cisco borderless networks enabling the borderless organisation

Download Cisco Borderless Networks Enabling the Borderless Organisation

Post on 25-Feb-2016

72 views

Category:

Documents

3 download

Embed Size (px)

DESCRIPTION

Cisco Borderless Networks Enabling the Borderless Organisation. Mark Jackson, Technical Solutions Architect m arjacks@cisco.com. Securing Organisations a Decade Ago. Viruses. Main Campus. Unauthorized Access. Denial of Service. Branch Office. Data Center. System Penetration. - PowerPoint PPT Presentation

TRANSCRIPT

Secure Borderless Networks Update

Cisco Borderless NetworksEnabling the Borderless OrganisationMark Jackson, Technical Solutions Architectmarjacks@cisco.com

Cisco Confidential# 2010 Cisco and/or its affiliates. All rights reserved. 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#Securing Organisations a Decade Ago

Branch Office

Main Campus

Data CenterVirusesDenial ofServiceUnauthorized AccessSystem PenetrationTelecom Fraud

2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#A decade ago, most organizations were focused on protecting the network, mainly defending the border or perimeter from external threats and attacks. Most users and the network resources were located inside the perimeter or border, and the key security task was keeping the network safe from outside threats. The threats organizations faced ranged from virus attacks such as the Melissa virus which propagated via Microsoft Word and Excel infected attachments, the I Love You virus which when a user opened an attachment, the worm would reach into their address book and propagate itself, the Code Red attack which went after a vulnerability in the Microsoft IIS Server and defaced websites, and denial of service attacks that created mass service outages such as the one Mafia Boy launched against Yahoo and a few other organizations.Ciscos security strategy for the last decade was focused on helping our customers build a strategy to defend against these attacks, providing access for legitimate users and keeping the bad guys out.

2

Defense for the Last Decade Cisco Self-Defending Network

Branch Office

Main Campus

Data CenterIntegratedBuild security into the networkCollaborativeMake security work together as a systemAdaptiveAdjust defenses based on events and real time info 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#The Cisco Self-Defending Network security strategy succeeded in approaching security from an architectural approach. The Cisco Self-Defending Network was built on three key capabilities. The first of those was making security integrated. Security integrated into the network makes the network more resilient and provide critical enforcement points. Next, security was collaborative, getting the pieces to work together such that the protection provided by the system is more effective than individual components. And finally security was adaptive, adjusting to change in threats and attacks, based on the latest information. All of these were very effective for securing networks and deploying a self-defending network. In fact these characteristics all hold true today, and Ciscos security strategy embraces these ideas. But the border and perimeters that organizations have built security architectures around are changing.

3Blurring the Borders:Consumer Workforce Employee PartnerPhysical VirtualMobilityWorkplaceExperienceVideo1.3 Billion New Networked Mobile Devices in theNext Three YearsChanging Way We WorkVideo projected to quadruple IP traffic by 2014 to 767 exabytes*Mobile DevicesIT Resources

Anyone, Anything, Anywhere, Anytime

Operational Efficiency ProgramGovernment ICT StrategyMarket Transitions 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#Video projected to quadruple IP traffic by 2014 to 767 exabytes*.http://newsroom.cisco.com/dlls/2010/prod_060210.html

1.3B reference for mobile deviceshttp://www.instat.com/catalog/wcatalogue.asp?id=167#IN0904005WS

* Cisco Visual Networking Index: Forecast and Methodology, 2009-2014 June 2, 201056% organizations want desktop virtualization for remote access on any device; manageability, security, and remote access are the driving forcesfor client virtualization (Forrester, Predictions 2010: Client Virtualization January 2010)66 million hosted virtual desktop (HVD) units connected by 2013 (Gartner, Emerging Technology Analysis: Hosted Virtual Desktops March 2009)IT visibility, control needed for video (IDC, Demonstrating the Value of a Foundation Network July 2009)3D streams will require ~twice the bandwidth and performance (based stereoscopic video requirement to deliver 2 separate visual streams)

66 million hosted virtual desktop (HVD) units connected by 2013 (Gartner)

4Changing Environment - Shifting BordersIT Consumerisation

Device BorderMobile Worker

Location Border

Video/Cloud

IaaS,SaaSApplication Border

External-FacingApplicationsInternal Applications

2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#So how does this change the business landscape?Traditionally companies looked at themselves as siloed entities the enterprise with its perimeter with external facing applications, internal operations, and everything was secured.

