Securing the Modern Hyper-Distributed Network: Perspectives from the 2023 Gartner Magic Quadrant for SD-WAN

A typical day’s tasks for today’s modern worker are frequently distributed across multiple devices, applications, and locations. They could be working from home, analyzing CRM dashboards, and later, they might be at a coffee shop reviewing slides for an upcoming customer meeting. Perhaps they then head into the office for team meetings, followed by catching up with emails and messages on the commute home.

For a networking and security leader, a typical day looks very different. Those individuals need to ensure that the WAN is delivering a superior app performance connecting users to applications wherever they are. They also need to know if an untrusted device is being used to access confidential CRM dashboards. How is network traffic being secured outside the office? How are apps and services being accessed and secured?

Multiply these security concerns by the number of employees at numerous office locations, and then factor in technology-led business transformation initiatives, and we start to understand the complexity facing IT to secure and connect hyper-distributed users and resources everywhere.

Choose the right security

We hear you loud and clear—security and high performance are top priorities. In the face of constant change and increasing complexity—especially over the WAN—organizations must implement security technologies that converge with their SD-WAN, enforcing them as close as possible to users and workloads. For the most effective implementation, this will require security hosted on-premises and in the cloud that ensures the best possible app performance.

The importance of security with SD-WAN was acknowledge by Gartner in its recently published 2023 Magic Quadrant for SD-WAN report, which provides an annual evaluation of the SD-WAN market for IT leaders. We feel this year’s report includes the most thorough assessment of security capabilities—hosted on-premises and in the cloud—since Gartner Magic Quadrant for SD-WAN began.

In 2023, Cisco was named a Leader for the fourth consecutive year.

At Cisco, we work closely with our customers and partners to better understand their challenges so we can build products and solutions that support their long-term goals. These continued partnerships provide us with the insight to deeply ingrain advanced security technologies into Cisco SD-WAN.

• The right security: Stateful firewall, intrusion detection systems (IDS), intrusion prevention systems (IPS), advanced malware protection (AMP), URL filtering, HTTPS inspection, data loss prevention (DLP), cloud access security broker (CASB), and more—are all natively informed by the world’s largest commercial threat intelligence team, Talos.
• Hosted in the right place: On-premises or in the cloud (native or third party) hosting ensures that security policies are enforced closely to workloads and users.
• SASE your way: WAN appliances provide the building blocks to effortlessly chart your own journey.

Seek real-world validation

With a highly dense market of network security technologies and products to choose from, understanding which solutions will perform best for your environment and be the right long-term strategic fit can be confusing. While there is no substitute for testing solutions in a production environment, independent testing that mirrors real-world conditions can help identify top performers and refine a shortlist.

Miercom, a leading independent product test center, conducted a thorough evaluation of Cisco’s security and SD-WAN technologies delivered through Cisco Catalyst and Meraki WAN appliances. These tests were meticulously designed to match real-world conditions as closely as possible, instead of a theoretical laboratory environment.

Figure 1. According to leading independent product test center Miercom, Cisco’s malware efficacy is 25% better than the industry average. Across 11 malware exploit categories, Cisco averaged 98% malware efficacy.

Maximize your WAN

The WAN is central to an organization’s success. In addition to an uncompromising commitment to security, we continue to push Cisco SD-WAN beyond traditional expectations to help IT leaders maximize the potential of the WAN for their business through:

• Delivering high performance, irrespective of where users and workloads live, to provide a superior experience wherever users and workloads are.
• Simplifying cloud migration with integration and streamlined workflows for AWS Cloud WAN and Microsoft Azure Virtual WAN.
• Enabling secure, long-term remote work strategies with Meraki Z4 and Catalyst CG113 secure teleworker gateways.
• Providing continuous visibility across all the hyper-distributed internal and external domains with instant activation of Cisco ThousandEyes, which leverages predictive patch recommendations (PPR) to deliver proactive feedback, enhancing the user experience for critical application performance across the SD-WAN fabric.
• Enabling agile business models using 5G fixed wireless access through indoor and outdoor Meraki MG51 and Catalyst CG522 cellular gateways.

