Your SlideShare is downloading. ×
Express Data - BYOD
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Express Data - BYOD

250
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
250
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Building layers to support All the the Devices. Taking an architectural approach. Not building out Point solutions.Re-iterate the 5 points, through the show.
  • Due to proliferation of web-based applications (all traversing ports 80 and 443) and the port-hopping nature of several applications like Skype, ports are no longer a good proxy for applications.“Next-generation” firewalls address this by offering application-based visibility and control. However, merely classifying an application is no longer enough either. Now you must identify the “micro-applications” being used within a bigger application, and make the access controls decision based on all of these inputs.ASA CX offers very granular controls that allow administrators to create firewall policies that match the nuanced business needs of today. ASA CX not only identifies 1,000+ applications, but also identifies 75,000+ micro applications, like Farmville on Facebook. These micro applications are bucketed into easy-to-use categories so that firewall administrators can easily allow / deny access to the relevant parts of the application, for example, on Facebook these micro applications are categorized into business, community, education, entertainment, games, and so on. Similarly, other applications like Google+, LinkedIn, Twitter, iTunes etc are also broken down into micro applications.In addition to micro applications, ASA CX also identifies the application behavior, that is, what action is the user taking within that application. As an example, the Facebook Videos category identifies whether the user is uploading, tagging or posting a video. So an administrator may allow users to view and tag videos, but not allow users to upload a video. You could also deny any postings from users, effectively making Facebook read-only.
  • Common control point – MDM plus moreCall our what our partnership entails…call our roadmap
  • Cisco’s Secure BYOD offers a complementary solution to the MDM vendors. PLEASE NOTE: There should be noMDM partnership discussions unless under NDA before March 20th, 2012. MDM deliver a great set of functionalities for smartphones and tablets only. They can: Do a device inventory Provision & de-provision devices Deliver data security Deliver device application security Cost management And enable full or selective wipeOne of the key element to know is that MDM solutions take full control of an employees owned to device to put it under managementCisco’s solution are complementary as they bring additional functionalities such as : User and device authentication, posture assessment, policy enforcement, contact aware controls with ISE Advanced web security and threat device with WSA and ScanSafe Secure Remote access with AnyConnectThe major difference is that we will address all kind of devices from printer, fax machines, laptops, smartphones, tablets…As you can see, Cisco Secure BYOD and MDM solutions are complementary and we are working on integration between the major MDM vendors and ISE to complete our storyTransition: Let’s now, put all the pieces together in a simple network diagram to show an example of how this blocks could be implemented
  • Break out into two slides … “on-boarding differentiators (1.1MR) on second slide”
  • Call to action – Come to the stand and have a look at a working BYOD network…
  • Transcript

    • 1. Five Essentials of BYOD Delivering Flexibility and Control in your business John-Paul Sikking Cisco Security Specialist© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
    • 2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
    • 3. LIMIT BASIC ENHANCED ADVANCED Environment Focus on Basic Enable Differentiated Corp Native Applications, Requires Tight Controls Services, Services, On-Boarding New Services, Easy Access with Security— Full Control Onsite/Offsite Corp Only Device Broader Device Types Multiple Device Types + Any Device, Any but Internet Only Access Methods Ownership© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    • 4. Reactive/Proactive Security & Compliance Legal requirements / Privacy Data Protection and Integrity Social Media Cloud Mobility Application access and control Acceptable Use Insurance/purchasing/tax Visibility and control...© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    • 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    • 6. Applications Identity and Policy Management Unified Network Access Security and Remote Access BYOD Building Blocks with *Cisco® SecureX© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    • 7. Unified Network Access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
    • 8. Cisco Mobility Technology for High Performance Wireless Network CleanAir ClientLink 2.0 AVC AP 3600 Improved Improved Application Access Point Performance Performance Visibility and Innovation Control Proactive and Proactive and The Tablet automatic interference automatic beam Control wireless AP, enhanced mitigation forming for 802.11n traffic by throughput and and legacy clients Application. coverage for advanced applications for tablets and smart devices Identity Services Engine (ISE)—Unified Policy Management Prime Infrastructure —Central Network Management© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
    • 9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
    • 10. Broad… … classification of all traffic 1,000+ apps MicroApp Engine Deep classification of targeted traffic 75,000+ MicroApps App Behavior Control user interaction with the application© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
    • 11. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
    • 12. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
    • 13. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
    • 14. Identity Services Engine for Advanced Policy Management IDENTITY PROFILING 1 ISE HTTP 802.1x EAP NETFLOW User Authentication SNMP 2 VLAN 10 DNS VLAN 20 RADIUS Profiling to Policy Company identify device Decision Corporate DHCP asset 4 Resources HQ Wireless LAN Single SSID Controller Internet Only 2:38pm Personal 3 5 asset Posture Enforce policy of the device Unified Access in the network 6 Full or partial Management access granted© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
    • 15. 5 Dimensions of Policy User(Who) Device (What) Access Location Time (When) (Which) Policy (Where) Conference M–S Captive Portal Guest Personal Device Wireless Rooms 8 am–6 pm DMZ Guest Tunnel Guest VLAN Contractor Contractor Contractor Wired Anytime Contractor VLAN Device cubicles No HR or M–S Contractor Personal Device Wireless Finance spaces 8 am -6 pm ACL Employee Employee Corporate Device Wired Anywhere Anytime VLAN Personal Device Employee Wireless Anywhere Anytime ACL VPN Anytime IF $Identity AND $Device AND $Access© 2012 Cisco and/or its affiliates. All rights reserved. AND $Location AND $Time THEN $Policy Cisco Public 16
    • 16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
    • 17. Unified AccessSingle Pane of Glass View and Management of WLAN – LAN - WAN AFTER BEFORE Comprehensive user and Unified Access network Separated management Visibility & advanced troubleshooting WLAN Improved LAN Visibility WLAN LAN WAN WAN + Identity Siloed Inefficient Operational Model Simple Improves IT efficiency Repetitive Manual correlation of data Unified Single view of all user access data Error Prone Consumes time and resources Advanced Troubleshooting Less time and resources consumed Cisco Prime Infrastructure – Provides Unparalleled Visibility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
    • 18. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
    • 19. Partner with Top MDM and Gen-i for a Complete Solution Initial Vendors Managed Mobility services Gen-i Initial Vendors Initial Vendors Others Vendors© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
    • 20. MDM is a Key Element—But There is More MDM Partners Cisco  User and device  Threat defense  Secure remote  Device inventory authentication access  Web use policy  Device provisioning  Classification & and de-provisioning  Web application Profiling DLP  Device data security  Policy enforcement  Device application  Context-aware security access control  Cost management  Full or selective device ISE AnyConnect ASA ScanSafe ESA/WSA remote wipe© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
    • 21. New Features for Zero Touch On-Boarding Reduced Burden Reduced Burden on Self Service on IT Staff Help Desk Staff Model Device On-Boarding, Self Seamless Intuitive End User My Device Registration Registration, Supplicant Experience Portal, Guest© 2012 Cisco and/orProvisioning its affiliates. All rights reserved. Sponsorship Portal Cisco Public 22
    • 22. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
    • 23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
    • 24. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
    • 25. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
    • 26. Applications WebEx Jabber Management Prime Infrastructure ISE Identity and Policy Security and Remote Access AnyConnect ScanSafe WSA ASA Router Router Wireless Wired Unified Network Access Devices Layer SMARTPHONES TABLETS GAME/PRINTER THIN/VIRTUAL DESKTOP/NOTEBOOKS© 2012 Cisco and/or its affiliates. All rights reserved. CLIENTS Cisco Public 27
    • 27. Thank You© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28