Beyond BYOD The Optimal Experience for Any Workspace  Scot Hull  Security Specialist  Spring 2012© 2012 Cisco and/or its a...
2011                                                            employee-owned devices used to                  41%       ...
© 2012 Cisco and/or its affiliates. All rights reserved.   3
© 2012 Cisco and/or its affiliates. All rights reserved.   4
© 2012 Cisco and/or its affiliates. All rights reserved.   5
Does your organization have a “BYOD” Security Policy?                                                           Do your em...
The Platform Chaos is Shaking OutAndroid King of Smartphones, While Apple Reigns in Tablets                               ...
462 million   CHALLENGE           350M of these devices connecting to Facebook!© 2012 Cisco and/or its affiliates. All rig...
© 2012 Cisco and/or its affiliates. All rights reserved.   9
© 2012 Cisco and/or its affiliates. All rights reserved.   10
BYOD Security RisksEmployee-owned Mobile DevicesAre Riskiest                                                       THREATS...
Customer Goals WorthyPriorities d Use Cases1.                               Protect endpoints                             ...
Home, Hospital, 3G                                                                                                        ...
Securing                          Managing      Delivering                           Any                             Compl...
Uncompromised Experience for Any WorkspaceDevice Onboarding                                          Unified     Uncomprom...
© 2012 Cisco and/or its affiliates. All rights reserved.   16
Trusted                                                            WiFi                             Authenticate User    ...
Unified Policy                                                                     -Zero touch provisioning               ...
Trusted                                                                          WiFi                                     ...
Trusted                                                             WiFi© 2012 Cisco and/or its affiliates. All rights res...
Unified Policy                                                                                              -Identity base...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   22
Trusted                                                                                    WiFi                           ...
Access: Limited                                 Access: Limited                       Internet                            ...
Play Video                     Play Video                                   Play Video              Play Video© 2012 Cisco...
One Network  -Client Acceleration  -Video scale  -POE pass-through              One Policy-Identity based access control  ...
© 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Confidential   27
WiFi Hotspot                                                           Access: Limited                                    ...
SIZE                                                              M                                                       ...
Unified Policy- Identity-based accesscontrol                                                                              ...
© 2012 Cisco and/or its affiliates. All rights reserved.   31
Unified Policy                                             Add to Client File?-Identity-based accesscontrol- ScanSafe     ...
© 2012 Cisco and/or its affiliates. All rights reserved.   33
Trusted WIFI         Unified Policy                                                                    HD                 ...
NEW Identity Services Engine (ISE) FeaturesSINGLE SOURCE                                              For wired, wireless,...
Seamless wired/wireless/VPNUncompromised                                              Highest performance and scaleExperie...
© 2012 Cisco and/or its affiliates. All rights reserved.   37
Thank You© 2012 Cisco and/or its affiliates. All rights reserved.   38
Upcoming SlideShare
Loading in …5
×

Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012

2,171 views

Published on

See this slide deck from a wonderful "Beyond BYOD" presentation by Cisco's Scot Hull, which took place at Stalwart's 3rd Annual Executive Briefing and CIO Roundtable at the Grove Park Inn.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,171
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
136
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • 90 percent…
  • These same trends are also affecting other industriesFor example, retailers are seeing a huge return from using wireless mobile devices to get customers to convert on purchases. Studies show that users who bring in a coupon on their mobile device are 30% more likely to convert or purchase the promoted product or service. A recent study by Gartner also showed that mobile couponing was one of the top activities consumers who use mobile devices for shopping.
  • TowerGroup estimates that efficiency increases 20% to 30% because the transmission of information is on demand and more efficient than the traditional process of taking notes and photos and using them later to compile a report. The mobile solution reduces a two-step process to a one-step process.