Build a long-term strategy for simplicity

At Cisco, we’re committed to helping organizations simplify IT. Our vision is to create a simpler network management platform experience to help customers easily access and manage Cisco networking products from one place—the Cisco Networking Cloud.

The distribution of users and resources will continue to evolve along with the IT landscape, creating new complexities along the way. Simplifying the IT experience enables IT to better automate, analyze, and diagnose issues—supporting a framework that is well-positioned to evolve alongside the modern hyper-distributed network and helping to secure and connect hyper-distributed users and resources, no matter where they are located.

Source: cisco.com

Continue reading

End-to-End Visibility and Actionable Insights Underpin Great Connected Experiences

Three networking megatrends have upended how businesses approach networking to support the distributed workforce.

First, cloud has become the new data center, with workloads moving from on-premises to hybrid cloud and multicloud architectures. Secondly, the internet is now the new network, with reliance on business connectivity traversing diverse networking domains. And lastly, with so many remote and hybrid workers, the office is now essentially anywhere.

This evolution has made delivering a high-quality, reliable experience—connecting everyone to everything everywhere—significantly more complex. After the need to provide secure access to applications across multiple clouds, the second biggest challenge cited by 37% of respondents in our 2023 Global Networking Trends Report was gaining end-to-end visibility into network performance and security as more traffic originates or terminates beyond the boundaries of the corporate network.

Which begs the question: How do you identify, diagnose, and remediate problems that occur throughout the digital supply chain—the domains within and outside your infrastructure and all hops between a user’s device and an application or service in the cloud? Read on to find out how.

Tackling assurance complexity across multiple network domains

Great connected experiences are table stakes for businesses today. The digital economy relies on always-on applications and services to support employees and consumers. Failure is not an option.

Prior to the hyperconnectivity of today’s digital economy, business applications and services within corporate domains were well served by network monitoring solutions and processes that were localized and handled specific domains like wireless. But to remediate issues in enterprise WANs, admins had to contact their counterparts within cloud and internet provider organizations to jointly diagnose and remediate service and security problems. Often, this resulted in a lot of finger pointing. Businesses acted reactively instead of proactively. Issues could take a long time to get resolved.

Providing network assurance for a high-quality connected experience today requires end-to-end visibility and insights across diverse clouds, network providers, the internet, devices, and geographies—each with their own operational domains (see Figure 1). Without end-to-end visibility into network performance, application responsiveness, and security, it is extremely challenging for IT teams to deliver consistent digital experiences to end users.

Figure 1. Complex digital supply chain with interdependencies, increased failure surface, and unpredictability (click to enlarge)

A person working from home, for example, might run into a problem with Slack. The wireless network in their home office would be connected to an access network that would be connected to an edge router traversing a cloud network to the Slack application. Domain-specific tools can only see a small segment of this traffic. Admins without end-to-end visibility can’t see the big picture.

End-to-end visibility is foundational for SASE

A majority (51%) of organizations in our 2023 Global Networking Trends Report said that with their adoption of more software-as-a-service (SaaS) and multicloud solutions, they see investment in a solution that provides end-to-end visibility as a top priority. This may be in response to recent research by the Uptime Institute that found third-party operators—including cloud, hosting, colocation, and telecom providers—accounted for 70% of all publicly reported outages.

End-to-end visibility, analytics, and operational workflows allow admins to take decisive action to proactively remediate connectivity issues. In a secure access service edge (SASE) architecture, for example, end-to-end visibility feeds the actionable intelligence used to optimize path selection to provide the best digital experience anywhere at any time. Reliable connectivity is foundational to securely connecting people and things in a SASE architecture. If connectivity is poor, the secure access experience will be degraded.

Even before an SD-WAN or a converged SASE architecture with security service edge (SSE) is rolled out, organizations can use end-to-end visibility to evaluate, compare, and optimize the network experience before and after adoption of these architectures. The performance of individual providers in different locations that each form part of a digital supply chain can be proactively tested and benchmarked, with the results used to make more informed vendor selections to ensure the delivery of always-on digital experiences.

