Feature Story

A Role-Based Trusted Network Provides Pervasive Security and Compliance

January 2, 2008

The traditional approach to data and network security is rapidly becoming challenged. Implementing security on individual applications, servers and networks to meet immediate security or compliance needs hinders companies in an economy where customers, suppliers or business partners may need secure access to the corporate network anywhere, any time and using any type of device.

Organizations can overcome this challenge and achieve their global business goals by embracing a trusted approach to security and access control which includes an awareness of user identities and their roles. News@Cisco spoke with Senior Vice President Jayshree Ullal about the dramatic shift in security and compliance needs, and how Cisco's architecture for network-based security will help meet these challenges.

Why are organizations rethinking their security and compliance approaches?

Jayshree Ullal:One reason is the globalization and internationalization of everything a company does. Various geographies or jurisdictions might have different regulations governing financial or customer data, for example, and an organization's access-control policies must comply with those regulations.

The second reason is the need for real-time interaction between the applications used by our employees and the supply chains we form with our partners. Lastly, the number of access devices is exploding, the number of users is exploding and so are the different methods they use to access the network. A network administrator can't control, or may not even know, where his users are, what devices they're using, or how they're accessing the network. But he or she has to assure them appropriate access to business information whenever and wherever they need it.

How does the IT infrastructure - specifically, the network -- need to change to meet today's security and compliance challenges?

Jayshree Ullal:Today, every enterprise application has its own compliance rules and methods of access control. These rules and methods were developed piece by piece, case by case, and have become "silos" that prevent organizations from having a unified security and compliance policy regardless of where the user is located. This lack of a unified policy makes it more expensive and burdensome to assure security and compliance, and also makes a breakdown in security and compliance more likely.

What approach does Cisco favor?

Jayshree Ullal:It's a new paradigm of a secure network that is pervasive and role-aware, regardless of what sort of access you have or what type of machine you have. Our approach combines identity, an awareness of roles and consistent, enterprise-wide policies for information access at the network level. It also provides strong authentication to prevent rogue devices from accessing the network, as well as encryption to protect data at rest and in transit.

Why is the network the best place to perform security and compliance?

Jayshree Ullal:Because providing this pervasive security and compliance requires an awareness of policies, roles and identities. The network is the ideal spot where these capabilities intersect, and forms the link between users and applications.

How can network or security administrators prepare for this new paradigm?

Jayshree Ullal:First, they must understand all of their users' different access methods, such as wired, wireless, etc. Second, they should understand what vulnerabilities their applications are facing, and finally they should look at whether their network has the capabilities to address those threats.

Our message is that a trust-centric model can dynamically respond to changes in users, machines, applications, and the mechanisms used to access the network. This model will provide visibility, consistent access control, and assured data integrity in an agile manner, which our customers are telling us they need more than ever.