Express Data - BYOD

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Five Essentials of BYODDelivering Flexibility and Control in your business

John-Paul SikkingCisco Security Specialist

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

How Do I Control Who and What Accesses the Network?


The BYOD Spectrum

EnvironmentRequires Tight Controls

Corp Only Device

Focus on Basic Services,

Easy Access

Broader Device Types but Internet Only

Enable Differentiated Services, On-Boarding

with Security—Onsite/Offsite

Multiple Device Types + Access Methods

Corp Native Applications, New Services,Full Control

Any Device, Any Ownership

LIMIT ADVANCEDENHANCEDBASIC


Where is your BYOD policy at?

Reactive/Proactive

Security & Compliance

Legal requirements / Privacy

Data Protection and Integrity

Social Media

Cloud

Mobility

Application access and control

Acceptable Use

Insurance/purchasing/tax

Visibility and control...


The Building Blocks of a BYOD Solution


BYOD Building Blocks with *Cisco® SecureX

Cisco BYOD Building Blocks

Unified Network Access

Identity and Policy

Applications

Management

Security and Remote Access


Get the Wireless right! Because there are no ethernet ports in your shiny new tablet



Wireless Access for BYOD DeploymentsCisco Mobility Technology for High Performance Wireless Network

CleanAir ClientLink 2.0 AVC

Improved Performance

Proactive and automatic interference

mitigation

AP 3600

Improved Performance

Proactive and automatic beam

forming for 802.11n and legacy clients

Application Visibility and

Control

Control wireless traffic by

Application.

Access Point Innovation

The Tablet AP, enhanced throughput

and coverage for advanced applications for tablets and smart

devices

Prime Infrastructure —Central Network Management

Identity Services Engine (ISE)—Unified Policy Management


Secure Every Packet!Even outside your companies four walls


Applications: Visibility With Control

75,000+ MicroApps

MicroApp EngineDeep classification of targeted traffic

App BehaviorControl user interaction with the application

Broad…… classification of all traffic

1,000+ apps


Manage with Policy and ContextHow AAA becomes WWWWH


Policy: Who, What, Where, When, and How?Identity Services Engine for Advanced Policy Management

IDENTITY PROFILING

VLAN 10VLAN 20

Wireless LAN Controller

DHCPRADIUS

SNMPNETFLOW

HTTP

DNS

ISE

Unified Access Management

Single SSID

802.1x EAP User

Authentication

HQ

2:38pm

Profiling to identify device

Full or partial access granted

Personalasset

Company asset

Posture of the device

PolicyDecision

4

5

6Enforce policy in the network

Corporate Resources

Internet Only

1

2

3


Policy

Guest

Contractor

Employee

Personal Device

Contractor Device

Personal Device

Corporate Device

Personal Device

Wireless Conference Rooms

Captive PortalDMZ Guest Tunnel

EmployeeVLAN

One Policy5 Dimensions of Policy

Anytime

M – S8 am -6 pm

Contractor VLAN

ContractorACL

Wired

Wireless

VPN

Employee ACL

Guest VLAN

M–S8 am–6 pm

Time (When)Location (Where)

Access (Which)

Device (What)User(Who)

Anywhere

Anywhere

Anytime

Anytime

Anytime

Contractor cubicles

No HR or Finance spaces

Wired

Wireless

IF $Identity AND $Device AND $Access AND $Location AND $Time THEN $Policy


Manage with visibility and controlThis is not just about MDM


Cisco’s One Management – Prime InfrastructureSingle Pane of Glass View and Management of WLAN – LAN - WAN

BEFORESeparated management

AFTERComprehensive user and Unified Access network

Visibility & advanced troubleshooting

ImprovedVisibility

Cisco Prime Infrastructure – Provides Unparalleled Visibility

WLAN

LAN

WAN

Siloed Inefficient Operational Model

Repetitive Manual correlation of data

Error Prone Consumes time and resources

WLAN

LAN

WAN

Simple Improves IT efficiency

Unified Single view of all user access data

Advanced Troubleshooting Less time and resources consumed

+Identity

Unified Access


Mobile Device Management (MDM)Partner with Top MDM and Gen-i for a Complete Solution

Initial Vendors Initial Vendors

Others Vendors

Initial VendorsGen-i Managed Mobility services


Device inventory Device provisioning

and de-provisioning Device data security Device application

security Cost management Full or selective device

remote wipe

MDM is a Key Element—But There is MoreDevice Management

MDM Partners Cisco User and device

authentication Classification &

Profiling Policy enforcement Context-aware

access control

Secure remote access

Threat defense Web use policy Web application

DLP

ISE ScanSafe ESA/WSA AnyConnect ASA


Simplified On-Boarding for BYODNew Features for Zero Touch On-Boarding

Self ServiceModel

My Device Registration Portal, Guest

Sponsorship Portal

Reduced Burden on Help Desk Staff

Seamless Intuitive End User Experience

Reduced Burdenon IT Staff

Device On-Boarding, Self Registration, Supplicant

Provisioning


Power to the Applications:Time to morph the device into something else


Jabber Screenshot


Cisco BYOD Solution Elements

Security and Remote Access


AnyConnect ScanSafe WSA ASA

Identity and Policy ISE

Management Prime Infrastructure

Applications WebEx Jabber

Router WiredWirelessRouter

Devices Layer

DESKTOP/NOTEBOOKSTABLETSSMARTPHONESGAME/PRINTER THIN/VIRTUAL

CLIENTS


Thank You

Express Data - BYOD

Documents

Transcript of Express Data - BYOD