Gaining visibility into every connection

A European airline transitioned its network infrastructure from MPLS to SD-WAN, moving many applications and services to the cloud. The company needed to make sure that services met agreed-upon service level agreements (SLAs). To do so, the IT department deployed end-to-end visibility, specifically to monitor and enhance the digital experiences of customers and employees. With this solution in place, the airline can now measure connection latency and other factors—with a specific focus on connections between its data center and the cloud provider, Amazon Web Services. They can continually monitor and prioritize network experiences by accelerating incident response times, introduce more proactive maintenance, and enjoy greater cost efficiency through streamlined troubleshooting.

RichRelevance, a customer experience personalization provider for 250 global retailers, reduced its outages by 88% and shrunk outage windows from an average of four hours to 30 minutes, all thanks to end-to-end visibility. IT service management software company ServiceNow identified network issues 95% faster for their customers with visibility across all network layers that focused on the application experience.

Enabling quality digital experiences through a networking platform approach

Cisco is pioneering end-to-end network visibility and driving exceptional experiences through operational simplicity. It’s a cornerstone of our Cisco Networking Cloud long-term vision, a unified management experience platform for on-premises and cloud operating models to reduce IT complexity.

End-to-end visibility relies on compute power to capture and analyze billions of daily measurements in the digital supply chains that comprise today’s enterprise networks (see Figure 2). It is a powerful and indispensable feature that helps organizations maintain top-quality digital experiences and move from reactive to preventative and automated operations.

Figure 2. Organizations need to leverage a platform-driven approach that drives end-to-end visibility throughout the digital supply chain (click to enlarge)

Continue reading

Building a transparent Notification Center to Enable Customer Control

Personalization is critical to a guided customer experience. It helps build trust, foster relationships, and enables a deeper connection with customers.

At Cisco, we have been trying to help our customers along each step of their post-sale experience for nearly a decade. And as a key part of that experience, we want our customers to have more control over what communications they receive – a more intentional step towards the right message, right person, right time goal that we are all striving to achieve.

Before we could begin, we took a thorough inventory of what exactly the post-sale experience for customers today looked like.

Evaluating a disconnected customer experience

Over the years, we’ve built several programs where customers could sign up for various post-sale notifications to help guide them on their path to success – but they were fragmented and lacked transparency.

One of the customer pages from the legacy experience

For instance, a customer could access a link via an email where they could enroll or unenroll from a specific Cisco product architecture. There was no way to access the link again if the customer changed their mind after unenrolling. It also was not totally clear to the customer exactly what they were unenrolling from.

Similarly, a customer could enroll in a digital journey from a form on the main website, Cisco.com, but they could not see what else they were subscribed to. There were 6+ programs of this nature that evolved over the years – each designed to help provide the customer more control over their experience, but lacking a critical ingredient – transparency.

Thus, began an initiative to build a Notification Center that was flexible, centralized, and personalized just for what a customer was eligible to receive. One tool for a customer to rule their post-sale experience.

Rooted in research

We built the Notification Center collaboratively with our customer research and design team, evaluating all the different existing programs we had, we defined MVP parameters that would enable us to evolve the data model to support a more cohesive experience. We experimented with design, naming conventions, login experiences and more. Each piece of feedback helped our design team iterate and ultimately finalize the MVP requirements so our Orchestration & Notification team could build out the digital experience.

The research as well as consultation with Forrester served as the foundation and guiding principles as we went through the development process. These principles included:

• Build an experience that fosters trust and respects customer privacy and choices​
• Collect only data we can act on​ – do not collect unnecessary data
• Design scalability and flexibility, between MVP to future platform​s
• Design consistency ​
• Configurable UI that can be personalized based off of customer eligibility for products and services
• Flexible data model that can handle changing products and services
• Strict adherence to Cisco data security and privacy standards

The new interface replaces two of our previous data collection customer experiences that were linked in our emails. Now customers have full access to:

• View all subscriptions associated with their email
• Activate/Inactivate subscriptions for Renewals, Services, and Adopt Emails at the Use Case or Solution level
• Continue to nominate contacts for respective subscriptions
• Provide feedback on the experience directly to the experience design team

This new system supports all of our critical integrations with Snowflake, Salesforce Marketing Cloud (SFMC), Cisco Single Sign On, and it can be integrated across other channels as well.