  • 48.9% say the iPad helps them be more responsive to clients
  • We have talked about quite a few security challenges today and approaches to address them. But with so much change upon us, where should an organization start. One approach is to perhaps ask yourself and your organization some questions that might help you answer how your security strategy is ready to address these changes and enable the business:Are you exploring new business models in the cloud?Do your employees use their personal smart phones/tablets/PC/other for work?Are you protected against vulnerabilities introduced by collaboration tools and social media sites?Do you proactively protect your business against newest threats? How do you cope with zero day threats? What are your compliance needs? Are you meeting them?Are you enforcing the same security policies consistently across your organization? Are your security operational cost rising with increased security complexity?
  • A recent Cisco Connected World Report shows that employees expect to have more flexible work options. For many, such flexibility is even more important than salary. IDC predicts that in 2012, the number of mobile devices is likely to reach 462 million, exceeding PC shipments.Such increased access methods and devices present major challenges for many organizations, as they try to maintain a high level of security while supporting productivity and work flexibility. Some specific challenges include:1) Mobile workers need access to resources on the internal network from anywhere, and they also need access to cloud-based services.2) The large number of user-owned mobile devices and many different types of these devices make it difficult for organizations to identify the devices and to ensure policy compliance.3) Without proper protection, data residing on the mobile devices becomes a high risk of corporate data loss as well as compliance violations.
  • That’s pretty incredible, but just how much is our hunger for always-connected data growing? Globally, mobile data traffic will grow 26-fold from 2010 to 2015, a compound annual growth rate of 92%. This is getting interesting.
  • that’s over 15 billion mobile-connected devices just four years from now. And these mobile-connected devices will generate as much traffic in 2015 as the entire global mobile network in 2010.
  • In addition to the multi-dimensional complexity of the internet edge, the traffic traversing the internet edge is richer than ever before. Not many years ago the workstations were locked down and all the applications that you needed to use or access were installed or explicitly made accessible by IT on the your machine. If you needed a sales app or a finance app, IT would come and install the application or the fat client on the user’s machine. Today the situation is dramatically different. While email was one of the first applications enabling the borderless internet edge experience, the traffic today is much more complex and includes application types like web surfing, video, audio, SaaS, applications tunneling over the Web (IM, P2P). With more and more traffic going over the Web, HTTP has become the new TCP.It is becoming more and more of a common site where employees are logged into WebEx, Enterprise Email, Facebook / LinkedIn, their personal email – all at the same time, thus blurring the lines between business traffic and personal traffic at the internet edge. While this has in many ways improved collaboration and productivity, it raises new challenges for effective management of this traffic.
  • Imagine what this could mean in a healthcare setting.A busy doctor doesn’t have time to sit down at his desk to get info on what patients he needs to see and their medical background.So what if that doctor were to buy an iPad on his lunch break?
  • He’d have to talk to the IT person about having the device onboarded..The IT manager tells the doctor that can self-provision his access and “onboard” the device and the network will apply all the correct policies and facilitate installation of approved apps Since he wants full access, he needs to accept an MDM client for security. Things like remote wipe and data loss prevention are critical to keeping the company network secure.Luckily, the Cisco infrastructure can help him apply these policies automatically, without IT intervention
  • The doctor is alright with accepting all these security configurations. He knows that with the right network set-up, he can rely on his mobile device to help track his patient visits and tell him who’s on his rotation.
  • When he goes into a treatment room to see his patient…
  • …he can pull up their EMR and x-ray images on his tablet.Cisco’s Aironet 3600 and WLAN controller actively avoids RF interference from the in-room blanket warmer with CleanAir technology.And his iPad, which is a “one spatial stream” device – it’s a slower 802.11n speed – is actively accelerated by the access point using Cisco beamforming technology called ClientLink. The new ClientLink 2.0 technology now accelerates 802.11n devices in addition to legacy 802.11a/g.If he discovers that he needs to consult another specialist, he can use his mobile device to facilitate this collaboration using Jabber, the same application he uses on his hospital-issued laptop.
