SlideShare a Scribd company logo

Kela

Cisco Case Studies
Cisco Case Studies

One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management.

Technology
1 of 3
Download to read offline
Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 7500 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960-S, 3750-X, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960-S Series Switches •• Cisco Catalyst 3750-X Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 

Recommended

IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...
Cisco Connect Ottawa 2018 Cisco digital buildings and the 4th utility w co...Cisco Canada
 
TechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceTechWiseTV Workshop: Cisco DNA Center Assurance
TechWiseTV Workshop: Cisco DNA Center AssuranceRobb Boyd
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform Cisco Service Provider
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
iSpot- Cisco
iSpot- CiscoiSpot- Cisco
iSpot- CiscoCisco Case Studies
 
Top Right Group
Top Right GroupTop Right Group
Top Right GroupCisco Case Studies
 

More Related Content

What's hot

Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsCisco Case Studies
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Russia
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Canada
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoTCisco Canada
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco Canada
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareReal-Time Innovations (RTI)
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeCisco Canada
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEAshish Tyagi
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Insight
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 

What's hot (20)

SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform SP 5G: Unified Enablement Platform
SP 5G: Unified Enablement Platform
 
Cisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For YouCisco Meraki: Let Simple Work For You
Cisco Meraki: Let Simple Work For You
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
 
Cisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed NetworkingCisco Meraki Cloud Managed Networking
Cisco Meraki Cloud Managed Networking
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Cisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple ITCisco Connect Halifax 2018 Simple IT
Cisco Connect Halifax 2018 Simple IT
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoT
 
Cisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it managementCisco connect winnipeg 2018 simple it leads to simple it management
Cisco connect winnipeg 2018 simple it leads to simple it management
 
Internet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and SoftwareInternet of Things (IoT) Costs, Connectivity, Resources and Software
Internet of Things (IoT) Costs, Connectivity, Resources and Software
 
Data, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for ChangeData, Technology, and Innovation: Platform for Change
Data, Technology, and Innovation: Platform for Change
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
JUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILEJUGITER BUSINESS PROFILE
JUGITER BUSINESS PROFILE
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio Guide
 

Viewers also liked

Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemCisco Case Studies
 

Viewers also liked (15)

iSpot- Cisco
iSpot- CiscoiSpot- Cisco
iSpot- Cisco
 
Top Right Group
Top Right GroupTop Right Group
Top Right Group
 
EDIF-Cisco/EMC2
EDIF-Cisco/EMC2EDIF-Cisco/EMC2
EDIF-Cisco/EMC2
 
Cable&Wireless Worldwide
Cable&Wireless Worldwide Cable&Wireless Worldwide
Cable&Wireless Worldwide
 
Banca d'Alba
Banca d'Alba Banca d'Alba
Banca d'Alba
 
Topdanmark- Cisco
Topdanmark- CiscoTopdanmark- Cisco
Topdanmark- Cisco
 
Auchan
AuchanAuchan
Auchan
 
Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing System
 
Fastweb
Fastweb Fastweb
Fastweb
 
ATEA
ATEAATEA
ATEA
 
Carta carmen
Carta carmenCarta carmen
Carta carmen
 
Oman Arab Bank
Oman Arab Bank Oman Arab Bank
Oman Arab Bank
 
Boon Edam
Boon EdamBoon Edam
Boon Edam
 
Alfa bank
Alfa bankAlfa bank
Alfa bank
 
Viju case study
Viju case studyViju case study
Viju case study
 

Similar to Kela

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copyLee Millington
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONERobb Boyd
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...IT Tech
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesBilly jones Monarquia
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingAmazon Web Services
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco routerIT Tech
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionAbdulrahmanRahmani4
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionCisco Mobility
 
daisy_communications_cs
daisy_communications_csdaisy_communications_cs
daisy_communications_csSteve Colam
 

Similar to Kela (20)

case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
 
Bellevue Group
Bellevue GroupBellevue Group
Bellevue Group
 
Ukrtransgaz
UkrtransgazUkrtransgaz
Ukrtransgaz
 
TechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONETechWiseTV Workshop: Cisco ONE
TechWiseTV Workshop: Cisco ONE
 
Telecom Italia
Telecom ItaliaTelecom Italia
Telecom Italia
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...Definitely, cisco mobility express solution eases your wi fi deployments solu...
Definitely, cisco mobility express solution eases your wi fi deployments solu...
 