Implementation Changes

This new approach to subscription management not only transformed the front-end customer experience, but it also changed the granularity of data we were collecting. To enable it, we designed an entirely new back-end process to support the front-end application. We also had to make some significant changes to the data model and our custom activities in SFMC.

The new experience design

• The Notification Center UI, built on an SFMC Cloud Page, is supported by a Python-based Flask API, acting as an intermediary connecting the front-end with the backend database.
• We made the strategic decision to use PostgreSQL as our backend database, hosted on Google Cloud Platform’s Cloud SQL instance, to replace SFMC’s native Data Extension for storing customer choices and Custom Activity log data. We chose this because of the advanced data capabilities, indexing options, ACID compliance for data integrity, trigger support, and scalability.
• The database shift significantly reduced our reliance on SFMC as a database. This change decreased the overall number of SFMC API calls from 18 to 13 and increased the Custom Activity processing efficiency from 52 to 70 requests per second while concurrently reducing latency from 60 seconds to approximately 13 seconds.
• Digital journeys executed through SFMC previously had Cisco product architecture level entry criteria, meaning customers qualified for journeys if they bought a particular product. With the introduction of Notification Center data, we are mapping at the use case level, so we can build our journey segments based on the particular reason a customer bought a product. This transition has increased the granularity of our data while enabling a more personalized customer experience.
• Additionally, we enabled a daily sync between the Notification Center customer database and Enterprise Use Case Eligibility data to ensure Notification Center UI displays content in accordance with each customer’s eligibility criteria for a specific use case.

Source: cisco.com

Continue reading

New bundles make it easy to start your Cisco Full-Stack Observability journey

In the last few months, Cisco has launched a lot of new capabilities around Cisco Full-Stack Observability (Cisco FSO) that activate important use cases around observability.

Cisco Full-Stack Observability Innovations

It started  with the launch of application security for hybrid applications with business risk observability  back in January, that brings business context to Cisco’s application security solution. The business risk score enables your security and application teams to have expanded threat visibility and intelligent business risk prioritization to respond instantly to revenue-impacting security risks and reduce overall organizational risk profiles.

Then in May, Cisco launched a pre-built, bi-directional integration of Cisco AppDynamics and Cisco ThousandEyes that activated customer digital experience monitoring and application dependency monitoring. These use cases bring application observability and network intelligence data together and help in reducing friction between AppOps and NetOps team. They provide end-to-end insights among application, network, and data teams. They optimize joint operations for triage and troubleshooting application issues while helping teams understand how applications, network and multi-cloud environments affect digital user experience.

Most recently in June, Cisco announced the general availability of an open, extensible and API-driven platform, called Cisco FSO Platform. It is focused on OpenTelemetry and anchored on metrics, events, logs, and traces (MELT). It provides AI/ML driven analytics  so that you can do dynamic baselining, anomaly detection, root cause analysis and prioritization. You can build custom use cases based on your needs and create an observability ecosystem that will help you to deliver relevant and impactful business insights. Using the platform, Cisco has activated cost and resource optimization use cases that can help you to understand your cloud spend and how you can optimize your workloads and reduce costs.

Last month, Cisco has extended application security and business risk observability to cloud native application environments. With all these new innovations, you can now observe, secure and optimize applications and create custom observability use cases  using Cisco Full-Stack Observability solutions.

Cisco Full-Stack Observability Bundles

With all these new capabilities, we are also simplifying how you can buy our solutions. Instead of buying separate software licenses for Cisco AppDynamics, Cisco ThousandEyes and Cisco Secure Application individually, you can buy Cisco Full-Stack Observability bundles to solve multiple use cases. We provide discounts for buying these bundles. And attaching Cisco services to these bundles increases your overall discount.

