To be honest, most people don’t trust zero trust.
When users hear the term “zero trust,” they think it might take longer to log in to work. If you’re in IT or IT security, there are probably more products to buy and integrate into your existing, complex security stack. And of course, there’s auditing.
Perhaps that’s why so many zero trust projects fail.
However you interpret it, zero trust access is a difficult but desirable goal for many organizations, but most teams have not yet achieved zero trust maturity.1 — Especially useful for securing remote work.
At Cisco, we’ve designed our solutions to overcome common obstacles by providing a secure office experience from anywhere. And we know because we’ve been on the Zero Trust journey with our user community and IT teams for years.
Cisco on Cisco: Zero Trust Access at Scale
We started with the enterprise rollout of Cisco Duo for a remote-first workforce in 2020 and are now deploying Cisco Secure Access. Cisco’s vast and diverse IT infrastructure includes:
- ‘Things’ connected to 1 million IPs
- 27,000 Cisco video devices
- 62,000 mobile devices
… large campuses, small offices, homes, customer sites, roaming users, etc..
Shortening time to value realization
In our first phase of 2020, we launched Duo for anti-phishing multi-factor authentication (MFA) and device posture across our broad user community in just five months, saving $500,000 in help desk tickets in the first year and preventing over 86,000 potential endpoint compromises per month.
We recently deployed Cisco Secure Access, a Security Service Edge (SSE) solution optimized to ease the transition from legacy VPN architectures to Zero Trust Network Access (ZTNA) via VPN-as-a-Service (VPNaaS). It’s only the beginning, but we’ve already seen the value.
Secure Access eliminates the need for multiple teams to analyze networking and security data and avoids complex tasks like IP user mapping, resulting in: 25% Reduced average time to resolve user connectivity issues. In the past, a single-region on-premises VPN activation process could take weeks to a month. Now, using the VPNaaS capabilities within Secure Access, our team can enable: 5 locations in just 3 hours.
Reduce time to increase productivity
A typical Cisco remote worker’s job responsibilities include:
- Whether at the breakfast table or in the office, users log in to their laptops “password-less” via Windows Hello or Mac TouchID, and Cisco Duo extends that OS-level trust to all use cases—cross-browser and embedded—in the background.
- Cisco Duo is fully context-aware, recognizing it as a normal user activity, reducing the user interaction required for authentication. That is, when device posture and other contextual risk attributes change, the user is prompted to re-establish trust through risk-based authentication (e.g., Verified Push).
- With ZTNA, remote workers can automatically and transparently access all the applications they need through Cisco’s VPN-as-a-Service. You don’t even have to think about how to access the apps. With Cisco Secure Access, it just works.
- Even when employees are not on the corporate network, their internet access is transparently protected by a variety of integrated cloud-delivered security tools, including DNS layer security, secure web gateway, CASB, DLP, and remote browser isolation.
Problems with Early SSE Products
Unfortunately, the first SSE solutions to hit the market were not designed for a remote-first workplace. Instead, most of these vendors started with point products (e.g., CASB, NGFW, SWG, etc.) and then bolted on additional functionality to qualify as an SSE vendor and secure their zero trust budget.
The result is a weak, disconnected and siloed management experience and a lack of identity and context awareness. These challenges slow down zero trust adoption and make it difficult for teams to provide consistent and secure experiences for all workers connecting to any type of application.
- Lack of visibility: Who are your users, what do they have access to, what policies are required, which devices are managed and which are unmanaged, and what is their end-to-end digital experience?
- User frustration: High latency, dropped connections, confusing authentication and app access workflows, poor performance even on typical office applications, and no way to know where performance issues are.
- Complex management: Multiple agents, consoles, and policies make it more difficult to enforce proper zero trust access policies everywhere.
- Expensive surprises: Organizations can’t simply stop supporting VPNs because some apps don’t work well with ZTNA. And evolving to Zero Trust on your own schedule is a better approach than forcing a replacement for a risky VPN.
Given the challenges of these solutions, it’s no wonder that organizations struggle with zero trust initiatives. Both end users and IT teams need a better zero trust experience.
Cisco Zero Trust Access
Cisco Zero Trust Access solution is different. The architecture is built to: Providing an in-office experience wherever you arePowered by combining the industry’s most manageable, robust identity security with leading Security Service Edge (SSE) capabilities.
In addition to satisfied users, benefits for IT and IT security teams include:
- SSE deployment is made easy with a single client. — The multi-functional Cisco Secure Client helps improve interoperability and reduce costs with a single installer. Modular features include ZTNA, VPNaaS, SWG outside the corporate network, and DNS layer security protection.
- More secure and simpler multi-factor authentication — Today, attackers often don’t hack into your business; they just log in. Duo evaluates identity behavior and attributes before, during, and after login to ensure secure access and automatically adjusts authentication strength based on contextual risk.
- Reduce support calls — Unlike other ZTNA solutions that use legacy protocols with performance limitations, Cisco’s native internal transport (Vector Packet Processing, or VPP) is faster and more reliable using modern protocols including QUIC and MASQUE.
- No management updates, no on-site visits — All elements All security in our Zero Trust Access solution is managed in the cloud, and all security except client activity is provided globally in the cloud.
- Ongoing management simplified. — Compared to solutions that feature separate consoles for Internet Access Security, ZTNA, and VPN, Cisco’s Zero Trust Access integrates these functions into one, increasing visibility, enabling more comprehensive security policies, and saving valuable time.
- Excellent mobile support — Partnerships with leading mobile device manufacturers like Apple and Samsung provide industry-first operating system-level integration for more reliable connectivity.
Make Zero Trust easier, more effective, and more efficient.
Only Cisco Zero Trust Access delivers strong identity security combined with comprehensive, easy-to-manage SSE, enabling you to deliver a consistent office experience from anywhere, ensuring security doesn’t get in the way of productivity.
The Cisco Secure Access SSE solution includes integrated VPNaaS in addition to ZTNA, so you can begin your Zero Trust journey on your own schedule without being tied to the limitations of other vendors.
Register for our next event to learn more about Cisco Zero Trust Access and how it can transform your approach to security. workshop or Explore Products sightseeing Cisco Secure Access’s
1Based on research from Cisco’s latest Zero Trust Security Outcomes Report
We want to hear from you. Ask questions, comment below, and stay connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
twitter
LinkedIn
Share: