Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Borderless Networks Enabling the Borderless Organisation Mark Jackson, Technical Solutions Architect

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Branch Office Main Campus Data Center Viruses Denial of Service Unauthorized Access System Penetration Telecom Fraud

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Branch Office Main Campus Data Center Integrated Build security into the network Collaborative Make security work together as a system Adaptive Adjust defenses based on events and real time info

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Blurring the Borders: Consumer ↔ Workforce Employee ↔ Partner Physical ↔ Virtual Mobility Workplace Experience Video 1.3 Billion New Networked Mobile Devices in the Next Three Years Changing Way We Work Video projected to quadruple IP traffic by 2014 to 767 exabytes* Mobile Devices IT Resources Anyone, Anything, Anywhere, Anytime Operational Efficiency Program Government ICT Strategy

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 IT Consumerisation Mobile Worker Video/ Cloud IaaS,SaaS

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Information Security and Assurance Public Sector Network Government Cloud Shared Services

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 “The Public Service Network will allow the delivery of services to any location and, through standards, will enable unified communications in terms of voice, video and collaboration capabilities.” “Developments in ICT mean it is now possible for different teams, offices or even organisations to share the same ICT infrastructure.” “…data sharing is an essential element of joining up services and providing personalisation. This means that there must be effective, proportionate management of information risk.” “The need to continue to transform public services and to use ICT to enable transformation of the way the public sector runs and operates has become more pressing.”

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Location Device Application More Diverse Users, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Infrastructure Borderless End-Point/User Services Mobility Workplace Experience Securely, Reliably, Seamlessly:AnyConnect Borderless Network Services Borderless Policy, Management and Smart Services Switching Wireless WAAS Routing Security Mobility: Motion Security: TrustSec Voice/Video: Medianet Green: EnergyWise App Performance: App Velocity PROFESSIONAL SERVICES: Realise the Value of Borderless Networks Faster Architecture for delivering reach, range and underpin shared services Video

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Corporate Office Branch Office Local Data Center SECURITY and POLICY AirportMobile UserAttackersPartners CitizensCoffee ShopHome Office Always-On Integrated Security and Policy 802.1X, TrustSec, MACsec, MediaNet Outside the Corp Environment Inside the Corp Environment CORP DMZ BORDER X as a Service Infrastructure as a Service Software as a Service Platform as a Service

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Who are you? An 802.1x or a Network Admission Control (NAC) appliance authenticates the user. What service level do you receive? The user is assigned services based on role and policy ( job, location, device, etc.). What service level do you receive? The user is assigned services based on role and policy ( job, location, device, etc.). What are you doing? The user’s identity, location, and access history are used for compliance & reporting. Where can you go? Based on authentication data, the network controls user access. 3 Enforces Access Policy Identifies Authorised Users Personalises The Network Increases Network Visibility

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 SGTs Current network access control segmentation methods (VLAN, ACL, Subnet) are topology dependent and operationally intensive Security Group Tags are topology independent and streamline the deployment of role-based access control  Attribute based access control assigns an SGT to users, devices, or virtual machines based on their role  Security Group ACLs (SGACLs) enforce access policy based on source and destination SGT  Transport of SGTs is secured via NDAC & 802.1AE MACsec  This is an emerging technology, expanding in platform availability and adoption SGACLs Authz Rules IndividualsResources Authz Rules Security Groups Employee Non-Europe Employee Security Groups Destination Internet Confidential Print/Copy Access Rules Source Partners

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Delivering a Platform to Enable Shared Services DDDDDDDDD VVVVVVVVV Single unified platform enforcing policy Duplicated Infrastructure, increased cost and complexity Shared Workspace Environment

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Next-Gen Unified Security  User/device identity  Posture validation  Integrated web security for always-on security (hybrid) Persistent Connectivity  Always-on connectivity  Optimal gateway selection  Automatic hotspot negotiation  Seamless connection hand-offs Corporate Office Mobile User Home Office Secure, Consistent Access Voice—Video—Apps—Data Broad Mobile Support  Fixed and semi-fixed platforms  Mobile platforms Wired 3G/Wi-Fi Broadband

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Choice Diverse Endpoint Support for Greater Flexibility Acceptable Use Access Control Data Loss Prevention Threat Prevention Intranet Corporate File Sharing Access Granted AnyConnect Client Security Rich, Granular Security Integrated into the network Experience Always-on Intelligent Connection for Seamless Experience and Performance WSA ASA

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Enabling Seamless Remote and Mobile Working Secure Mobile Connectivity Unmanaged Devices, Risk of Data Loss, and Lack of Access Mobile Government Worker Acceptable Use Access Control Data Loss Prevention

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Keep the Bad Guys Out Firewall Access Intrusion Prevention Block Attacks Content Security & Web Self-Defending Network

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Self-Defending Network Enable Secure Borderless Access Firewall Access Intrusion Prevention Block Attacks Content Security & Web Policy & Identity Trusted Access Secure Mobility Always On Cloud Security Hosted/Hybrid New Security Requirements Keep the Bad Guys Out

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 The Borderless Organisation Needs a Borderless Network Architecture. Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network Innovation. The Cisco Borderless Network delivers the Platform to transform service delivery.