Cisco Full-Stack Observability bundles

FSO Essentials Bundle

Observe, secure and extend your observability by bringing together application performance and security data. This bundles together the following use cases:

◉ Hybrid Application Monitoring

◉ Modern Application Monitoring

◉ Application Security

◉ Extend observability with custom use cases on Cisco FSO Platform

FSO Advantage Bundle

Observe, secure and extend your observability by bringing together application performance, network intelligence and security data. This bundles together all the use cases in Essentials with the following additional use cases:

◉ Customer Digital Experience Monitoring

◉ Application Dependency Monitoring

FSO Premier Bundle

Observe, secure, optimize and extend your observability by bringing together application performance and cost, network intelligence and security data. This bundles together all the use cases in Advantage with the following additional use cases:

◉ Hybrid Cost Optimization

◉ Application Resource Optimization

Accelerate business outcomes with Cisco Services

With Cisco Full-Stack Observability capabilities, you may be wondering how to implement such a powerful solution. You don’t have to do it alone. To help you accelerate your outcomes, Cisco CX delivers the expertise and guidance to help you best leverage your existing monitoring and observability tools with Cisco Full-Stack Observability to remove blind spots, move beyond siloed domain monitoring, and take advantage of full stack visibility, insights, and actions. Through a variety of service offerings such as the , we can help you innovate at each step of your full-stack observability transformation journey. And by showcasing results through real-world use cases, you’ll see how Cisco FSO services and the value of CX expertise can help you confidently and continuously transform and optimize the application experience for your customers and employees, anywhere.

Source: cisco.com

Continue reading

Driving a Successful Sustainability Agenda – A Deep Dive into a Holistic Approach

Driving a sustainability strategy comes with incredible complexity and a spectrum of expectations. With the stakes being as high as it gets – the preservation of our planet – this is one we need to get right. The question is: HOW?

In Cisco CX we have designed a coherent and holistic framework to help you synergize different aspects of sustainability into a unified strategy. This enables a strategic alignment between sustainability & business goals, and a comprehensive stakeholder engagement – integrating Environmental, Social, and Governance (ESG) metrics into business performance indicators and optimizing the allocation of resources.

Importantly, our framework recognizes the inherent diversity among stakeholders and their varying priorities and value drivers in the realm of sustainability. It can be a common scenario where initiatives aimed at sustainability are often confined within silos, resulting in different parts of the organization operating at different maturity levels.

By acknowledging this reality, our framework helps organizations align their capabilities and benchmark themselves against industry leaders. This entails a comprehensive approach that takes into account the distinct perspectives and objectives of different stakeholders. By integrating their efforts and fostering collaboration across departments, organizations can bridge the gaps in maturity levels and ensure a more cohesive and holistic approach toward sustainability.

Moreover, this integrated approach promotes a more unified organizational culture, where sustainability becomes an intrinsic part of the overall business strategy.

In part 1 of this 2-part blog series, I want to share with you our signature approach, developed by Cisco CX to drive a successful sustainability agenda.

Six Dimensions to driving a holistic approach to sustainability

We take a structured approach in assessing the technology maturity across six key dimensions: Strategy, Governance, Execution, IT for Sustainability, Sustainable IT, and ESG Data Management. By evaluating each dimension, we help our customers gain valuable insights into their current state, identify areas for improvement, and translate them – leveraging our expertise – into a roadmap.

