How Cisco IT is Redefining Zero Belief within the AI Period

Cisco IT reworked safety for its world workforce by partnering with product and engineering groups to design and deploy Cisco Safe Entry internally. As buyer zero, Cisco IT helped enhance the product for each our enterprise and our clients to ship simplified operations, sturdy safety, and a seamless consumer expertise empowering workers and setting a blueprint for the way forward for zero belief and safe, versatile work. 

Because the staff answerable for securing Cisco’s world community and workforce, Cisco IT faces a novel problem: securing a hyper-distributed atmosphere for 130,000  and contractors, a sprawling ecosystem of units, functions, and connectivity strategies.  

For years, we tackled this problem with our custom-built answer, “CloudPort.” It was our try and create a single-tenant Safe Entry Service Edge (SASE), a regional hub for networking and safety. Whereas CloudPort delivered important advantages, it turned clear that sustaining and evolving this bespoke structure was consuming important assets. Assets we would have liked to concentrate on driving innovation and strategic initiatives.  

Like many organizations, we confronted the problem of doing extra with much less. Slightly than persevering with to take a position useful time and assets into constructing, sustaining, automating, and integrating our personal platform and instruments, we made a strategic resolution to shift in direction of a SASE/SSE method. The transition would permit our groups to concentrate on what really issues—addressing rising safety threats, significantly these associated to using AI. 

A deliberate and strategic method

Our timing was splendid, as Cisco was starting to launch initiatives to develop a completely new SASE/SSE answer. Our staff strongly believed that Cisco may construct a extra trendy, clever safety platform that really addresses the complicated challenges of immediately’s distributed workforce. Challenges like: 

• Person friction: Customers usually confronted inconsistent connectivity experiences, significantly with VPNs that required thought round how to hook up with the community somewhat than the method being clear. This launched pointless complexity with damaging impacts on consumer productiveness. The UX was dated and wanted to be modernized to handle the wants of our workforce.  
• IT overhead: Sustaining and integrating our present safety infrastructure consumed important engineer time, diverting assets from strategic initiatives. 
• Fragmented safety: Our safety enforcement mechanisms spanned a number of merchandise, requiring diligent efforts to take care of constant insurance policies and complete visibility. To reinforce effectivity and streamline administration, we acknowledged the worth of adopting a unified method to safety. 
• Evolving threats: Rising threats, such because the dangers related to Generative AI, demanded stricter controls and proactive safety measures. 
• Hybrid work: Our workforce connects from residence, places of work, and varied different areas, accessing functions throughout non-public information facilities, public clouds, and SaaS environments. This panorama required an answer that would adapt to numerous environments and connectivity strategies. 
• Scale and variety: Managing a world community with an unlimited variety of customers, units, and connectivity choices is inherently complicated. 

Sluggish and regular wins the race

With full confidence within the imaginative and prescient that will develop into Cisco Safe Entry (CSA), we dedicated to deploying the answer at scale inside our group as an early adopter, proving its readiness earlier than it turned publicly obtainable and fixing for the real-world enterprise issues we confronted in IT. 

We already had over 10 years of expertise in constructing and working our personal {custom} answer and provided our experience and distinctive perspective to assist form Safe Entry right into a product that will meet the wants of each our personal group inside Cisco IT and our clients. Our focus was on designing a complete platform that would adapt to the evolving digital panorama and assist future-proof our workplaces for years to return. 

As a substitute of dashing to market, we took our time to establish essentially the most urgent wants. We knew that if it didn’t handle the issues we confronted in Cisco IT, it wouldn’t for our clients both. We would have liked to ensure the answer was carried out proper and as much as our personal requirements with zero exceptions. 

How we helped as Cisco’s first buyer

Our purpose is to all the time be Cisco’s first buyer and assist enhance our merchandise within the early phases, earlier than they go to market. We spent a 12 months creating and perfecting the product earlier than our personal inner deployment, and we’re proud to report that now we have nearly 100 characteristic enhancements submitted so far which have helped optimize the product for not solely ourselves, however our clients as effectively. Our “Buyer Zero” technique is prime to the journey of delivering the very best merchandise which might be straightforward for each our enterprise and clients to undertake. 

We began with small Proof of Ideas, testing completely different applied sciences, gaining confidence, and dealing carefully with the product and engineering groups to make sure the product shipped was the best high quality. The groups constructing the product have been the primary to check it, giving them firsthand expertise with each the product’s high quality and the outcomes of their very own work. 

The result’s a cloud-delivered answer that consolidates a number of safety features right into a unified platform. This method allowed us to: 

• Simplify IT operations and safety administration 
• Cut back the operational complexity of disparate parts  
• Present a constant and clear consumer expertise 
• Implement extra sturdy safety controls

Delivering a optimistic expertise for Cisco workers

Our preliminary section of internally adopting Safe Entry took six months — with minimal disruption to customers. Whereas we may have accelerated the migration, we prioritized high quality and consumer expertise over pace. Guaranteeing an almost seamless transition for our inner IT shoppers was important in demonstrating to our clients that they can also migrate with confidence.  