  • All of this requires secure access to the hospital network. But that can be more complicated than it sounds.IT engineers need to ensure that all the different users in the hospital can get on the network with different levels of access. And depending on how secure their device is, they might need different levels of access even for the same person.Cisco’s Identity Services Engine, or ISE, monitors for policy changes, consumes posture information from MDM, and applies contextual policy to make sure he gets the right amount of access.And it ensures that his patient is also given the right level of access to look at a filtered version of her EMR, her doctor’s notes on their discussion, and check her email while she’s there. The network needs to allow her to do this – but without letting her access the hospital’s entire set of secure patient files.  This was already in here, but we just didn’t really show it on screen. Let’s pull up her device and show Policy: Patient Access, with access to:My RecordsTrack this VisitInternet Access)
  • Our doctor then visits a teaching hospital to deliver a lecture…
  • When she arrives at the lecture hall where he teaches his class, ISE recognizes that he is faculty and applies policy that gives her access to video facilities along with class content, collaboration apps and student records.  Policy: Faculty
  • As her students take their seats, they connect their Android devices, iPads, and laptops using the different ISE policy applied to students, which allows them to access the internet, class content and collaboration apps.
  • When the class begins, she multicasts a video on green technology to the 100 students seated in the lecture hall
  • When one of her students using telepresence asks a question, she diagrams the answer on an electronic whiteboard and emails the student her notes so she’ll have it to reference later.
  • Her students rely on network access not just in the classroom, but basically everywhere they go.Upon leaving class, one of these students heads to her favorite clothing store to buy something for her big date that weekend.When she walks in, her iPhone automatically authenticates onto the Wi-Fi hotspot network.Do we need to say something there highlighting a feature of this technology?
  • A pop-up window on her phone welcomes her back to the store and suggests some new arrivals that complement her past purchases and are available in her size.Policy: Loyal Customer, with access to: Account History SpecialsInternet access 
  • She tries them on virtually, and when she finds one that she’s interested in, she clicks the “find” button. Using Ciso-Qualcomm technology, her phone then helps her navigate to the right location in the store.
  • After she finds the perfect item for her date, a clerk approaches with a mobile POS device, completing her transaction. Policy: Sales Representative, with access to:Customer ERPEmployee NewsInventorySpecialsInternet access
  • After completing his purchase, the doctor goes on break. He needs to go see his insurance agent about a recent fender bender.After driving to the office, he goes inside to meet his agent and is intrigued by the workspace which is all-wireless and run mostly using Cius tablets.
  • His agent meets him in the parking lot to look at the damage to the clerk’s car.They take some photos of the dents and discuss the claim process. Since the agent’s Cius is connected using an AP 1550, she can stay connected to the WiFi even in the parking lot.<click>The agent is able to use the Cius camera to add photos of the damage directly to the clerk’s file.Since ISE recognizes her as an employee, she’s granted automatic access to the customer’s ERP and company information like a list of approved repair shops . Policy: Adjuster, with access to: EmailCustomer ERPApproved repair shop databaseInternet access Policy: Policy HolderMy Policy Internet access<click>After taking all the photos, she brings up a list of approved auto centers that can fix the doctor’s car. She emails the list to the doctoralong with a copy of the claim.The doctoris able to open both of these items using customer access to their network. And since they’re protected by ScanSafe, he can be secure that the files have already been scanned to make sure they’re free of malware.
  • <segue>
  • At the end of the day, our IT manager that helped the doctor self-provision checks his dashboard to see how the network is looking for a user standpointHe sees performance of VOIP and WebEx with HD video are doing great.He receives an “Unauthorized Access Attempt” alert and opens Prime Infrastructure to investigate – it was an employee trying to access financial records on an unmanaged device – the network disallowed access.
  • And you can do it without putting a huge burden on IT. The challenge of dealing with the wave of new devices risks creating management problems and escalating your OpEx as you hire more technicians and buy more troubleshooting products.But with Cisco’s BYOD+ solutions, you can build access and single-point management into your network architecture, lowering your OpEx through integrated workflows and simplified troubleshooting.