• Strategy: Focuses on evaluating your approach to sustainability within your overall business strategy. It assesses how effectively sustainability goals are aligned with your vision and mission. This also considers the level of integration of sustainability into strategic decision-making processes and the establishment of clear objectives and targets.
• Governance: Examines your governance structure and processes regarding sustainability. It evaluates the presence of dedicated sustainability governance bodies, the level of senior leadership involvement, and the effectiveness of oversight mechanisms. This dimension also takes into account the organization’s commitment to transparency, accountability, and risk management related to sustainability initiatives.
• Execution: Assesses your ability to translate your sustainability strategy into action. It evaluates the presence of well-defined implementation plans, the allocation and skills of resources, and the engagement of relevant stakeholders. This also examines your capability to drive change, implement more sustainable practices, and monitor progress effectively.
• IT for sustainable business: Focuses on your utilization of technology to support sustainability initiatives. It assesses the integration of sustainability considerations into IT strategy and the use of technology solutions to optimize resource consumption, reduce environmental impact, and enhance operational efficiency. This also examines your capability to leverage emerging technologies for sustainable innovation.
• Sustainable IT: Evaluates your internal IT infrastructure and operations with a sustainability lens. It assesses your efforts to minimize energy consumption, reduce e-waste, and adopt environmentally friendly practices in IT procurement and asset management. This also considers your commitment to sustainability-related IT standards and certifications.
• ESG data management: Focuses on your ability to collect, analyze, and report ESG-related data. It assesses the quality, accuracy, and completeness of data collection processes, as well as your capability to derive meaningful insights from the data. This also evaluates your transparency and reliability in reporting ESG performance to stakeholders.

Focus on Measurable Outcomes: Turning Data into Action for Progress on Sustainability

In Cisco CX we love turning data into actionable insights.

It’s time for organizations to move beyond data collection and analysis and focus on translating those insights into tangible actions and committing to implementing practices designed with sustainability in mind. Energy management offers a great example; Access to data allows us to evaluate consumption, optimize usage, implement energy-efficient technologies, and explore renewable energy sources. Taking action can result in reducing emissions, reducing costs, and improving operational efficiency.

Let’s not forget, that measurable outcomes play a vital role in progressing the sustainability agenda; we all need to set quantifiable goals, track progress, monitor performance, identify gaps, and take corrective actions as needed. In other words, we need to be able to report on our progress and milestones transparently. Not only to be accountable and build trust but also to benchmark our performance against industry peers and further improve.

Be more sustainable with Cisco CX

Leveraging our years of experience, Cisco CX’s comprehensive approach to guide you through your sustainability transformation journey can help you achieve measurable outcomes.

Sustainability can be a competitive differentiator in today’s fast-changing business landscape.

Source: cisco.com

Continue reading

When it Comes to Compliance Requirements – Topology Matters!

When I look at the evolution of network security and how IT and security practitioners have protected the network for the last 30 years, I can’t help but notice how traditional network security enforcement points (insert your favorite firewall here) are still used to secure networks and workloads. They have evolved to offer a diverse set of features (i.e., IPS, decryption, application detection) to deeply analyze traffic coming in and out of the network to protect workloads. However, while firewalls are very capable appliances, it has been proven that they are not enough to keep malicious actors at bay, especially if those actors manage to breach the firewall defenses and move laterally in the network. But why is this?

We are in the digital era, where the concept of the perimeter is no longer contained to a location or a network segment. To offset this new reality and provide a more tailored-based policy control for protecting workloads, vendors have moved security closer to the workload.

There are two approaches to do this -, using agent or agentless techniques to build a micro-perimeter around the workloads.

Which approach is the correct one to take? Well, this depends on multiple factors, including organizations, type of application, or team structure. So, let’s start untangling this.

The challenge(s)

The most direct approach to protect applications is to install software agents on every workload and call it a day. Why? Because then every workload has its own micro-perimeter, allowing access to only what is necessary.

However, it is not always possible to install a software agent. Perhaps it is a mainframe application or a legacy operating system that requires fine-grained policies due to a compliance mandate. Or application workloads that are in the cloud and the agent installation is simply not possible due to organizational constraints.

And this is not the only challenge or consideration for choosing your approach. The teams or groups that comprise any company often have different security requirements from each other, leading to the triad challenge: people, processes, and technology.

Let’s start with people (policy owner) and process (policy execution). Usually, each organization has its own set of unique requirements to protect its application workloads, and a defined process to implement those requirements in the policy. To support this, a tool (technology) is required, which must adapt to each organization’s needs and should be capable of defining a common policy across agent and agentless workloads.

