Cisco Borderless Networks Enabling the Borderless Organisation

1. Cisco Borderless NetworksEnabling the Borderless Organisation Mark Jackson, Technical Solutions Architect marjacks@cisco.com

2. Securing Organisations a Decade Ago Viruses Main Campus Unauthorized Access Denial ofService Branch Office Data Center System Penetration Telecom Fraud

3. Defense for the Last Decade Cisco Self-Defending Network Integrated Build security into the network Main Campus Adaptive Adjust defenses based on events and real time info Collaborative Make security work together as a system Branch Office Data Center

4. Market Transitions Mobility WorkplaceExperience Video 1.3 Billion New Networked Mobile Devices in theNext Three Years Blurring the Borders: Consumer ↔ Workforce Employee ↔ PartnerPhysical ↔ Virtual Changing Way We Work Video projected to quadruple IP traffic by 2014 to 767 exabytes* Anyone, Anything, Anywhere, Anytime Mobile Devices IT Resources OperationalEfficiency Program Government ICT Strategy

5. Mobile Worker Device Border Location Border IT Consumerisation Video/Cloud Changing Environment - Shifting Borders External-FacingApplications Internal Applications Application Border IaaS,SaaS

6. Government ICT Strategy Information Security and Assurance Public Sector Network Government Cloud Shared Services

7. Borderless Government “Developments in ICT mean it is now possible for different teams, offices or even organisations to share the same ICT infrastructure.” “…data sharing is an essential element of joining up services and providing personalisation. This means that there must be effective, proportionate management of information risk.” “The need to continue to transform public services and to use ICT to enable transformation of the way the public sector runs and operates has become more pressing.” “The Public Service Network will allow the delivery of services to any location and, through standards, will enable unified communications in terms of voice, video and collaboration capabilities.”

8. Anywhere, Any Device Access Device Location Application More Diverse Users, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data

9. Secure Borderless Network ArchitectureEnabling Mobility, Extending Security Outside the Corp Environment Inside the Corp Environment 802.1X, TrustSec, MACsec, MediaNet Always-On Integrated Security and Policy SECURITY and POLICY Citizens Coffee Shop Home Office Local Data Center X as a Service Software as a Service Platform as a Service Infrastructure as a Service Corporate Office Branch Office Airport Mobile User Attackers Partners CORP DMZ BORDER

10. 1 3 4 2 What Does TrustSec Do? • Who are you? • An 802.1x or a Network Admission Control (NAC) appliance authenticates the user. Identifies Authorised Users • What are you doing? • The user’s identity, location, and access history are used for compliance & reporting. Increases Network Visibility • What service level do you receive? • The user is assigned services based on role and policy ( job, location, device, etc.). Personalises The Network • Where can you go? • Based on authentication data, the network controls user access. Enforces Access Policy

11. SGTs SGACLs Authz Rules Authz Rules Access Rules Access Rules Security Group Access Control • Current network access control segmentation methods (VLAN, ACL, Subnet) are topology dependent and operationally intensive • Security Group Tags are topology independent and streamline the deployment of role-based access control • Attribute based access control assigns an SGT to users, devices, or virtual machines based on their role • Security Group ACLs (SGACLs) enforce access policy based on source and destination SGT • Transport of SGTs is secured via NDAC & 802.1AE MACsec • This is an emerging technology, expanding in platform availability and adoption Source Destination Individuals Resources Security Groups Security Groups Partners Internet Employee Confidential Non-Europe Employee Print/Copy

12. Cisco TrustSec Technology: Next-Generation Security Duplicated Infrastructure, increased cost and complexity Single unified platform enforcing policy V V V V V V V V V D D D D D D D D D Shared Workspace Environment Delivering a Platform to Enable Shared Services

13. AnyConnect Secure Mobility ClientNetwork and Security Follows User—It Just Works Corporate Office Mobile User Home Office • Broad Mobile Support • Fixed and semi-fixed platforms • Mobile platforms • Persistent Connectivity • Always-on connectivity • Optimal gateway selection • Automatic hotspot negotiation • Seamless connection hand-offs Broadband Wired 3G/Wi-Fi Secure, Consistent Access • Next-Gen Unified Security • User/device identity • Posture validation • Integrated web security for always-on security (hybrid) Voice—Video—Apps—Data

14. Always On Security Choice Diverse Endpoint Support for Greater Flexibility AnyConnect Client Security Rich, Granular Security Integrated into the network Acceptable Use Data Loss Prevention Threat Prevention Access Control ASA WSA Experience Always-on Intelligent Connection for SeamlessExperience and Performance Access Granted Intranet Corporate File Sharing

15. Cisco AnyConnect Secure MobilitySimple, Powerful Access – Anywhere, Any Device Unmanaged Devices, Risk ofData Loss, and Lack of Access Secure Mobile Connectivity AcceptableUse Access Control Data Loss Prevention Mobile Government Worker Enabling Seamless Remote and Mobile Working

16. From Self-Defending Network to Secure Borderless Networks Self-Defending Network Firewall Access Keep the Bad Guys Out Intrusion Prevention Block Attacks Content Security Email & Web

17. From Self-Defending Network to Secure Borderless Networks Self-Defending Network New Security Requirements Firewall Access Policy & Identity Trusted Access Keep the Bad Guys Out Enable Secure Borderless Access Intrusion Prevention Block Attacks Secure Mobility Always On Content Security Email & Web Cloud Security Hosted/Hybrid

18. An Architecture for Borderless Government 1 2 3 The Borderless Organisation Needs a Borderless Network Architecture. Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network Innovation. The Cisco Borderless Network delivers the Platform to transform service delivery.