How Cisco IT is Redefining Zero Belief within the AI Period

Cisco IT remodeled safety for its international workforce by partnering with product and engineering groups to design and deploy Cisco Safe Entry internally. As buyer zero, Cisco IT helped enhance the product for each our enterprise and our prospects to ship simplified operations, sturdy safety, and a seamless person expertise empowering workers and setting a blueprint for the way forward for zero belief and safe, versatile work. 

Because the workforce accountable for securing Cisco’s international community and workforce, Cisco IT faces a novel problem: securing a hyper-distributed surroundings for 130,000  and contractors, a sprawling ecosystem of gadgets, functions, and connectivity strategies.  

For years, we tackled this problem with our custom-built answer, “CloudPort.” It was our try and create a single-tenant Safe Entry Service Edge (SASE), a regional hub for networking and safety. Whereas CloudPort delivered important advantages, it grew to become clear that sustaining and evolving this bespoke structure was consuming important sources. Sources we wanted to concentrate on driving innovation and strategic initiatives.  

Like many organizations, we confronted the problem of doing extra with much less. Moderately than persevering with to take a position invaluable time and sources into constructing, sustaining, automating, and integrating our personal platform and instruments, we made a strategic determination to shift in the direction of a SASE/SSE strategy. The transition would permit our groups to concentrate on what really issues—addressing rising safety threats, significantly these associated to using AI. 

A deliberate and strategic strategy

Our timing was best, as Cisco was starting to launch initiatives to develop a wholly new SASE/SSE answer. Our workforce strongly believed that Cisco may construct a extra trendy, clever safety platform that really addresses the complicated challenges of immediately’s distributed workforce. Challenges like: 

• Consumer friction: Customers usually confronted inconsistent connectivity experiences, significantly with VPNs that required thought round how to hook up with the community quite than the method being clear. This launched pointless complexity with detrimental impacts on person productiveness. The UX was dated and wanted to be modernized to handle the wants of our workforce.  
• IT overhead: Sustaining and integrating our current safety infrastructure consumed important engineer time, diverting sources from strategic initiatives. 
• Fragmented safety: Our safety enforcement mechanisms spanned a number of merchandise, requiring diligent efforts to keep up constant insurance policies and complete visibility. To boost effectivity and streamline administration, we acknowledged the worth of adopting a unified strategy to safety. 
• Evolving threats: Rising threats, such because the dangers related to Generative AI, demanded stricter controls and proactive safety measures. 
• Hybrid work: Our workforce connects from dwelling, workplaces, and varied different places, accessing functions throughout non-public knowledge facilities, public clouds, and SaaS environments. This panorama required an answer that might adapt to various environments and connectivity strategies. 
• Scale and variety: Managing a world community with an unlimited variety of customers, gadgets, and connectivity choices is inherently complicated. 

Gradual and regular wins the race

With full confidence within the imaginative and prescient that will turn into Cisco Safe Entry (CSA), we dedicated to deploying the answer at scale inside our group as an early adopter, proving its readiness earlier than it grew to become publicly out there and fixing for the real-world enterprise issues we confronted in IT. 

We already had over 10 years of expertise in constructing and working our personal {custom} answer and provided our experience and distinctive perspective to assist form Safe Entry right into a product that will meet the wants of each our personal group inside Cisco IT and our prospects. Our focus was on designing a complete platform that might adapt to the evolving digital panorama and assist future-proof our workplaces for years to come back. 

As an alternative of dashing to market, we took our time to determine probably the most urgent wants. We knew that if it didn’t tackle the issues we confronted in Cisco IT, it wouldn’t for our prospects both. We would have liked to verify the answer was carried out proper and as much as our personal requirements with zero exceptions. 

How we helped as Cisco’s first buyer

Our aim is to all the time be Cisco’s first buyer and assist enhance our merchandise within the early levels, earlier than they go to market. We spent a yr creating and perfecting the product earlier than our personal inside deployment, and we’re proud to report that we have now nearly 100 characteristic enhancements submitted so far which have helped optimize the product for not solely ourselves, however our prospects as properly. Our “Buyer Zero” technique is key to the journey of delivering the very best merchandise which are simple for each our enterprise and prospects to undertake. 

We began with small Proof of Ideas, testing completely different applied sciences, gaining confidence, and dealing carefully with the product and engineering groups to make sure the product shipped was the best high quality. The groups constructing the product have been the primary to check it, giving them firsthand expertise with each the product’s high quality and the outcomes of their very own work. 

The result’s a cloud-delivered answer that consolidates a number of safety capabilities right into a unified platform. This strategy allowed us to: 

• Simplify IT operations and safety administration 
• Cut back the operational complexity of disparate parts  
• Present a constant and clear person expertise 
• Implement extra sturdy safety controls

Delivering a optimistic expertise for Cisco workers

Our preliminary part of internally adopting Safe Entry took six months — with minimal disruption to customers. Whereas we may have accelerated the migration, we prioritized high quality and person expertise over velocity. Making certain a virtually seamless transition for our inside IT shoppers was important in demonstrating to our prospects that they can also migrate with confidence.  

