On March 9, 2020, like so many other workers around the globe, I was told to stay home. There was a sudden, collective agreement: going into our place of business was no longer an option. And I was grateful. I was grateful that my company had the technology in place to ensure that I could not only keep working, but we could all thrive while connecting from our new remote offices. My desk was now in my garage, tucked between the washing machine and the fishing poles. But in reality, I could have been connecting from anywhere, even Timbuktu.
But this wasn’t the case for many organizations. Before they could thrive, they had to adapt— adapt to, well, survive. Many organizations did not have a remote access strategy in place, and for many of those that did, they were not ready for a 100% remote workforce. They all had network access, and most had some sort of access policy in place. They may have defined who could get to what. But when you added “from where,” “how,” and “on what,” extending their current policy to remote access suddenly became a black hole. And we started hearing a scary, but not all surprising, response. Organizations started sacrificing their access policies in the name of providing a connection. As we opened up our networks, we once again put our heads in the sand around security. We prayed the dark evil of the malware economy wouldn’t notice all the new holes in our defenses and pass us by.
Now we don’t want to be too scary, but to make things a bit more ominous, organizations also had another problem. They didn’t have enough corporate-owned and -controlled devices. They started asking their employees to use personal devices to connect. Overnight the mobile and bring-your-own-device (BYOD) phenomenon was no longer an option or perk. Overnight we were tossed across the chasm, and the adoption curve hit us smack on the head as we all became early adopters, ready or not.
Well, Cisco has long embraced the “connect and collaborate from anywhere” culture, and we had the tech in place to back it up. Cisco Identity Services Engine (ISE) extends our policy no matter where or how I connect. If I am connecting from a building in our San Jose office, connecting next to my fishing poles in my garage, or connecting over VPN from a hotspot in the Sahara Desert, it doesn’t matter. ISE knows and applies our organizational policy, so I can’t increase our company’s risk and expose our prized IT assets to the world. ISE is integrating with AnyConnect to ensure the mobile device that I often share with my 7-year-old son hasn’t been infected from an errant and sometimes deadly click while playing the free version of his favorite game of the week. And if something is out of date, or I try to connect from an unknown device, well, I get a friendly popup from our Mobile Device Manager (MDM) to bring me within compliance.
And what about once I have built and established trust? Well, that is when the cool stuff starts. Before access is granted, my endpoints are tagged, and a group-based policy is applied. Based on my role within the company, where I am connecting from, how I am connecting, and what I am connecting on, my access to resources is controlled. ISE extends and unifies our corporate policy across domains, wired, wireless, and VPN, to ensure I don’t increase our risk. Just like that, “easy peasy lemon squeezy,” the network has been segmented into zones of trusted access. Now we can all do more than just survive; we can all thrive without increasing organizational risk.
And now that we have network segmentation in place based on visibility and policy—and not static permission sets, as my connection changes, or the posture of my device changes, my access policy changes with me. Network segmentation not only helps to reduce risk but to contain it. If or, more likely, when that unfortunate occurrence happens, and a threat is discovered, two things happen. First, I am segmented into a small zone of access, so any remediation efforts are laser focused, and mean time to remediation (MTTR) is drastically reduced. And the threat containing that deadly malware? Well, it isn’t just blocked, it is removed—access is shut down to prevent any lateral movement that can infect other areas of the network.
Being tossed across the chasm and accelerated up the adoption curve doesn’t have to be scary. No one likes feeling a loss of control, but with ISE in place, you and your organization can gain the secure network access that we all need to do more than just survive. And with an 83% increase in remote access and an overall $30 billion dollars a day saved in lost productivity predicted for 2021, this new normal isn’t going away anytime soon. So, if you’re an ISE customer, sit back and know you are covered. And if not, well, it may be time to reach out to your rep and schedule a chat, or take a look at our Demo Zone for an on-demand demo to see how ISE can ensure you have secure network access.
The post Crossing the Chasm of Remote Access Doesn’t Have to Be Scary appeared first on Cisco Blogs.