Five Essentials of BYOD Delivering Flexibility and Control in your business  John-Paul Sikking  Cisco Security Specialist©...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   2
LIMIT                                BASIC                ENHANCED                   ADVANCED            Environment      ...
Reactive/Proactive                                                           Security & Compliance                        ...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   5
Applications                                      Identity and Policy                         Management                  ...
Unified Network Access© 2012 Cisco and/or its affiliates. All rights reserved.           Cisco Public   7
Cisco Mobility Technology for High Performance Wireless Network               CleanAir                                    ...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   10
Broad…      … classification      of all traffic      1,000+ apps      MicroApp Engine      Deep classification      of ta...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   12
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   13
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   14
Identity Services Engine for Advanced Policy Management      IDENTITY                                                     ...
5 Dimensions of Policy    User(Who)                                Device (What)           Access      Location        Tim...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   17
Unified AccessSingle Pane of Glass View and Management of WLAN – LAN - WAN                                                ...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   19
Partner with Top MDM and Gen-i for a Complete Solution                                       Initial Vendors Managed Mobil...
MDM is a Key Element—But There is More                  MDM Partners                                                      ...
New Features for Zero Touch On-Boarding         Reduced Burden                                    Reduced Burden on       ...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   23
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   24
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   25
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   26
Applications                                     WebEx          Jabber                                              Manage...
Thank You© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public   28
Upcoming SlideShare
Loading in...5
×

ReadyCloud Collaboration, a Cisco Powered service

234

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
234
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Building layers to support All the the Devices. Taking an architectural approach. Not building out Point solutions.Re-iterate the 5 points, through the show.
  • Due to proliferation of web-based applications (all traversing ports 80 and 443) and the port-hopping nature of several applications like Skype, ports are no longer a good proxy for applications.“Next-generation” firewalls address this by offering application-based visibility and control. However, merely classifying an application is no longer enough either. Now you must identify the “micro-applications” being used within a bigger application, and make the access controls decision based on all of these inputs.ASA CX offers very granular controls that allow administrators to create firewall policies that match the nuanced business needs of today. ASA CX not only identifies 1,000+ applications, but also identifies 75,000+ micro applications, like Farmville on Facebook. These micro applications are bucketed into easy-to-use categories so that firewall administrators can easily allow / deny access to the relevant parts of the application, for example, on Facebook these micro applications are categorized into business, community, education, entertainment, games, and so on. Similarly, other applications like Google+, LinkedIn, Twitter, iTunes etc are also broken down into micro applications.In addition to micro applications, ASA CX also identifies the application behavior, that is, what action is the user taking within that application. As an example, the Facebook Videos category identifies whether the user is uploading, tagging or posting a video. So an administrator may allow users to view and tag videos, but not allow users to upload a video. You could also deny any postings from users, effectively making Facebook read-only.
  • Common control point – MDM plus moreCall our what our partnership entails…call our roadmap
  • Cisco’s Secure BYOD offers a complementary solution to the MDM vendors. PLEASE NOTE: There should be noMDM partnership discussions unless under NDA before March 20th, 2012. MDM deliver a great set of functionalities for smartphones and tablets only. They can: Do a device inventory Provision & de-provision devices Deliver data security Deliver device application security Cost management And enable full or selective wipeOne of the key element to know is that MDM solutions take full control of an employees owned to device to put it under managementCisco’s solution are complementary as they bring additional functionalities such as : User and device authentication, posture assessment, policy enforcement, contact aware controls with ISE Advanced web security and threat device with WSA and ScanSafe Secure Remote access with AnyConnectThe major difference is that we will address all kind of devices from printer, fax machines, laptops, smartphones, tablets…As you can see, Cisco Secure BYOD and MDM solutions are complementary and we are working on integration between the major MDM vendors and ISE to complete our storyTransition: Let’s now, put all the pieces together in a simple network diagram to show an example of how this blocks could be implemented
  • Break out into two slides … “on-boarding differentiators (1.1MR) on second slide”
  • Call to action – Come to the stand and have a look at a working BYOD network…
  • Transcript of "ReadyCloud Collaboration, a Cisco Powered service"

