Shalabh Mohan is the Director, Product Management, Cisco STBU. He manages the firewall, VPN, and Web security businesses with a focus on secure mobility. In this interview he discusses the Cisco Secure Borderless Networks architecture and mobile workforce security.
What’s the main philosophy behind the Cisco Secure Borderless Networks architecture?
Workers today are more mobile than ever, and are accessing information through laptops and other mobile devices, such as smartphones. The number of mobile workers who are working from home or other locations continues to rise as well. Mobility enables workers to maintain their productivity no matter when, where, or how they are working.
The information accessed by mobile workers is not simply limited to business information. Workers from the “Millennial” generation (those born after 1980) typically use the same mobile device to access both personal and professional information. Of the estimated 14 million Millenial telecommuters, 69 percent of them report that they use whatever device, software, or site they want, regardless of corporate policies. We call this the “consumerization” of IT.
In order to continue to foster innovation, enable productivity, and meet the needs of the mobile workforce, companies must adapt to the changing trends in mobility. End users want the flexibility of choosing how, when, and where to access both personal and professional information to be productive without being inconvenienced by security checks. The IT support staff, on the other hand, wants to enable access for end users while ensuring that the corporate network and the access remains secure.
To support the increasing number of mobile workers, security administrators must provide context-aware security and policy enforcement, regardless of the end user’s location, what device they’re using, and where the information they are accessing is located. Administrators must also be able to support a diverse landscape of mobile devices to encourage choice for their clients: the end users. And finally, they must provide this security unobtrusively, to minimize end-user concerns.
What are the principal capabilities of the integrated solutions?
Cisco AnyConnect Secure Mobility Solution protects mobile employees on laptops or smartphone platforms, providing an always-protected experience for end users and comprehensive policy enforcement for IT administrators. The AnyConnect Secure Mobility solution has two primary offerings: secure, persistent connectivity; and persistent security and policy enforcement.
The Solution can decide which applications and resources the user should have access to. Ideally, this authentication can be transparent to the user. For devices to be authenticated, they must comply with corporate policies and have up-to-date security.
Cisco AnyConnect Secure Mobility Solution enables the connection to simply work and be persistently connected, without the user needing to juggle where and how to best connect and persist, even when roaming between networks.
The Cisco IronPortR S-Series Web Security Appliance applies context-aware policy, including enforcing acceptable use and protection from malware for all users. The Web Security Appliance also accepts user authentication information from the AnyConnect client, providing an automatic authentication step for the user to access their web content.
How does this architecture differ from others available on the market?
Typical existing solutions require the USER to engage with or authenticate to their corporate VPN in order to access their data and business applications, requiring the user to decide when he needs to turn off or on the secure connection, there is no persistence or transparency of experience. Secondly, the security of data is often overlooked or tacked on as an afterthought. With Cisco AnyConnect Secure Mobility Solution, security is baked in with content/context aware scanning, both inbound and outbound.
The benefit of this type of solution is enhanced security AND productivity. You are protected and your employees can work where they want under the same umbrella of protection they expect.
What developments do you expect in the next few years when it comes to the mobile workforce?
There are two forces at work with the mobile workforce, the users and the enterprises that need to manage and control them. Users will continue to raise their expectations of what devices IT will need to support and what type of access to business apps they expect. The typical user will want access on their smartphone to ALL corp apps they need to interact with. In addition to seamless access, they’ll want to jump around from smartphone to laptop to kiosk, while maintaining privileges and state, without any interruption of access.
IT managers will have to provide this expected access not only because their users expect it, but because it will improve their ability to do business. Business systems will have to be implemented to manage, integrate, automate provisioning and provide visibility into mobile device usage. Security and control at the network level will be an integral part of this mobile infrastructure.
What kind of additional protection will we need?
Cisco AnyConnect Secure Mobility Solution enables the connection to simply work and be persistently connected, and applies context-aware policy, including enforcing acceptable use and protection from malware for all users.
The bad guys, however, never stop innovating as well. The potential attack vectors will always vary, with exploitation of the physical device and underlying OS the next areas of concern, much like the desktop PC was originally exploited.