It’s a must to crawl earlier than you possibly can stroll, and stroll earlier than you possibly can run. Our method adopted this sentiment: 

Section 1: Crawl (VPN Migration)

Our first section targeted on migrating VPN companies to Safe Entry. This section was strategic, addressing two crucial aims:  

1. Changing getting older VPN infrastructure 
2. Fixing for consumer friction whereas enhancing safety 

By simplifying the connection expertise for customers and enabling quicker subject decision by way of unified information, we lowered consumer friction. On the identical time, we enhanced safety by effectively proscribing entry from high-risk areas, implementing extra environment friendly coverage, and gaining highly effective safety telemetry.  

As well as, we simplify the lives of IT operators and Safety Analysts with: 

• AI Assistant: The AI Assistant offers steerage in establishing Cisco Safe Entry and helps troubleshoot entry points to non-public functions.  
• ThousandEyes: Digital Expertise Monitoring (DEM) capabilities proactively measure UX and efficiency from the consumer endpoints to CSA and significant functions to offer insights into potential points. 
• Splunk: Telemetry information from CSA is fed into Splunk for fast entry to pre-built dashboards permitting for in-depth root trigger evaluation.  

We will now leverage AI-powered capabilities to proactively detect and resolve points — usually earlier than customers also have a probability to open a ticket. 

Section 2: Stroll (Proxy and Zero Belief)

The second section is concentrated on accelerating our zero belief journey and mitigating dangers related to GenAI utilization. Over the subsequent three months, we plan to deploy these capabilities pervasively throughout your entire workforce. This section facilities round three key parts:  

1. DNS: Performing a full migration from Cisco Umbrella to Cisco Safe Entry to simplify and unify safety coverage. 
2. GenAI Danger Mitigation: Implementing AI Entry controls to guard in opposition to the dangers of utilizing third social gathering GenAI Purposes. With higher visibility into what AI Apps are getting used and the dangers related to them, we are able to inform our customers and stop publicity of delicate information utilizing Knowledge Loss Prevention capabilities. 
3. Zero Belief: Enabling the vast majority of functions for Zero Belief Entry, with each shopper and browser-based controls, to implement constant least privilege entry from anyplace.  

 Section 3: Run (Unified Coverage and Enterprise Worth)

On this section, we’re shifting our focus from simply customers to additionally securing units and issues, integrating our SD-WAN places of work with Cisco Safe Entry to ship unified zero belief throughout the atmosphere. We’ll proceed to leverage ongoing product improvements to quickly handle and adapt to rising safety threats. 

Our final purpose is to advance our zero belief imaginative and prescient by way of unified coverage administration throughout Cisco’s Hybrid Mesh Firewall, driving even better safety and enterprise worth for ourselves and our IT shoppers.  

Reaping the rewards of Cisco Safe Entry

Sipping our personal champagne has by no means tasted sweeter. What beforehand required complicated, multi-step processes can now be achieved in only a few clicks. With Safe Entry, we now have a single pane of glass for configuration and administration.  

Not solely that, however by consolidating safety companies, we’ve lowered potential safety gaps and improved our means to implement constant insurance policies throughout the enterprise and mitigate potential AI-related safety dangers.  

And eventually, our workers can now get pleasure from a constant connection expertise, whether or not they’re within the workplace, at residence, or working from a espresso store. And there’s a lot extra to return.  

 Classes discovered alongside the best way

Our journey with Safe Entry has been a rewarding studying expertise. Alongside the best way, we’ve gained useful insights which have strengthened our method and contributed to our ongoing success: 

• Cross-functional collaboration is essential: The adoption of Cisco Safe Entry has established nearer relationships with many groups throughout IT and Safety. By carefully working collectively in direction of a standard purpose, we obtain better outcomes. 
• Government sponsorship is important: Securing govt assist is essential for driving prioritization, funding, and alignment throughout groups. 
• Person expertise issues: Prioritizing consumer expertise is crucial for adoption and satisfaction. 
• A phased rollout minimizes disruption: A gradual, iterative method permits us to handle challenges and guarantee a clean transition. 
• Modernizing insurance policies is a should: We have to reimagine our safety insurance policies to take full benefit of the Cisco platform and product capabilities, one thing we’ve efficiently exemplified with Safe Entry. 

Powering the way forward for zero belief

Safe Entry is the cornerstone of our zero belief technique, serving as a complete, built-in safety answer that goes past conventional entry strategies. It’s not a single device, however a whole ecosystem of safety companies delivered from the cloud.  

Our adoption of Cisco Safe Entry is a testomony to our dedication to offering a safe, seamless, and modern IT atmosphere for our workers and clients alike. By persevering with to evolve and improve our zero belief technique, we’re empowering our workforce to be extra productive, collaborative, and safe — no matter the place they work. 

We’re enthusiastic about each the long run and potential of Safe Entry to remodel our safety posture and allow new and thrilling use instances, like AI-driven safety insurance policies and real-time information loss prevention. We consider that Safe Entry is a strategic enabler, and a key part of our imaginative and prescient for a future-proofed office.  

We’re assured that our journey with Safe Entry is not going to solely profit Cisco IT, but in addition function a useful blueprint for different organizations searching for to bolster their very own zero belief methods. 

To be taught extra, learn the case research (hyperlink to return,) discover our journey (hyperlink to return,) and take a look at this session from CLEMEA 2025.  

To be taught extra, learn the case research, discover our journey, and take a look at this session from CLEMEA 2025.  

 Discover extra Cisco on Cisco blogs right here