  • These are just a few examples of how Cisco helps IT deliver “experience-centric” mobility solutions go beyond BYOD to secure, optimize and manage multiple user, device and application types.So why should you choose Cisco?
  • Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012

    1. 1. Beyond BYOD The Optimal Experience for Any Workspace Scot Hull Security Specialist Spring 2012© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
    2. 2. 2011 employee-owned devices used to 41% access business applications —Forrester of college students/young employees 40% prefer a lower-paying job that has more flexibility —CCWTR Of US information workers spend time 56% working outside the office —Forrester of IT staff is struggling to keep 100% up with mobility trends —Gartner © 2012 Cisco and/or its affiliates. All rights reserved. 2
    3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. 3
    4. 4. © 2012 Cisco and/or its affiliates. All rights reserved. 4
    5. 5. © 2012 Cisco and/or its affiliates. All rights reserved. 5
    6. 6. Does your organization have a “BYOD” Security Policy? Do your employees use their personal smart phones or tablets for work? Are you protected against vulnerabilities introduced by personal devices and social media sites? Do you have a consistent access control policy for guests, contractors, wired users, wireless users, etc? Do you track users or authenticate them before allowing them on your network? Do you know what devices are on your network?© 2012 Cisco and/or its affiliates. All rights reserved. 6
    7. 7. The Platform Chaos is Shaking OutAndroid King of Smartphones, While Apple Reigns in Tablets 89% 75% 26% 10% 36% 22% 1% 23%© 2012 Cisco and/or its affiliates. All rights reserved. 7
    8. 8. 462 million CHALLENGE 350M of these devices connecting to Facebook!© 2012 Cisco and/or its affiliates. All rights reserved. 8
    9. 9. © 2012 Cisco and/or its affiliates. All rights reserved. 9
    10. 10. © 2012 Cisco and/or its affiliates. All rights reserved. 10
    11. 11. BYOD Security RisksEmployee-owned Mobile DevicesAre Riskiest THREATS• Difficult to control and secure (1/3 of all workers are out of the office)• Malware (Web: #1 attack vector)• Vulnerability to the organization• Data loss from lost or stolen devices• Access control breach• Policy compliance challengesSource: 2011 ISACA IT Risk/Reward Barometer, US Edition (www.isaca.org/risk-reward-barometer)© 2012 Cisco and/or its affiliates. All rights reserved. 11
    12. 12. Customer Goals WorthyPriorities d Use Cases1. Protect endpoints from Web 2.0 threats 2. Provide secure remote access from devices 3. Authenticate & Authorize wireless users who are connecting to network (Guests, Contractors, etc.) 54% block social media as a matter of policy. Great! What about those smart phones synching with your laptops?© 2012 Cisco and/or its affiliates. All rights reserved. 12
    13. 13. Home, Hospital, 3G iPhone, Kindle, home laptop Desktop, iPad Hospital, home Hospital, HotSpot, 3G High user density Limited scalability for more users/devices Different access needs by device, user, application, location Inconsistent experience Android phone, tablet Security challenges Hospital, home High complexity Hospital, branch clinics, Hospital home, 3G iPad, iPhone, Lenovo, BlackBerry home laptop © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
    14. 14. Securing Managing Delivering Any Complexity High-Quality Access And Scale Experience© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
    15. 15. Uncompromised Experience for Any WorkspaceDevice Onboarding Unified Uncompromised Simplifiedand Guest Access Policy Experience Operations BYOD Beyond BYOD© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
    16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. 16
    17. 17. Trusted WiFi  Authenticate User  Fingerprint Device  Apply Corporate Config  Enterprise Apps  Automatic Policies© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