To start unwrapping this, you need to ask yourself:

◉ What are we protecting?

◉ Who is the owner of the policies?

◉ How is policy execution done?

As an example:

Say you want to protect a finance application (what) using an agent-based approach (how), and the owner of the policies is the App Team/Workload Team (who). In this scenario, as long as the application doesn’t break and the team can continue to focus on coding, this is generally an acceptable approach. However, when implementing the common policy, the translation from human language to machine language tends to generate extra rules that are not necessarily required. This is a common byproduct of the translation process.

Now, let’s assume that in your organization the protection of a legacy application (what) is tasked to the Network/NetSec team (who) using an agentless enforcement approach with network firewalls (how) because in this case, it is not possible to install software agents due to the unsupported legacy operating system. As in the first example, extra rules are generated. However, in this case, these unnecessary extra rules create negative consequences because of firewall rules auditing requirements for compliance mandates, even though they are part of the common policy.

Topology as the source of truth – pushing only what is required

Cisco Secure Workload has been addressing the people, process, and technology challenges since its inception. The solution embraces both approaches – installing software agents on workloads regardless of form factor (bare-metal, VM, or container) or by using agentless enforcement points such as firewalls. Secure Workload adapts to each organization’s needs by defining the policy, such a zero trust microsegmentation policy, to effectively apply micro-perimeters to application workloads in support of the zero trust approach. All within a single pane of glass.

However, as explained in the example above, we still needed to align our policy to the compliance needs of the Network/NetSec team, only using the policy rules that are required.

To tackle the additional rules challenge, we asked ourselves, “What is the most efficient way to push policies into a network firewall using Secure Workload?”

The answer boiled down to a common concept for Network/NetSec teams – the network topology.

So how does it work?

With Secure Workload, the term topology is intrinsic to the solution. It leverages the topology concept using a construct named “Scopes”, which are totally infrastructure agnostic, as shown in Figure 1.

It allows you to create a topology tree in Secure Workload based on context, where you can group your applications and define your policy by using human intent. For example, “Production cannot talk to Non-Production” and apply the policy following the topology hierarchy.

The Scope Tree is the topology of your application workloads within the organization, but the key is that it can be shaped for different departments or organizational needs and adapted to each team’s security requirements.

The concept of mapping a workload Scope to a network firewall is called “Topology Awareness.”

Topology Awareness enables the Network/NetSec teams to map a particular Scope to a specific firewall in the network topology, so only the relevant set of policies for a given application is pushed to the firewall.

So, what does this execution look like? With the Scope mapping achieved, Secure Workload pushes the relevant policy to the Cisco Secure Firewall by way of its management platform, Secure Firewall Management Center (FMC). To maintain compliance, only the required policy rules are sent to FMC, avoiding the extra unnecessary rules because of Topology Awareness. An example of this is shown in Figure 2:

Key takeaways

Operationalizing a zero trust microsegmentation strategy is not trivial, but Secure Workload has a proven track record of making this a practical reality by adapting to the needs of each persona such as Network/NetSec admins, Workload/Apps owners, Cloud Architects, and Cloud-Native engineers – all from one solution.

With topology awareness, you can:

◉ Meet compliance and audit requirements for firewall rules

◉ Protect and leverage your current investment in network firewalls

◉ Operationalize your zero trust microsegmentation strategy using both agent and agentless approaches

Source: cisco.com

Continue reading

Cisco Contact Center Delivering Visibility to Improve the Banking Experience

“If you don’t know what’s happening, you don’t know what’s happening” is powerful statement about the missing knowledge that can complete an ideal banking customer experience. It is a reminder of the critical role the contact center plays in the evolution of digital channels and modern cross-channel customer journeys in the financial services space. This is especially true in banking where the adaptability of contact centers ensured the continuity of financial services for consumers and small businesses in the early months of the Covid-19 pandemic.

