Cisco IT reworked safety for its world workforce by partnering with product and engineering groups to design and deploy Cisco Safe Entry internally. As buyer zero, Cisco IT helped enhance the product for each our enterprise and our clients to ship simplified operations, sturdy safety, and a seamless consumer expertise empowering staff and setting a blueprint for the way forward for zero belief and safe, versatile work.
Because the crew accountable for securing Cisco’s world community and workforce, Cisco IT faces a singular problem: securing a hyper-distributed surroundings for 130,000 and contractors, a sprawling ecosystem of units, purposes, and connectivity strategies.
For years, we tackled this problem with our custom-built answer, “CloudPort.” It was our try and create a single-tenant Safe Entry Service Edge (SASE), a regional hub for networking and safety. Whereas CloudPort delivered vital advantages, it turned clear that sustaining and evolving this bespoke structure was consuming vital assets. Sources we wanted to concentrate on driving innovation and strategic initiatives.
Like many organizations, we confronted the problem of doing extra with much less. Somewhat than persevering with to take a position useful time and assets into constructing, sustaining, automating, and integrating our personal platform and instruments, we made a strategic resolution to shift in direction of a SASE/SSE method. The transition would permit our groups to concentrate on what actually issues—addressing rising safety threats, notably these associated to the usage of AI.
A deliberate and strategic method
Our timing was perfect, as Cisco was starting to launch initiatives to develop a completely new SASE/SSE answer. Our crew strongly believed that Cisco might construct a extra trendy, clever safety platform that actually addresses the complicated challenges of right now’s distributed workforce. Challenges like:
- Consumer friction: Customers typically confronted inconsistent connectivity experiences, notably with VPNs that required thought round how to connect with the community somewhat than the method being clear. This launched pointless complexity with detrimental impacts on consumer productiveness. The UX was dated and wanted to be modernized to deal with the wants of our workforce.
- IT overhead: Sustaining and integrating our current safety infrastructure consumed vital engineer time, diverting assets from strategic initiatives.
- Fragmented safety: Our safety enforcement mechanisms spanned a number of merchandise, requiring diligent efforts to take care of constant insurance policies and complete visibility. To reinforce effectivity and streamline administration, we acknowledged the worth of adopting a unified method to safety.
- Evolving threats: Rising threats, such because the dangers related to Generative AI, demanded stricter controls and proactive safety measures.
- Hybrid work: Our workforce connects from dwelling, workplaces, and numerous different places, accessing purposes throughout non-public information facilities, public clouds, and SaaS environments. This panorama required an answer that might adapt to numerous environments and connectivity strategies.
- Scale and variety: Managing a worldwide community with an unlimited variety of customers, units, and connectivity choices is inherently complicated.
Gradual and regular wins the race
With full confidence within the imaginative and prescient that might turn into Cisco Safe Entry (CSA), we dedicated to deploying the answer at scale inside our group as an early adopter, proving its readiness earlier than it turned publicly obtainable and fixing for the real-world enterprise issues we confronted in IT.
We already had over 10 years of expertise in constructing and working our personal {custom} answer and provided our experience and distinctive perspective to assist form Safe Entry right into a product that might meet the wants of each our personal group inside Cisco IT and our clients. Our focus was on designing a complete platform that might adapt to the evolving digital panorama and assist future-proof our workplaces for years to come back.
As an alternative of speeding to market, we took our time to determine essentially the most urgent wants. We knew that if it didn’t handle the issues we confronted in Cisco IT, it wouldn’t for our clients both. We wanted to ensure the answer was executed proper and as much as our personal requirements with zero exceptions.
How we helped as Cisco’s first buyer
Our purpose is to all the time be Cisco’s first buyer and assist enhance our merchandise within the early phases, earlier than they go to market. We spent a 12 months creating and perfecting the product earlier than our personal inside deployment, and we’re proud to report that we’ve got virtually 100 characteristic enhancements submitted up to now which have helped optimize the product for not solely ourselves, however our clients as properly. Our “Buyer Zero” technique is prime to the journey of delivering the very best merchandise which are straightforward for each our enterprise and clients to undertake.
We began with small Proof of Ideas, testing totally different applied sciences, gaining confidence, and dealing carefully with the product and engineering groups to make sure the product shipped was the very best high quality. The groups constructing the product had been the primary to check it, giving them firsthand expertise with each the product’s high quality and the outcomes of their very own work.
The result’s a cloud-delivered answer that consolidates a number of safety features right into a unified platform. This method allowed us to:
- Simplify IT operations and safety administration
- Scale back the operational complexity of disparate elements
- Present a constant and clear consumer expertise
- Implement extra sturdy safety controls
Delivering a constructive expertise for Cisco staff
Our preliminary part of internally adopting Safe Entry took six months — with minimal disruption to customers. Whereas we might have accelerated the migration, we prioritized high quality and consumer expertise over pace. Guaranteeing a virtually seamless transition for our inside IT purchasers was important in demonstrating to our clients that they can also migrate with confidence.