    1. 1. Five Essentials of BYOD Delivering Flexibility and Control in your business John-Paul Sikking Cisco Security Specialist© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
    2. 2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
    3. 3. LIMIT BASIC ENHANCED ADVANCED Environment Focus on Basic Enable Differentiated Corp Native Applications, Requires Tight Controls Services, Services, On-Boarding New Services, Easy Access with Security— Full Control Onsite/Offsite Corp Only Device Broader Device Types Multiple Device Types + Any Device, Any but Internet Only Access Methods Ownership© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    4. 4. Reactive/Proactive Security & Compliance Legal requirements / Privacy Data Protection and Integrity Social Media Cloud Mobility Application access and control Acceptable Use Insurance/purchasing/tax Visibility and control...© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    5. 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    6. 6. Applications Identity and Policy Management Unified Network Access Security and Remote Access BYOD Building Blocks with *Cisco® SecureX© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    7. 7. Unified Network Access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
    8. 8. Cisco Mobility Technology for High Performance Wireless Network CleanAir ClientLink 2.0 AVC AP 3600 Improved Improved Application Access Point Performance Performance Visibility and Innovation Control Proactive and Proactive and The Tablet AP, automatic interference automatic beam Control wireless enhanced throughput mitigation forming for 802.11n traffic by and coverage for and legacy clients Application. advanced applications for tablets and smart devices Identity Services Engine (ISE)—Unified Policy Management Prime Infrastructure —Central Network Management© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
    9. 9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
    10. 10. Broad… … classification of all traffic 1,000+ apps MicroApp Engine Deep classification of targeted traffic 75,000+ MicroApps App Behavior Control user interaction with the application© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
    11. 11. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
    12. 12. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
    13. 13. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
    14. 14. Identity Services Engine for Advanced Policy Management IDENTITY PROFILING 1 ISE HTTP 802.1x EAP NETFLOW User Authentication SNMP 2 VLAN 10 DNS VLAN 20 RADIUS Profiling to Policy Company identify device Decision Corporate DHCP asset 4 Resources HQ Wireless LAN Single SSID Controller Internet Only 2:38pm Personal 3 5 asset Posture Enforce policy of the device Unified Access in the network 6 Full or partial Management access granted© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
    15. 15. 5 Dimensions of Policy User(Who) Device (What) Access Location Time (When) (Which) Policy (Where) Conference M–S Captive Portal Guest Personal Device Wireless Rooms 8 am–6 pm DMZ Guest Tunnel Guest VLAN Contractor Contractor Contractor Wired Anytime Contractor VLAN Device cubicles No HR or M–S Contractor Personal Device Wireless Finance spaces 8 am -6 pm ACL Employee Employee Corporate Device Wired Anywhere Anytime VLAN Personal Device Employee Wireless Anywhere Anytime ACL VPN Anytime IF $Identity AND $Device AND $Access© 2012 Cisco and/or its affiliates. All rights reserved. AND $Location AND $Time THEN $Policy Cisco Public 16
    16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
    17. 17. Unified AccessSingle Pane of Glass View and Management of WLAN – LAN - WAN AFTER BEFORE Comprehensive user and Unified Access network Separated management Visibility & advanced troubleshooting WLAN Improved LAN Visibility WLAN LAN WAN WAN + Identity Siloed Inefficient Operational Model Simple Improves IT efficiency Repetitive Manual correlation of data Unified Single view of all user access data Error Prone Consumes time and resources Advanced Troubleshooting Less time and resources consumed Cisco Prime Infrastructure – Provides Unparalleled Visibility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
    18. 18. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
    19. 19. Partner with Top MDM and Gen-i for a Complete Solution Initial Vendors Managed Mobility services Gen-i Initial Vendors Initial Vendors Others Vendors© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
    20. 20. MDM is a Key Element—But There is More MDM Partners Cisco  User and device  Threat defense  Secure remote  Device inventory authentication access  Web use policy  Device provisioning  Classification & and de-provisioning  Web application Profiling DLP  Device data security  Policy enforcement  Device application  Context-aware security access control  Cost management  Full or selective device ISE AnyConnect ASA ScanSafe ESA/WSA remote wipe© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
    21. 21. New Features for Zero Touch On-Boarding Reduced Burden Reduced Burden on Self Service on IT Staff Help Desk Staff Model Device On-Boarding, Self Seamless Intuitive End User My Device Registration Registration, Supplicant Experience Portal, Guest© 2012 Cisco and/orProvisioning its affiliates. All rights reserved. Sponsorship Portal Cisco Public 22
    22. 22. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
    23. 23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
    24. 24. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
    25. 25. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
    26. 26. Applications WebEx Jabber Management Prime Infrastructure ISE Identity and Policy Security and Remote Access AnyConnect ScanSafe WSA ASA Router Router Wireless Wired Unified Network Access Devices Layer SMARTPHONES TABLETS GAME/PRINTER THIN/VIRTUAL DESKTOP/NOTEBOOKS© 2012 Cisco and/or its affiliates. All rights reserved. CLIENTS Cisco Public 27
    27. 27. Thank You© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

    ×