Express Data - BYOD
description
Transcript of Express Data - BYOD
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Five Essentials of BYODDelivering Flexibility and Control in your business
John-Paul SikkingCisco Security Specialist
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
How Do I Control Who and What Accesses the Network?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
The BYOD Spectrum
EnvironmentRequires Tight Controls
Corp Only Device
Focus on Basic Services,
Easy Access
Broader Device Types but Internet Only
Enable Differentiated Services, On-Boarding
with Security—Onsite/Offsite
Multiple Device Types + Access Methods
Corp Native Applications, New Services,Full Control
Any Device, Any Ownership
LIMIT ADVANCEDENHANCEDBASIC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Where is your BYOD policy at?
Reactive/Proactive
Security & Compliance
Legal requirements / Privacy
Data Protection and Integrity
Social Media
Cloud
Mobility
Application access and control
Acceptable Use
Insurance/purchasing/tax
Visibility and control...
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The Building Blocks of a BYOD Solution
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
BYOD Building Blocks with *Cisco® SecureX
Cisco BYOD Building Blocks
Unified Network Access
Identity and Policy
Applications
Management
Security and Remote Access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Get the Wireless right! Because there are no ethernet ports in your shiny new tablet
Unified Network Access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Wireless Access for BYOD DeploymentsCisco Mobility Technology for High Performance Wireless Network
CleanAir ClientLink 2.0 AVC
Improved Performance
Proactive and automatic interference
mitigation
AP 3600
Improved Performance
Proactive and automatic beam
forming for 802.11n and legacy clients
Application Visibility and
Control
Control wireless traffic by
Application.
Access Point Innovation
The Tablet AP, enhanced throughput
and coverage for advanced applications for tablets and smart
devices
Prime Infrastructure —Central Network Management
Identity Services Engine (ISE)—Unified Policy Management
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Secure Every Packet!Even outside your companies four walls
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Applications: Visibility With Control
75,000+ MicroApps
MicroApp EngineDeep classification of targeted traffic
App BehaviorControl user interaction with the application
Broad…… classification of all traffic
1,000+ apps
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Manage with Policy and ContextHow AAA becomes WWWWH
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Policy: Who, What, Where, When, and How?Identity Services Engine for Advanced Policy Management
IDENTITY PROFILING
VLAN 10VLAN 20
Wireless LAN Controller
DHCPRADIUS
SNMPNETFLOW
HTTP
DNS
ISE
Unified Access Management
Single SSID
802.1x EAP User
Authentication
HQ
2:38pm
Profiling to identify device
Full or partial access granted
Personalasset
Company asset
Posture of the device
PolicyDecision
4
5
6Enforce policy in the network
Corporate Resources
Internet Only
1
2
3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Policy
Guest
Contractor
Employee
Personal Device
Contractor Device
Personal Device
Corporate Device
Personal Device
Wireless Conference Rooms
Captive PortalDMZ Guest Tunnel
EmployeeVLAN
One Policy5 Dimensions of Policy
Anytime
M – S8 am -6 pm
Contractor VLAN
ContractorACL
Wired
Wireless
VPN
Employee ACL
Guest VLAN
M–S8 am–6 pm
Time (When)Location (Where)
Access (Which)
Device (What)User(Who)
Anywhere
Anywhere
Anytime
Anytime
Anytime
Contractor cubicles
No HR or Finance spaces
Wired
Wireless
IF $Identity AND $Device AND $Access AND $Location AND $Time THEN $Policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Manage with visibility and controlThis is not just about MDM
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco’s One Management – Prime InfrastructureSingle Pane of Glass View and Management of WLAN – LAN - WAN
BEFORESeparated management
AFTERComprehensive user and Unified Access network
Visibility & advanced troubleshooting
ImprovedVisibility
Cisco Prime Infrastructure – Provides Unparalleled Visibility
WLAN
LAN
WAN
Siloed Inefficient Operational Model
Repetitive Manual correlation of data
Error Prone Consumes time and resources
WLAN
LAN
WAN
Simple Improves IT efficiency
Unified Single view of all user access data
Advanced Troubleshooting Less time and resources consumed
+Identity
Unified Access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Mobile Device Management (MDM)Partner with Top MDM and Gen-i for a Complete Solution
Initial Vendors Initial Vendors
Others Vendors
Initial VendorsGen-i Managed Mobility services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Device inventory Device provisioning
and de-provisioning Device data security Device application
security Cost management Full or selective device
remote wipe
MDM is a Key Element—But There is MoreDevice Management
MDM Partners Cisco User and device
authentication Classification &
Profiling Policy enforcement Context-aware
access control
Secure remote access
Threat defense Web use policy Web application
DLP
ISE ScanSafe ESA/WSA AnyConnect ASA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Simplified On-Boarding for BYODNew Features for Zero Touch On-Boarding
Self ServiceModel
My Device Registration Portal, Guest
Sponsorship Portal
Reduced Burden on Help Desk Staff
Seamless Intuitive End User Experience
Reduced Burdenon IT Staff
Device On-Boarding, Self Registration, Supplicant
Provisioning
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Power to the Applications:Time to morph the device into something else
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Jabber Screenshot
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Cisco BYOD Solution Elements
Security and Remote Access
Unified Network Access
AnyConnect ScanSafe WSA ASA
Identity and Policy ISE
Management Prime Infrastructure
Applications WebEx Jabber
Router WiredWirelessRouter
Devices Layer
DESKTOP/NOTEBOOKSTABLETSSMARTPHONESGAME/PRINTER THIN/VIRTUAL
CLIENTS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Thank You