You wake up to find out that another security incident has occurred. You are confused and not sure how the attacker was able to get by your perimeter. But then you realize you haven’t had a perimeter for some time as it has been pulled apart by cloud, mobility, and IoT. Like your network resources, your permitter is distributed. Now with the sudden surge for remote access given a work-from-anywhere, and on-anything, workforce, controlling access back to the workplace feels like it is spiraling out of control.
Zero trust is a security concept that solves for the paradigm being caused by the distributed network. With resources being accessed from anywhere and on anything, we require a method of ensuring that only trusted users gain access to our trusted network resources. We also need to ensure they remain in compliance and don’t bring anything back with them from shared environments such as a home office or random hotspots.
A core tenant of zero trust is continually authenticating the endpoint and authorizing access. We never assume trust, and we always verify regardless of device location. Once we have established trust, and we know the endpoint is within organizational compliance, we can segment access to network resources based only on what is required to achieve business objectives, known as access based on “least privilege.” Segmenting the network into trusted zones of access has long been an accepted practice for ensuring policies are adhered to and for reducing risk. But this has rarely moved beyond practice, leaving organizations with partial segmentation and partial protection.
A primary barrier to network segmentation has been a lack of visibility into the identity of devices, how they interact with each other, and ensuring policies don’t cause reachability issues that shut down critical business objectives. Our recent Cisco Identity Services Engine (ISE) 3.0 release focused on gaining dynamic visibility and making network segmentation easier to achieve within the workplace.
ISE 3.0 takes a big leap forward to simplify and ease the deployment of network segmentation, while giving customers the visibility they require to ensure this level of protection doesn’t shut down access and disrupt business objectives. We are making it easier and easier to control access, shrink the attack surface, continually enforce policy, and contain malware. I encourage you to reach out to your Cisco representative to take a tour of Cisco Identity Services Engine 3.0 and learn more today with the links below.
Visit our webpage to learn how ISE can enable your network segmentation initiatives and read ESG’s whitepaper, “Removing Complexities Around Network Segmentation,” to gain further insights into how you can simplify and embrace network segmentation.