    18. 18. Unified Policy -Zero touch provisioning Trusted - MDM integration WiFi Apply defined policy profiles based on: Uncompromised Device Type Experience User Location MDM posture Simplified Operations© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
    19. 19. Trusted WiFi Access: FULL Electronic Medical Records Mobile TelePresence Email Instant Messenger© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
    20. 20. Trusted WiFi© 2012 Cisco and/or its affiliates. All rights reserved. 20
    21. 21. Unified Policy -Identity based access Access: Limited control Filtered EMR -Endpoint scanning Internet Patient visit tracking Trusted WiFi Uncompromised Experience -Client acceleration - 802.11u, 802.11r -Jabber on iPad Simplified Operations© 2012 Cisco and/or its affiliates. All rights reserved. 21
    22. 22. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
    23. 23. Trusted WiFi Access: FULL Apply defined policy profiles based on: Video Facilities Class Content Collaboration Apps Student Records© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
    24. 24. Access: Limited Access: Limited Internet Class Content Internet Collaboration Apps Class Content Collaboration Apps Access: Limited Internet Access: Limited Class Content Internet Collaboration Apps Class Content Collaboration Apps© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
    25. 25. Play Video Play Video Play Video Play Video© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
    26. 26. One Network -Client Acceleration -Video scale -POE pass-through One Policy-Identity based access control One Management © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
    27. 27. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
    28. 28. WiFi Hotspot Access: Limited Internet Account History Specials© 2012 Cisco and/or its affiliates. All rights reserved. 28
    29. 29. SIZE M FIND COLLECTION STYLE COLOR ACCESSORIES© 2012 Cisco and/or its affiliates. All rights reserved. 29
    30. 30. Unified Policy- Identity-based accesscontrol Payment Complete Uncompromised Experience-802.11r, 802.11u-Client acceleration WiFi Hotspot-Location Access: Full Customer ERP Employee News Inventory Specials Simplified Internet access Operations © 2012 Cisco and/or its affiliates. All rights reserved. 30
    31. 31. © 2012 Cisco and/or its affiliates. All rights reserved. 31
    32. 32. Unified Policy Add to Client File?-Identity-based accesscontrol- ScanSafe YES NO IMG_2301 IMG_2302 IMG_2303 IMG_2304 Uncompromised Experience-802.11r WiFi Hotspot-Outdoor Wi-Fi-Interference protection Access: Limited My Policy Internet accessSimplified Operations © 2012 Cisco and/or its affiliates. All rights reserved. 32
    33. 33. © 2012 Cisco and/or its affiliates. All rights reserved. 33
    34. 34. Trusted WIFI Unified Policy HD VoIP WebEx- Identity based access Video Access: Network Admincontrol Prime Management Collaboration Email Internet Uncompromised Experience Simplified Operaitons-Realtime experiencetracking- Policy integration- Wired/wirelessmonitoring and/or its affiliates. All rights reserved. © 2012 Cisco 34
    35. 35. NEW Identity Services Engine (ISE) FeaturesSINGLE SOURCE For wired, wireless, VPN and cellular access. OF POLICY Policy based on user, device, application, compliance, trust level EASY SELF- One-step self-registration to speed adoption of new devices, PROVISIONING and minimize administrative overhead (ISE 1.1 MR) MDM POLICY Information exchange between MDM applications and ISE for INTEGRATION deep visibility into devices to create and enforce policies© 2012 Cisco and/or its affiliates. All rights reserved. 35
    36. 36. Seamless wired/wireless/VPNUncompromised Highest performance and scaleExperience Future-ready standardsUnified Single source for wired, wireless,VPN, MDMPolicy Context-aware accessSimplified User experience monitoringOperations Wired, wireless management© 2012 Cisco and/or its affiliates. All rights reserved. 36
    37. 37. © 2012 Cisco and/or its affiliates. All rights reserved. 37
    38. 38. Thank You© 2012 Cisco and/or its affiliates. All rights reserved. 38

    ×