This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and the Caribbean came to discover innovative ways that networking technologies can help them reach new markets and understand which solutions are right for their specific challenges.
Security was a hot topic this year!
Customers were able to connect with numerous experts for guidance and advice on security IT challenges that their company may be facing. Maintaining an appropriate security posture in "Bring Your Own Device" (BOYD) environments can be a challenge. This year I delivered a presentation about BYOD Security and Cisco's TrustSec in an 8 ? hour session titled "Bring Your Own Device -Architectures, Design and Operation" (TECRST-2020). Implementing BYOD requires a comprehensive solution that ensures the security and reliability of the network while enhancing user experience and productivity. The exponential growth of consumer devices and the need to maintain continuous connectivity to corporate and Internet resources has brought new challenges to corporate networks. Network managers struggle to provide adequate connectivity to employees while protecting corporate data. This session focused on the architecture and framework required to deploy the proper network infrastructure, security components and device management to support different endpoints, each with unique permissions into the network. A combination of lectures and live demos provided the information needed for customers to build an effective BYOD solution. The latest Cisco Validated Design guide (CVD) 2.5 for BYOD was covered highlighting different BYOD use cases, including TrustSec, converged access and the integration with Mobile Device Managers (MDM) to receive device posture information.
Cisco TrustSec uniquely provides a policy-based platform, the Cisco Identity Services Engine (ISE), which offers integrated posture, profiling and guest services to make security control decisions. This solution provides a growing mobile and complex workforce with appropriate and more secure access from any device and lowers security risks by providing comprehensive visibility about who and what is connecting to the wired or wireless network. In this presentation, I covered in detail the use of Security Group Tags (SGTs). SGTs allow customers to keep existing logical design at the access layer; change and apply policy to meet today's business requirements; and distribute policy from a central management server (Cisco ISE). This solution provides a topology independent access control based on roles and allows for a scalable ingress tagging and egress filtering via Source Group Access Control Lists (SGACLs). Endpoint admission is enforced via 802.1X authentication, MAC Auth Bypass (MAB), or Web Auth and network device admission control is based on 802.1X to create a trusted networking environment.
As part of this BYOD marathon, Imran Bashir provided an overview of the BYOD architectures and ISE implementations; Jazib Frahim provided an overview of BYOD Security Architectures; Carlos Alcantara provided an overview of wireless architectures; and Fernando Macias and Nelson Figueroa covered the Cisco Validated Design (CVD), customer use cases, and advanced mobile device management integration topics.
I was also able to present and proctor the following labs:
After my sessions each day, I participated in three "Meet the Expert" events discussing several security topics in private sessions with customers from different verticals (including financial services, mobile service providers, and industrial customers). The topics included datacenter security, emerging security threats, as well deep-technical discussions about next-generation firewalls.
One of the hottest topics discussed during the conference was the introduction of Cisco's Application Centric Infrastructure (ACI). As Chris Young explained in his recent post , ACI plays a huge role in security. It provides proper isolation and SLAs for different tenants, while providing a consistent security policy across physical and virtual applications. Administrators can define security and networking policies using a common policy language abstraction. ACI leverages Cisco's Open Network Environment (ONE), with open APIs, open source, and open standards.
Security is clearly top-of-mind for Cisco customers. Cisco Live global conferences provide deep-technical training designed to help customers master the practical steps necessary for defending their networks against the ever evolving security threat landscape. I was very fortunate to be able to share best practices and talk to customers from many different backgrounds and industries.