Customer feedback

I realized a few weeks earlier that I was in the ‘you don’t know what’s happening’ camp after participating in BAI’s 2023 Banking Contact Center Executive Roundtable, sponsored by Cisco. Since 1924, BAI has helped financial services leaders prepare for what’s next through thought-leadership, training, business intelligence, and collaborative engagement including executive roundtables. This two day event was a great opportunity for me to learn from industry practitioners and I was particularly interested to hear how banking contact centers were supporting the increasing cross-channel customer journeys that result from ongoing digitization in financial services.

Listening to contact center leaders representing ten regional and super-regional banks raised my awareness of the unique value of contact centers, their challenges, and the ability of these leaders to manage what is possibly the most dynamic workforce and technology environment inside a bank.

‘Customer experience correlates with agent experience’ was a recurring theme throughout the roundtable, reflecting the importance of agent onboarding and training and the increasing significance of agent technology. The frequency and breadth of customer interaction often results in agents developing institutional knowledge faster than new bankers, but agent workloads also lead to high turnover. Leveraging technology to optimize agent workloads and providing advancement opportunities into other bank sales and service roles helps improve execution, talent retention, and growth. Notably, the roundtable institutions were satisfied with their ability to measure agent productivity whether agents primarily worked from home or are back in the office.

Contact center leaders are looking to take advantage of the next generation of self-service capabilities such as intelligent IVR’s, chatbots, and virtual agents to optimize customer experience, agent workload, and interaction costs.

Throughout the discussions, leaders highlighted the need for continued efforts and investments to reduce operational complexity, drive efficiency, and elevate the agent experience. The shared experience among these contact center leaders is that a world-class customer experience requires a world-class agent experience. To achieve this, a few north star objectives were identified:

• Streamlining the agent desktop – fewer discrete apps and better app data integration
• Extracting intelligent insights from full visibility of cross-channel customer journeys
• Providing agents with the best guidance and options in real-time
• Utilizing best-in-class workforce management and automation

Cisco expertise

The group also heard from my colleague Jono Luk – VP, Product Management for Webex who shared his knowledge about technology advances in contact center solutions that address these needs, notably the advantages of a unified CX platform, the flexibility of the cloud, and the power of AI across a broad scope of opportunities.

Jono highlighted the capabilities that agents need in order to support banking customer journeys that are increasingly personalized, cross-channel, and almost certainly involve the contact center at some point in the journey.

The banking industry, and safe to say most of financial services, currently have limited visibility of a customer’s journey prior to reaching a contact center agent. Part of the challenge is the need for more capable contact center platforms and continuing to consolidate the number of applications on the agent desktop.

Webex by Cisco

But it’s also clear the banking industry must continue to improve collaboration between LOB’s and the contact center to create awareness of the importance for holistic journey insights and to accelerate investment. Responsibility for the primary contact center is now with the Retail LOB, but many leaders cited the need for better coordination. Jono shared Cisco’s perspective on the benefits of a unified CX platform built specifically to support connected customer journeys across a customer lifecycle.

Webex by Cisco is designed for exactly that – a suite of integrated cloud-native capabilities that support a broader range of interactions (calling, video, messaging, SMS, Social, and more), with advanced AI functionality, business workflow integrations, mobile app integrations, and a robust contact center with a composable agent interface.

Financial institutions often have several contact centers supporting different LOB’s such as Credit Card, Wealth Management, and Mortgage, or even internal functions like the help desk. In my experience, it’s not that uncommon to find teams that still use spreadsheets to manage inbound and outbound calling. These represent good opportunities for institutions to quickly discover the transformative capabilities of a unified CX platform like Webex and to understand it’s potential for primary banking contact centers.

This year due to the ever increasing importance of contact centers in supporting cross-channel customer journeys we added it as a use case in the Cisco Portfolio Explorer for Financial Services. We annually review the use cases in it to make sure we are providing the latest trends and focuses we are hearing from our clients. As you have read the contact center is where it is at deliver exceptional client service and engaged and informative employees.

Source: cisco.com

Continue reading