We’re all talking about hybrid work, but are we prepared to handle complexity in a hybrid environment? Cisco helped a variety of customers answer this question based on their specific needs and requirements, deploying a series of solutions to make ‘business as usual’ more flexible and seamless in the new normal.
One of the most prominent solutions we’ve architected has been for customers in the IT and ITeS space. For them, maintaining a segmented project environment is critical as they serve a variety of customers who sometimes work in highly regulated industries. As a result, the organizations seek to reuse the existing segmentation model along with its numerous policies as they re-imagined their network, including for work-from-anywhere and home office network setups.
In the IT and ITeS industry, these segmented project environments are often referred to as Offshore Development Centers (ODCs). The highly complex nature of networks in these ODC environments makes it important to be able to define policies once and reuse them wherever they’re needed. This is even more complex as organizations need to comply with the regulatory requirements of their client’s organization irrespective of where your physical location.
Think professionals working for an IT company supporting a global bank as it deploys a new version of its core banking platform, integrated with its various internal and external applications. The configuration of this project would typically be carried out in a designated area in the IT company’s office at a key location – which is important given the fact that personally identifiable information and sensitive financial data must be kept secure, and a host of regulations must be complied with.
Now think of this group either working remotely from their home office or reporting to one of the many satellite offices of the IT organizations depending on the accessibility and comfort of each of the professionals. How do you really make sure that the policies that must apply to the user follow them to their location, irrespective of which location they decide to work from?
To thrive in today’s hybrid working environment, you need an intelligent solution.
Before we dive into talking what can really be done, let’s address the fact that this setup isn’t just needed by clients in the IT and ITeS space. Any organization that has a need for segmented access with a unified policy can leverage the solution.
Think of asset managers working from home for their various investment funds, banks with advisors and consultants working remotely, insurance professionals serving healthcare organizations, and so on. The use cases are endless; a version of the solution deployed by our client in the IT and ITeS space can help all these organizations.
Automating policy deployment for segmented environments
While organizations need to pay reasonable attention to a segregated environment and the policies its network and users need, the reality is that each organization typically houses a number of such sensitive environments, one for each client. In practice, a single client can often have several mutually exclusive segregated environments depending on the projects they’ve assigned to the IT/ITeS firm or even the number of teams each project needs.
At the core, however, organizations need an intelligent system such as Cisco ISE which enables policy-based, automated network enforcement for access, security, and monitoring across all network domains. Instead of defining a policy separately for LAN, wireless LAN, WAN, and even remote access VPN (RA-VPN), Cisco ISE makes it possible to define a policy only once and apply it to all of these domains consistently on the basis of the user’s identity.
Cisco ISE is often seen as the centerpiece in zero-trust security for the workplace because of the intelligence ISE has, which enables it to identify the user and end points that onboard on to the Network and push the right policy at the access. ISE Combined with the assurance capabilities of DNAC provides deep visibility and insights into the traffic flowing on the enterprise network be it wired, wireless or remote access.
ISE helps modernize distributed environments by allowing for the use of a single or common directory service to authenticate users & devices for consistent identification across networks, making it possible to apply policies consistently.
While there’s a degree of network complexity, leveraging simple design workflows that follow Cisco’s best practices, ensures that users can work flexibly from any location, including home offices, with all the right provisioning, access, and so on.
Policy following the user makes hybrid work a reality
Taking a step back from talking about network configuration and architecture, the ability to create such solutions allows customers to think of the new normal in terms of experiences for their staff and gives the organization the flexibility it needs in order to keep up with the evolving trends in the market – ensuring it remains an attractive employer in the long-term.
Of course, any solution that is deployed, especially at scale, needs to be modern.
Powered by Cisco ISE, our clients not only achieve their objective of ensuring policies [and segmentation] follow users irrespective of where they choose to work from but also ensure that there is a high degree of automation, plenty of visibility of traffic down to the user-level, and a strong sense of security – all wrapped into a single dashboard provided by DNAC. Managing this new solution fit for the hybrid era is as easy as deploying it, and can be done remotely as well.
From afar, this is a complex use case, but it’s one whose demand is growing quickly because it lends itself to a variety of industries beyond IT and ITeS. The future is hybrid and organizations that think of it as an enabler rather than an obstacle will be able to invest in the right infrastructure and reap big rewards.
