The best security is the one that is invisible

Written by Sudhir Chowdhary | Updated: Jan 6 2014, 09:29am hrs
We are in the middle of several major market trends and transitions, including bring-your-own-device (BYOD), mobility, social and cloud computing. While security is at the centre of these transitions, businesses really want simplicity and seamlessly integrated solutions for their IT networks. BYOD is an example of something that is rapidly changing. Security also has to evolve, says Bret Hartman, chief technology officer, Security Technology Group, Cisco Systems. Bret is responsible for defining the overall technology strategy for security at the US networking giant. This primarily consists of two pieces aligning Ciscos security product portfolio to the market requirements and preempting the transitions that will take place over the next several years, especially two to five years out, so Cisco can develop structured long term strategies.

Bret is a well-known security industry leader, with over 30 years of experience building information security solutions for major enterprises like RSA (the security division of EMC), IBM, DataPower Technology and Quadrasis Security. According to him, security does not involve selling products to make the network safe. It is about making sure that all the products are secure and that security is embedded to everything going out of Cisco. During the past decade, Ciscos security posture has evolved from focusing on unprotected desktops, to proliferating device types and a future of cloud-connected ecosystems. The best security is one that works in the background and stays out of the persons way, he tells Sudhir Chowdhary in a recent interaction. Excerpts:

BYOD is making its way into the workplace. How should enterprises prepare to manage it

Bring-your-own-device is a challenging area and as a security technologist I am always thinking about where it is going, what are we doing now and what is next. BYOD is an example of something that is rapidly changing. The way we use portable devices continues to change and evolve. So that means security how we manage the risks of those BYODsalso has to evolve.

Today, the approach is through mobile device managementa simple approach. It helps control what is on those devices and does its best to protect against different kinds of attacks. Device vendors too are increasingly concerned about security and are making sure to build end-points that are safe. Apple, Google and Microsoft are but a few examples.

The challenge that enterprises have is essentially on investments in add-on products. As security gets more mature, it will be embedded and become a critical part of the platform. We will continue to see these transitions play out for the next few years. As mobile devices become more mainstream, enterprise customers will demand access to better devices and products. As a result, enterprises will have to continue evolving their security architecture to keep up with the latest mobile products being introduced in the market.

How does the deployment of advanced security solutions help reduce the frequency and impact of these attacks

The best security is security that is transparent, invisible, which works in the background and stays out of the persons way. Cisco is focused on building intelligence right into the fabric, to address security concerns before, during and after. That means, we should be able to block threats in advance. If that fails, sound an alarm during the attack and action remedial measures post the attack vector. Our technology is based around advanced solutions that are about minimising the impact on a user and doing it without getting in their way.

A lot of vendors talk about making security a part of the IT networks itself. How is Ciscos strategy different from other vendors

All vendors are saying that because it is the best answer. Because the more that security is part of the IT stack, the simpler it is. When you have multiple solutions from different vendors, the security network becomes fragmented and complicated, opening up the customer to potential hazards.

What makes Ciscos approach different is really to do with the size of the companys footprint. I cant think of any company that has a bigger footprint than Cisco. The fact that Cisco has pervasive deployments of routers and switches across the world, major data centres or with the major service providers gives us tremendous visibility into the transfer of data 24x7.

Talk to us about cloud computing and what is Cisco doing to address the security requirements

Enterprise customers all over the world are looking for opportunities to take the applications and workloads running in the corporate data centres to the cloud as it provides cost-savings, flexibility and scalability. The main road block however is the business risk involved. Questions around trust, reliability, and compliance come into play.

At Cisco, we work with a number of cloud providers and service providers to make sure that what they are building is secure and provide them with relevant and real-time information they can rely on. Essentially those providers are our customers and we help them secure their own infrastructure. In that sense, Cisco is a platform provider for many of those cloud deployments.

The other area we focus on is delivering cloud-based services for security ourselves. We have over 20 data centres spread across the world. A huge amount of cloud-based traffic goes through Cisco infrastructure to protect those customers and we will continue to expand the offerings ourselves as well. So for example if you are on mobile device going through our cloud service, we will protect you from accessing a malicious website. We will protect you from malware getting on to your device.

With Sourcefire, a big acquisition that we made back a couple of months ago, we can now take to market some really great offerings for advanced malware protection that are cloud based. We are taking Sourcefires asset and adding it to what we already have in the cloud and will keep growing the set of features that we provide for cloud security.

What are some of the security measures that enterprises should look into when making their workplaces wireless

The most prominent challenge that enterprises face in their wireless transition is that there are different categories of users who want to use the same wireless system. So the access provided to guests, different categories of employees are all through the same wireless system. Policies in terms of what those different categories of people can access are also very different. Therefore it becomes really important to have a system in place to define and enforce policies for different kinds of users.

We have a product in this area called Identity Services Engine, ISE. It is a very popular product and is rapidly growing because it helps organisations provide seamless access basis on the requirements while still controlling who is able to view the right set of data. A lot of the wireless access queries boils down to answering the who, what, when, where and the how for each employee and their device of choice.