It’s a must to crawl earlier than you possibly can stroll, and stroll earlier than you possibly can run. Our strategy adopted this sentiment: 

Part 1: Crawl (VPN Migration)

Our first part centered on migrating VPN companies to Safe Entry. This part was strategic, addressing two important aims:  

1. Changing growing old VPN infrastructure 
2. Fixing for person friction whereas enhancing safety 

By simplifying the connection expertise for customers and enabling quicker problem decision by unified knowledge, we diminished person friction. On the identical time, we enhanced safety by effectively proscribing entry from high-risk places, implementing extra environment friendly coverage, and gaining highly effective safety telemetry.  

As well as, we simplify the lives of IT operators and Safety Analysts with: 

• AI Assistant: The AI Assistant gives steering in establishing Cisco Safe Entry and helps troubleshoot entry points to non-public functions.  
• ThousandEyes: Digital Expertise Monitoring (DEM) capabilities proactively measure UX and efficiency from the person endpoints to CSA and demanding functions to offer insights into potential points. 
• Splunk: Telemetry knowledge from CSA is fed into Splunk for fast entry to pre-built dashboards permitting for in-depth root trigger evaluation.  

We will now leverage AI-powered capabilities to proactively detect and resolve points — usually earlier than customers actually have a likelihood to open a ticket. 

Part 2: Stroll (Proxy and Zero Belief)

The second part is targeted on accelerating our zero belief journey and mitigating dangers related to GenAI utilization. Over the following three months, we plan to deploy these capabilities pervasively throughout the whole workforce. This part facilities round three key parts:  

1. DNS: Performing a full migration from Cisco Umbrella to Cisco Safe Entry to simplify and unify safety coverage. 
2. GenAI Danger Mitigation: Implementing AI Entry controls to guard in opposition to the dangers of utilizing third get together GenAI Purposes. With higher visibility into what AI Apps are getting used and the dangers related to them, we will inform our customers and stop publicity of delicate knowledge utilizing Information Loss Prevention capabilities. 
3. Zero Belief: Enabling the vast majority of functions for Zero Belief Entry, with each consumer and browser-based controls, to implement constant least privilege entry from anyplace.  

 Part 3: Run (Unified Coverage and Enterprise Worth)

On this part, we’re shifting our focus from simply customers to additionally securing gadgets and issues, integrating our SD-WAN workplaces with Cisco Safe Entry to ship unified zero belief throughout the surroundings. We’ll proceed to leverage ongoing product improvements to quickly tackle and adapt to rising safety threats. 

Our final aim is to advance our zero belief imaginative and prescient by unified coverage administration throughout Cisco’s Hybrid Mesh Firewall, driving even better safety and enterprise worth for ourselves and our IT shoppers.  

Reaping the rewards of Cisco Safe Entry

Sipping our personal champagne has by no means tasted sweeter. What beforehand required complicated, multi-step processes can now be achieved in just some clicks. With Safe Entry, we now have a single pane of glass for configuration and administration.  

Not solely that, however by consolidating safety companies, we’ve diminished potential safety gaps and improved our means to implement constant insurance policies throughout the enterprise and mitigate potential AI-related safety dangers.  

And eventually, our workers can now take pleasure in a constant connection expertise, whether or not they’re within the workplace, at dwelling, or working from a espresso store. And there’s a lot extra to come back.  

 Classes realized alongside the way in which

Our journey with Safe Entry has been a rewarding studying expertise. Alongside the way in which, we’ve gained invaluable insights which have strengthened our strategy and contributed to our ongoing success: 

• Cross-functional collaboration is vital: The adoption of Cisco Safe Entry has established nearer relationships with many groups throughout IT and Safety. By carefully working collectively in the direction of a standard aim, we obtain better outcomes. 
• Government sponsorship is important: Securing government assist is essential for driving prioritization, funding, and alignment throughout groups. 
• Consumer expertise issues: Prioritizing person expertise is important for adoption and satisfaction. 
• A phased rollout minimizes disruption: A gradual, iterative strategy permits us to handle challenges and guarantee a easy transition. 
• Modernizing insurance policies is a should: We have to reimagine our safety insurance policies to take full benefit of the Cisco platform and product capabilities, one thing we’ve efficiently exemplified with Safe Entry. 

Powering the way forward for zero belief

Safe Entry is the cornerstone of our zero belief technique, serving as a complete, built-in safety answer that goes past conventional entry strategies. It’s not a single instrument, however a complete ecosystem of safety companies delivered from the cloud.  

Our adoption of Cisco Safe Entry is a testomony to our dedication to offering a safe, seamless, and revolutionary IT surroundings for our workers and prospects alike. By persevering with to evolve and improve our zero belief technique, we’re empowering our workforce to be extra productive, collaborative, and safe — no matter the place they work. 

We’re enthusiastic about each the longer term and potential of Safe Entry to remodel our safety posture and allow new and thrilling use circumstances, like AI-driven safety insurance policies and real-time knowledge loss prevention. We consider that Safe Entry is a strategic enabler, and a key element of our imaginative and prescient for a future-proofed office.  

We’re assured that our journey with Safe Entry won’t solely profit Cisco IT, but additionally function a invaluable blueprint for different organizations in search of to bolster their very own zero belief methods. 

To study extra, learn the case research (hyperlink to come back,) discover our journey (hyperlink to come back,) and take a look at this session from CLEMEA 2025.  

To study extra, learn the case research, discover our journey, and take a look at this session from CLEMEA 2025.  

 Discover extra Cisco on Cisco blogs right here