You must crawl earlier than you possibly can stroll, and stroll earlier than you possibly can run. Our method adopted this sentiment:
Part 1: Crawl (VPN Migration)
Our first part centered on migrating VPN providers to Safe Entry. This part was strategic, addressing two essential targets:
- Changing growing older VPN infrastructure
- Fixing for consumer friction whereas enhancing safety
By simplifying the connection expertise for customers and enabling sooner situation decision by means of unified information, we decreased consumer friction. On the similar time, we enhanced safety by effectively proscribing entry from high-risk places, implementing extra environment friendly coverage, and gaining highly effective safety telemetry.
As well as, we simplify the lives of IT operators and Safety Analysts with:
- AI Assistant: The AI Assistant offers steerage in establishing Cisco Safe Entry and helps troubleshoot entry points to personal purposes.
- ThousandEyes: Digital Expertise Monitoring (DEM) capabilities proactively measure UX and efficiency from the consumer endpoints to CSA and demanding purposes to supply insights into potential points.
- Splunk: Telemetry information from CSA is fed into Splunk for fast entry to pre-built dashboards permitting for in-depth root trigger evaluation.
We will now leverage AI-powered capabilities to proactively detect and resolve points — typically earlier than customers also have a probability to open a ticket.
Part 2: Stroll (Proxy and Zero Belief)
The second part is targeted on accelerating our zero belief journey and mitigating dangers related to GenAI utilization. Over the subsequent three months, we plan to deploy these capabilities pervasively throughout the whole workforce. This part facilities round three key elements:
- DNS: Performing a full migration from Cisco Umbrella to Cisco Safe Entry to simplify and unify safety coverage.
- GenAI Threat Mitigation: Implementing AI Entry controls to guard in opposition to the dangers of utilizing third celebration GenAI Functions. With higher visibility into what AI Apps are getting used and the dangers related to them, we are able to inform our customers and forestall publicity of delicate information utilizing Information Loss Prevention capabilities.
- Zero Belief: Enabling the vast majority of purposes for Zero Belief Entry, with each consumer and browser-based controls, to implement constant least privilege entry from wherever.
Part 3: Run (Unified Coverage and Enterprise Worth)
On this part, we’re shifting our focus from simply customers to additionally securing units and issues, integrating our SD-WAN workplaces with Cisco Safe Entry to ship unified zero belief throughout the surroundings. We’ll proceed to leverage ongoing product improvements to quickly handle and adapt to rising safety threats.
Our final purpose is to advance our zero belief imaginative and prescient by means of unified coverage administration throughout Cisco’s Hybrid Mesh Firewall, driving even higher safety and enterprise worth for ourselves and our IT purchasers.
Reaping the rewards of Cisco Safe Entry
Sipping our personal champagne has by no means tasted sweeter. What beforehand required complicated, multi-step processes can now be achieved in only a few clicks. With Safe Entry, we now have a single pane of glass for configuration and administration.
Not solely that, however by consolidating safety providers, we’ve decreased potential safety gaps and improved our capability to implement constant insurance policies throughout the enterprise and mitigate potential AI-related safety dangers.
And at last, our staff can now get pleasure from a constant connection expertise, whether or not they’re within the workplace, at dwelling, or working from a espresso store. And there’s a lot extra to come back.
Classes realized alongside the way in which
Our journey with Safe Entry has been a rewarding studying expertise. Alongside the way in which, we’ve gained useful insights which have strengthened our method and contributed to our ongoing success:
- Cross-functional collaboration is essential: The adoption of Cisco Safe Entry has established nearer relationships with many groups throughout IT and Safety. By carefully working collectively in direction of a standard purpose, we obtain higher outcomes.
- Government sponsorship is crucial: Securing govt help is essential for driving prioritization, funding, and alignment throughout groups.
- Consumer expertise issues: Prioritizing consumer expertise is essential for adoption and satisfaction.
- A phased rollout minimizes disruption: A gradual, iterative method permits us to deal with challenges and guarantee a clean transition.
- Modernizing insurance policies is a should: We have to reimagine our safety insurance policies to take full benefit of the Cisco platform and product capabilities, one thing we’ve efficiently exemplified with Safe Entry.
Powering the way forward for zero belief
Safe Entry is the cornerstone of our zero belief technique, serving as a complete, built-in safety answer that goes past conventional entry strategies. It’s not a single instrument, however a complete ecosystem of safety providers delivered from the cloud.
Our adoption of Cisco Safe Entry is a testomony to our dedication to offering a safe, seamless, and modern IT surroundings for our staff and clients alike. By persevering with to evolve and improve our zero belief technique, we’re empowering our workforce to be extra productive, collaborative, and safe — no matter the place they work.
We’re enthusiastic about each the long run and potential of Safe Entry to rework our safety posture and allow new and thrilling use instances, like AI-driven safety insurance policies and real-time information loss prevention. We consider that Safe Entry is a strategic enabler, and a key part of our imaginative and prescient for a future-proofed office.
We’re assured that our journey with Safe Entry won’t solely profit Cisco IT, but additionally function a useful blueprint for different organizations in search of to bolster their very own zero belief methods.
To study extra, learn the case research (hyperlink to come back,) discover our journey (hyperlink to come back,) and take a look at this session from CLEMEA 2025.
To study extra, learn the case research, discover our journey, and take a look at this session from CLEMEA 2025.
Discover extra Cisco on Cisco blogs right here
