ISE 3.1. Cloud-delivered NAC enables security minded IT – Cisco Blogs


When we look at our strategic initiatives across Cisco, nothing says “customer-driven,” like what we are doing to support each customer’s unique cloud strategy. Cloud isn’t something we are pushing; it is from listening to customers and their business needs. But this journey, which has been accelerated in response to the global pandemic, is unique for each organization. Many customers want to take a hybrid approach, across many clouds. Teams require flexibility and choice. IT leaders want to manage their workloads and critical resources as it aligns to their business need, while maintaining control over what is essential to their organization. Managing and accessing resources in the cloud also gives IT teams the simplicity and flexibility they need to drive the customer experience in a DevOps operating model, a model that is focused on speed and simplicity.

Enter cloud-ready network access and control with ISE 3.1

Cisco Identity Services Engine (ISE) 3.1 enables network access and control (NAC) workloads to be deployed and managed from the cloud while ensuring the flexibility required to meet each organization’s unique cloud strategy. Customers will no longer have to deploy virtual machines or appliances on-prem. ISE is now cloud-native on AWS and will soon be available within the Microsoft Azure marketplace to provide the flexibility and choice customers want.

ISE sits at the crossroads. Nestled right between the network and security teams. As a security-minded IT professional, you may be asking, “How does ISE 3.1 help me secure my network?”

Top 3 questions customers are asking on how ISE 3.1 enables security 

  1. How is this move going to “radically simplify security”?  

As we respond to customers’ needs for cloud-based resources, deploying ISE has just gotten a whole lot easier. With ISE available on the AWS Marketplace and Azure right on its heels, customers can now deploy ISE from anywhere, in a DevOps manner. Deployments are automated and accelerated with templates that automate the formation of your cloud infrastructure as well as with Ansible, Terraform, pre-built playbooks to move your network access and control workloads from infrastructure in a box, to infrastructure-as-code (IaC). And this innovation is a byproduct of listening to customers. Customers require simplicity to reduce risk and combat threats across the complex distributed network. We heard the call, and we are responding by removing the friction around providing secure network access and control.

 

  1. So, who in IT will this affect or benefit? 

Network access and controlling access to the network is a collective concern that expands throughout IT. It used to be; if we needed a deployment of ISE, the network infrastructure team would ship a box out to that location or go through the manual process to spin up a virtual machine. And this was just to deploy or get the required NAC services on-site. Architects also had to ensure they had the required infrastructure: load balancers, storage, DNS, etc. This is before NetOps would go to work discovering and adding devices and users. With ISE 3.1, all of this is automated and delivered from the cloud. Your required infrastructure is just there waiting. ISE 3.1 radically speeds the delivery of secure network access and control services. And for SecOps. Your policy is automatically extended and in place to control access. Imagine that security without friction that moves with the business.

 

  1. ISE is a central component of Cisco’s zero-trust strategy. What does this move to the cloud mean to that strategy? 

IT teams are often forced to onboard users/devices and assume trust to keep up with business requirements. This was another trend that we saw accelerated as companies scrambled to support remote workers. Access was granted, no matter what users were on, where they were located and without regard to the device’s posture or existing policies. We put our heads in the sand as we crossed our fingers and waited for security. But now, no matter where you need ISE, no matter where users and endpoints are connecting from the campus, branch, home office, even Timbuktu, ISE can be there, it is just that easy to extend your zero-trust workplace. Radically simplifying security is a means to the end. We want to remove the friction, so the business can move with security, not without it.

Let’s bring ISE from the cloud to life with a real-world scenario. What if we had to respond to a major humanitarian crisis and required a pop-up medical clinic to aid in the efforts? Instead of having to ship out a box, InfraOps can now go to AWS, and the deployment is automated from the cloud. And the best part is that your existing policy is automatically extended without any manual configuration. We now have our current network access policies in place, waiting for NetOps to onboard users and devices. Teams no longer have to assume trust and later verify. We are now able to enforce access based on least privilege before we allow access. ISE will be in place to ensure a nurse can access critical and protected patient records, but a connected medical sensor or IoT device cannot. We have extended the zero-trust workplace to meet the distributed network where it needs to be, anywhere and everywhere, and all from the cloud.

To learn more about ISE 3.1, visit our product page, read this solution overview, or see the full release notes.

Share:



Source link