OMV Petrom
OMV PetromOMV Petrom
OMV Petrom
 
Cisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjonesCisco application infrastracture controller (apic) billyjones
Cisco application infrastracture controller (apic) billyjones
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
Enea wytwarzanie
Enea wytwarzanieEnea wytwarzanie
Enea wytwarzanie
 
How much you know about cisco, cisco router
How much you know about cisco, cisco routerHow much you know about cisco, cisco router
How much you know about cisco, cisco router
 
The Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone SolutionThe Cisco IP/MPLS Backbone Solution
The Cisco IP/MPLS Backbone Solution
 
Vitra AG
Vitra AGVitra AG
Vitra AG
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
Daisy communications
Daisy communications Daisy communications
Daisy communications
 
daisy_communications_cs
daisy_communications_csdaisy_communications_cs
daisy_communications_cs
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
ICC Networking Value Proposition
ICC Networking Value PropositionICC Networking Value Proposition
ICC Networking Value Proposition
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 

More from Cisco Case Studies

Expo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITExpo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITCisco Case Studies
 
SAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwaySAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwayCisco Case Studies
 
Anyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersAnyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersCisco Case Studies
 

More from Cisco Case Studies (20)

Expo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_ENExpo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_EN
 
Expo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_ITExpo Milano 2015 Case Study_IT
Expo Milano 2015 Case Study_IT
 
Seeberger
Seeberger Seeberger
Seeberger
 
Neotel
Neotel Neotel
Neotel
 
Il Gruppo Marcegaglia
Il Gruppo MarcegagliaIl Gruppo Marcegaglia
Il Gruppo Marcegaglia
 
Marcegaglia Group
Marcegaglia GroupMarcegaglia Group
Marcegaglia Group
 
SAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearwaySAAOne Case Study: Private cloud for data clearway
SAAOne Case Study: Private cloud for data clearway
 
AASTMT Case Study
AASTMT Case StudyAASTMT Case Study
AASTMT Case Study
 
Bauer
Bauer Bauer
Bauer
 
Universal Motors Agencies
Universal Motors AgenciesUniversal Motors Agencies
Universal Motors Agencies
 
Equitix
Equitix Equitix
Equitix
 
ScanPlus
ScanPlusScanPlus
ScanPlus
 
Odeabank Case Study
Odeabank Case StudyOdeabank Case Study
Odeabank Case Study
 
IBB Energie AG
IBB Energie AGIBB Energie AG
IBB Energie AG
 
Lufthansa Case Study
Lufthansa Case StudyLufthansa Case Study
Lufthansa Case Study
 
Schmitz Cargobull
Schmitz CargobullSchmitz Cargobull
Schmitz Cargobull
 
Mankiewicz Gebr & Co
Mankiewicz Gebr & Co Mankiewicz Gebr & Co
Mankiewicz Gebr & Co
 
Lomma Kommun
Lomma Kommun Lomma Kommun
Lomma Kommun
 
Skipton Building Society
Skipton Building SocietySkipton Building Society
Skipton Building Society
 
Anyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End UsersAnyweb: Enabling IT Teams to Delight End Users
Anyweb: Enabling IT Teams to Delight End Users
 

