Cisco today at RSA took the wraps off plans for a new secure architecture that it says will enable customers to access information from any device at any location while still maintaining a high level of security and ease of use.
Dubbed the Cisco Secure Borderless Network, the architecture will stand on the strengths of two pillars Cisco announced today as a part of its product portfolio: AnyConnect Secure Mobility, an integrated suite including endpoint management, web security gateway and firewall technologies designed to secure connections across the board, and TrustSec policy-based access control. AnyConnect is due out in second quarter, as are enhancements to TrustSec which will expand Cisco’s customer capabilities in identity-aware networking.
"It’s the architecture of our underlying network infrastructure business," says Ross Fowler, vice president of borderless network architecture for Cisco. "There is a very big security theme behind this, because as the networks become borderless, there are some new challenges that customers are facing (in regard to security). But this is about the broader network architecture that we’re launching. We’re focusing on the transitions and we identified three market transitions that are really driving our network architecture into the future. The first one is mobility, second one is video, the third is around the workspace experience."
As channel customers try to leverage a whole range of mobile devices, utilize video for better collaboration and tap into a host of enterprise applications no matter whether they’re on or off the network–all while maintaining the integrity and security of critical enterprise data–Cisco hopes to smooth the process through the Secure Borderless network architecture.
The first piece of the architecture puzzle, AnyConnect Secure Mobility offers seamless connectivity no matter which device and what means of connectivity are used. For example, a customer with AnyConnect can enable users to maintain session state while filling out web forms on their laptop even as that laptop seamlessly switches between a spotty Wi-Fi connection and a 3G connection. The connections are offered transparently and securely, offering protection for both managed and unmanaged devices. AnyConnect integrates functionality across the mobility client and across Cisco’s IronPort S-Series Web Security Appliance and its Adaptive Security Appliance firewall. And the eventual game plan is to include hybrid enforcement delivered through the Cisco IronPort S-Series appliances and cloud-based security delivered through Cisco ScanSafe.
Incorporated into this will be TrustSec, which aids customers in building policy-based access control into their borderless networks. As a part of the new borderless initiative, TrustSec has been expanded to include Cisco NAC and Cisco Identity-Based Networking Services, adding integrated device profiling and guest access services for 802.1X, better end-to-end monitoring and troubleshooting, plus Security Group Tag (SGT) and SGT Exchange Protocol (SXP) technology for Catalyst and Nexus switches.
According to Fowler, the new architecture presents a host of opportunities for the channel.
"It’s not necessarily in terms of the customer value proposition, also in terms of the services and value add that they can bring to customers as well," he says. "I believe they can wrap some new assessment around the products. So we’ve found our partner community is very excited about this."
In addition, this new architecture introduces an improved revenue model over one that Cisco traditionally offers its partners, says Tom Gillis, vice president and general manager of the Security Technology business unit at Cisco.
"Cisco has historically been a box company," Gillis says. "A box has a certain business model associated with it. You buy it, you use it and then you wait for it reach capacity and buy another one. This solution has a recurring revenue model and from a partner perspective that can be a very good thing."