But what we see today is a shifting of those boundaries; things are becoming more borderless. As the number of mobile and remote workers continues to rise, we have to overcome the location border so we can work from anywhere. At the same time, the increasingly broad range of devices we are using (MACs, PCs, iPhones, smartphones) whether in the office, at home, or on the gorequires us to reconsider the Device Border. Another shift happening is the application border: Software as a service, video, cloud. You want your applications to work everywhere, regardless of device or location.

As the borders of the traditional enterprise perimeter fall away, we face new challenges as a network, as an IT team, as a company.

These changes increase the complexity [CLICK Transition] of the CIOs environment.

5Information Security and Assurance

Government ICT StrategyPublic Sector NetworkGovernment CloudShared Services 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#Borderless GovernmentThe Public Service Network will allow the delivery of services to any location and, through standards, will enable unified communications in terms of voice, video and collaboration capabilities. Developments in ICT mean it is now possible for different teams, offices or even organisations to share the same ICT infrastructure. data sharing is an essential element of joining up services and providing personalisation. This means that there must be effective, proportionate management of information risk. The need to continue to transform public services and to use ICT to enable transformation of the way the public sector runs and operates has become more pressing.

2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#Anywhere, Any Device AccessLocationDeviceApplication

More Diverse Users, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data

2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#The challenge of applying security in a borderless network experience has become very multi-dimensional - across devices, applications, and locations. There are more devices accessing applications and data from multiple locations over the internet. While the challenges are the same at the core Access Control, Acceptable Use Enforcement, Threat Protection and Data Security, the problem has become multi-dimensional in this new environment.

8Borderless Network ArchitectureInfrastructureBorderless End-Point/User ServicesMobilityWorkplaceExperienceSecurely, Reliably, Seamlessly:AnyConnectBorderless Network ServicesBorderless Policy, Management and Smart ServicesSwitchingWirelessWAASRoutingSecurity

Mobility:MotionSecurity:TrustSecVoice/Video: MedianetGreen:EnergyWiseApp Performance: App VelocityPROFESSIONAL SERVICES: Realise the Value of Borderless Networks FasterArchitecture for delivering reach, range and underpin shared services

Video

2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential#The diagram you see here outlines the main components of the borderless network architecture it links applications, users, and end-point devices with operational processes and the network.It serves as both a framework for our system and architecture roadmap, as well as the deployment blueprint for Borderless Organizations. Let me briefly walk through its main elements. There are key pillars of functionality that Cisco Borderless Networks delivers on primarily video, green, security, mobility, and application performanceon an end-to-end basis. For innovative organizations, these are key areas of investment and differentiation. The critical network services and proof-points of these pillars include Medianet, TrustSec and EnergyWise; they are delivered by the core infrastructure including routing, switching, mobility, security and WAN Optimization components. Equally important to the Borderless Network architecture is how the user experience is impacted by these network serviceswhen mobile, when engaging with video, and in the workplacehowever its defined. Network services integrate with endpoint technologies like AnyConnect, to deliver always-on, seamless, reliable, secure connectivity regardless of location or device.Meanwhile, Borderless Management and Policy are built into Network and User Services, offering a flexible and dynamic framework for policy definition and enforcement that spans across video, green, security, mobility, and application performance. The focus here is to connect the right user, the right device, the right application at the right place, at the right time, to the right network. It enables organizations to offer different levels of access privileges or performance characteristics to users, devices and applications.In this framework, policy definition and administration are centralized while control, visibility and enforcement are distributed via the