case studyViju case study
Viju case study
 

Similar to Kela

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copyLee Millington
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONERobb Boyd
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesBilly jones Monarquia
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingAmazon Web Services
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco routerIT Tech
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionAbdulrahmanRahmani4
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionCisco Mobility
 
daisy_communications_cs
daisy_communications_csdaisy_communications_cs
daisy_communications_csSteve Colam
 

Similar to Kela (20)

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
 
Bellevue Group
Bellevue GroupBellevue Group
Bellevue Group
 
Ukrtransgaz
UkrtransgazUkrtransgaz
Ukrtransgaz
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONE
 
Telecom Italia
Telecom ItaliaTelecom Italia
Telecom Italia
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
OMV Petrom
OMV PetromOMV Petrom
OMV Petrom
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjones
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
Enea wytwarzanie
Enea wytwarzanieEnea wytwarzanie
Enea wytwarzanie
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco router
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone Solution
 
Vitra AG
Vitra AGVitra AG
Vitra AG
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
Daisy communications
Daisy communications Daisy communications
Daisy communications
 
daisy_communications_cs
daisy_communications_csdaisy_communications_cs
daisy_communications_cs
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 

More from Cisco Case Studies

Expo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITExpo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITCisco Case Studies
 
SAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwaySAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwayCisco Case Studies
 
Anyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersAnyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersCisco Case Studies
 

More from Cisco Case Studies (20)

Expo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_ENExpo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_EN
 
Expo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITExpo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_IT
 
Seeberger
Seeberger Seeberger
Seeberger
 
Neotel
Neotel Neotel
Neotel
 
Il Gruppo Marcegaglia
Il Gruppo MarcegagliaIl Gruppo Marcegaglia
Il Gruppo Marcegaglia
 
Marcegaglia Group
Marcegaglia GroupMarcegaglia Group
Marcegaglia Group
 
SAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwaySAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearway
 
AASTMT Case Study
AASTMT Case StudyAASTMT Case Study
AASTMT Case Study
 
Bauer
Bauer Bauer
Bauer
 
Universal Motors Agencies
Universal Motors AgenciesUniversal Motors Agencies
Universal Motors Agencies
 
Equitix
Equitix Equitix
Equitix
 
ScanPlus
ScanPlusScanPlus
ScanPlus
 
Odeabank Case Study
Odeabank Case StudyOdeabank Case Study
Odeabank Case Study
 
IBB Energie AG
IBB Energie AGIBB Energie AG
IBB Energie AG
 
Lufthansa Case Study
Lufthansa Case StudyLufthansa Case Study
Lufthansa Case Study
 
Schmitz Cargobull
Schmitz CargobullSchmitz Cargobull
Schmitz Cargobull
 
Mankiewicz Gebr & Co
Mankiewicz Gebr & Co Mankiewicz Gebr & Co
Mankiewicz Gebr & Co
 
Lomma Kommun
Lomma Kommun Lomma Kommun
Lomma Kommun
 
Skipton Building Society
Skipton Building SocietySkipton Building Society
Skipton Building Society
 
Anyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersAnyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End Users
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Kela

  • 1. Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 7500 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
  • 2. Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960-S, 3750-X, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
  • 3. Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960-S Series Switches •• Cisco Catalyst 3750-X Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3