Today’s security architecture was built for a very different workplace. Remember this old friend? I do. As a guy who worked on a mainframe for years, getting a PC was one of the happiest days of my life. Sad, I know, but at the time it revolutionized the way business was done. And it defined the security landscape.At that time work used to be a place you came to, with a PC that sat on a desk that didn’t move. That PC was connected by a wire to a port in the wall. So the language of security was built around this construct – IP address, network port and application protocol. This is the language most network security devices still use today. But it is getting increasingly complex to manage as more people are accessing more content from more types of devices and more different places than ever before.
And at that time the Internet only touched our corporate network in a handful of places, places we called the DMZ, so it could be easily protected by firewalls, web proxies and IPS sensors.
So security was enforced in two primary locations. In that well controlled end point, and at the network perimeter. Today that end point has dissolved into a thousand little pieces, call them “the device du jour, with software we no longer control. And the notion of backhauling to the DMZ has melted under the weight of cloud computing, virtualization and business video. So in a network that no longer has a clearly defined beginning and end, where do we inject security? In the middle. Security needs to exist as a fabric that can be highly distributed across the corporate network, across the Internet, and across the globe. This new security architecture will be the enabler for the new enterprise, the enterprise of tomorrow.
And this new architecture is what I am here to talk about today. Today, cisco is introducing our next generation security architecture that we call SecureX. SecureX is a highly distributed security system designed to secure the next generation workforce.
It will start by being built on a solid foundation. At Cisco, we call this trusted systems. It’s the technology we use to make sure that your network infrastructure is really yours, and not being compromised by someone else. On top of this trusted substrate we add security enforcement elements in the form of appliances, software modules or cloud services. And we manage these devices with a new policy language, a language that understands the full context of the situation. It will span the entire breadth of your network, from our next generation end point AnyConnect that handles every type of consumer device, to our virtual data center switching capability. It has a central brain to identify good traffic from bad, and it has APIs to allow partners and Cisco’s own management systems to plug in and leverage the infrastructure.
Opposing Forces: Finding the Balance<br />Provide Business Speed and Agility<br />Enable New Business Models<br />Enable Collaborative Work<br />BUSINESS<br />BUSINESS<br />Imperatives<br />SECURITY<br />SECURITY<br />Design and Defendfor UnpredictableThreats<br />Simplify Security for the User, the Business, and the Operations<br />Maintain Regulatory Compliance and Manage Risk Well<br />