Recently uploaded

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Kela

  • 1. Managing Different Devices and Network Access Policy Safely Customer Case Study One of Europe’s largest Cisco ISE deployments enables Kela to secure flexible working practices and simplify IT management EXECUTIVE SUMMARY Customer Name: Kela Industry: Government Location: Finland Number of Employees: 7500 Challenge • Introduce BYOD-enabled flexible working while maintaining data security • Reduce consequent workload on IT team Solution • Cisco Smart Security solution, providing policy-based access control, identityaware networking, and data integrity and confidentiality • Cisco products and services include TrustSec, Identity Services Engine, and Prime Infrastructure Manager Results • Provided secure authentication for 7500+ users • Cut phone configuration time to zero • Improved network troubleshooting Challenge Kela is the national social security provider for Finland, processing more than four million benefit applications and over €13.5 billion in benefit payments annually. Like many public sector organizations, it is constantly looking to improve the efficiency and quality of citizen services. Employee mobility is an intrinsic part of this plan. With a highly distributed workforce of 7500 employees spread across 400 locations, the agency introduced flexible working practices over a decade ago. At that time, the main IT focus was on securing corporate devices and vast amounts of confidential data across wired and virtual private networks. This approach used RADIUS access control servers and, more recently, a Cisco Secure Access Control System. However, things changed when Kela deployed wireless networking. With employees increasingly seeking to connect personal devices, the agency was forced to rethink IT strategy. “A powerful and flexible unified access security system was needed, one that could enforce a safe bring-your-own-device policy and manage different devices like Samsung GalaxyTabs, Nokia Lumia phones, Apple iPhones and iPads, and so on.” says Juha Lappalainen, development manager at Kela. Solution Kela issued a significant public sector tender for WAN, LAN, and fixed and mobile voice services. Elisa, a Cisco® Gold Certified Partner and already the agency’s WAN provider, won the tender, which included security services with a Cisco Smart Security proposal. “In addition to the advanced security functionalities of Cisco switches, Elisa has strong knowledge of Cisco solutions and experience of running Cisco-based business-critical networks,” says Lappalainen. “The Cisco team actively offers new ideas and helps us if and when needed.” © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 3
  • 2. Customer Case Study “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Elisa installed the new solution following a Cisco TrustSec® Validated Design, and now operates it on behalf of Kela. At the solution’s center is the Cisco Identity Services Engine (ISE), which forms a security policy management and control platform. It enforces usage policies in conjunction with Cisco TrustSec across wired and wireless networks and potentially VPNs. Kela also uses ISE for a range of other functions, including access control, profiling, and security posture policies on endpoints. Juha Lappalainen Development Manager Kela These integrated components protect a vast IT infrastructure comprising around 900 Cisco Catalyst® 2960-S, 3750-X, and 6509 Series Switches, with more than 300 Cisco Aironet® 2600 Series Access Points and two Cisco 5508 Series Wireless Controllers. For redundancy, Kela has an ISE server at both of its main data centers, along with fully redundant Active Directory and application servers. RADIUS server load-balancing is implemented as a feature on the Cisco Catalyst switches, along with Cisco AutoQoS to help ensure prioritization for IP telephony and video data traffic. This holistic approach also incorporates Cisco Prime™ Infrastructure Manager, which is used for gaining insight into the network, troubleshooting, and in-depth reporting. Completing the Cisco Smart Security solution, Cisco Mobility Services Engine forms a wireless intrusion prevention system for solving connectivity problems and capturing network events that can be used to create a knowledge base. The organization has different access policies and mechanisms for different devices. Extensible Authentication Protocol (EAP)-Transport Layer Security machine certificates are used for Kela assets. Meanwhile, EAP-Protected Extensible Authentication Protocol is used for bring-your-own-device (BYOD) endpoints. For IP phones, Kela uses MAC Authentication Bypass (MAB) to provide limited access for endpoints that the network does not recognize. “Machine certificates are our preferred authentication method. They offer strong authentication and best automation for device access control,” adds Lappalainen. Results The Cisco Smart Security solution provides authentication for around 7500 users and some 8000 workstations and laptops, 3000 BYOD endpoints (mainly Apple iPads), 5000 IP phones, and more than 2000 smartphones. In addition, ISE grants access to around 1000 multipurpose devices and printers along with 300 other assorted network devices. The Kela Cisco ISE deployment is one of the largest in Europe. Importantly, Kela is able to deal with the BYOD trend easily and securely. “ISE has the intelligence to handle the access policy for different devices and user needs,” says Lappalainen. Furthermore, the four-strong IT team saves time whenever a new company phone is handed out because there is no longer any need to carry out a manual port configuration. Instead users download their phone configuration from a Trivial FTP server and have the device registered on the system. “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network,” says Ilari Saikkonen, senior IT specialist, Kela. Pre-known phones connect via a separate VLAN with authentication through EAPMessage Digest 5 (MD5). The advantage of this access policy is that Kela can provision new phones with zero administration effort. Similarly printer management has been greatly simplified. Previously they had to be authenticated using MAB with Active Directory group and location information. Now they can be added on a plug-and-play basis using a centralized access policy over 802.1X with EAP-MD5. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 3
  • 3. Customer Case Study “ISE has automated and simplified access control for network devices such as printers, IP phones, and thin-clients and now we have enhanced visibility of our network.” Ilari Saikkonen, Senior IT Specialist Kela User experience has also improved. “With Cisco Prime we can easily see, for example, the wireless network status, and quickly troubleshoot if users have problems on accessing network services,” Lappalainen says. “ISE and Prime are very good: secure, flexible, and offering greater network visibility. With ISE, we can also apply a posture health check for workstations, to ensure end devices are compliant with our security policy.” Next Steps Further benefit is foreseen from implementing new features such as Cisco EnergyWise™ and new products such as Catalyst 2960-X, 3850, and 4500 Series Switches and Cisco Aironet 600 Series OfficeExtend Access Points for remote users. This next phase of network evolution could help boost video collaboration across the organization. “Internet videos and video calls are common nowadays, and increasing,” Lappalainen says. “This trend brings new demands for the LAN but especially for the wireless LAN. More application visibility and quality of service may be needed. Because of continuous feature development, we see the Cisco solutions as providing good investment protection.” For More Information To learn more about the Cisco architectures and solutions featured in this case study go to: www.cisco.com/go/trustsec www.cisco.com/go/ise www.cisco.com/go/wireless Product List Wireless •• Cisco Aironet 2600 Series Access Points •• Cisco 5508 Series Wireless Controller Routing and Switching •• Cisco Catalyst 2960-S Series Switches •• Cisco Catalyst 3750-X Series Switches •• Cisco Catalyst 6509 Series Switches Security •• Cisco TrustSec •• Cisco Identity Services Engine •• Cisco Prime Infrastructure Manager •• Cisco Mobility Services Engine •• Cisco Wireless Intrusion Prevention System Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Printed in the UK ES/1213 Page 3 of 3