Company: Cisco Systems, San Jose, CA
Company Description: Cisco is the worldwide leader in IT, helping companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. At Cisco, an integral part of our DNA is creating long-lasting partnerships with customers, employees, investors and ecosystem partners, helping them succeed in transforming how people connect, communicate and collaborate.
Nomination Category: New Product & Service Categories - Business Technology
Nomination Sub Category: Infrastructure as a Service
 Nomination Title: Cisco Systems Passwordless VPN
- Which will you submit for your nomination in this category, a video of up to five (5) minutes in length about the nominated new or new-version product or service, OR written answers to the questions for this category? (Choose one):
Written answers to the questions
- If you are submitting a video of up to five (5) minutes in length, provide the URL of the nominated video here, OR attach it to your entry via the "Add Attachments, Videos, or Links to This Entry" link above, through which you may also upload a copy of your video.
- If you are providing written answers for your submission, you must provide an answer to this first question: If this is a brand-new product, state the date on which it was released. If this is a new version of an existing product, state the date on which the update was released:
Initial inception was in June 2022, and full-scale deployment was complate withall legacy optiosn removed by December 2022
- If you are providing written answers for your submission, you must provide an answer to this second question: Describe the features, functions, and benefits of the nominated product or service (up to 350 words):
Total 327 words used.
The events of recent years made most of the industry evolve their thinking in respect to remote-access capabilities for the enterprise network. First, it was not longer a nice-to-have option that just gives flexibility – working remote can and will be mandatory and required due to external forces. Second, while our existing mechanisms may all work – the user experience wasn’t always the best. Third, with more remote work, VPN services are going to be a larger attack vector for malware and cyber threats.
A combined effort spanning Cisco IT & operations formed to solve this problem. Drawing from our Device Experience, Network Services, Identity & Access and Security & Trust organizations, this team delivered on a more secure VPN solution with an improved, passwordless experience.
•What we had was GOOD, but we could do BETTER
•Our combined team set out to achieve a joint resolution that would
•Improve the VPN logon experience, simplifying the time and experience to connect for the end user
•Increase our security posture by differentiating the checks and validation used between network and application access
•Add additional hardware-based checks (that do not impede the first goal of experience and simplicity) to provide more defense characteristics
•Reduce employee churn over userid / password issues, especially at key times such as after the end of year holiday break
And … we wanted to do it all in under 6 months …
Cisco is under constant attack from various external parties; this is not uncommon for many enterprises, but the frequency and aggression does change over time.
After the events in Ukraine, Cisco announced a cessation of business in Russia and Belarus. This prompted an increase of cyber attacks and threats. To continue to keep Cisco safe, we felt like this pivot to a more secure VPN solution was necessary – and we felt like we could improve the user experience simultaneously.
https://www.reuters.com/business/media-telecom/exclusive-cisco-wind-down-business-russia-belarus-2022-06-23/
- If you are providing written answers for your submission, you must provide an answer to this third question: Outline the market performance, critical reception, and customer satisfaction with the product or service to date. State monetary or unit sales figures to date, if possible, and how they compare to expectations or past performance. Provide links to laudatory product or service reviews. Include some customer testimonials, if applicable (up to 350 words):
Total 344 words used.
We believe we achieved all of the goals we set out to do.
- We built, tested and validated a technical solution that gave us additional checks and controls to guarantee network acces was secure. Going from two-factor based on userid / password we now have three active checks
- While it has only been live for a short period of time, we can measure positive impacts in terms of experience and security
Through aggressive communications with our end user community, we drove a 100% move from bring-your-own device to Cisco-managed devices. We tracked this through device management portals and certificate deployments, and can now measure with a high degree of certaintiy the near-real-time status of all end user devices from a security and trust perspective. This is a visibility we didn't fully have before, but now can see and stop threats from unmanged devices very quickly.
The user experience for nominal VPN logons (of which there are approximately 55-60k VPN connections each day at Cisco) has changed from multi step process (click connect; enter userid; enter password; prompt for multi-factor option; respond to multi-factor key / code / sms; accept terms) to essentialy a single step ... click and connect. This can be measured directly in terms of lost time and frustration for those 70k end users, saving on average one minute at each VPN conenction (~55k minutes saved time, each day), plus non-measurable frustration reduction ("I need to join this call, oh crud I have logon first this is going to take forever").
In addition we can see direct reductions in thigns like helpdesk case volumes for password resets on our VPN - these dropped dramatically year-over-year and show the VPN/Password cases reduced by 80% in January 2023 from January 2022.
And while it is not easily measured, the general sentiment on the "IT" mailers from end users is that VPN was a necessary evil that was painful during the early days of the pandemic has now turned into a much easier to use tool, and for many has even become something that just "works" in the background.
- You have the option to answer this final question: Reference any attachments of supporting materials throughout this nomination and how they provide evidence of the claims you have made in this nomination (up to 250 words):
Total 128 words used.
Attached is a PPT with a number of images, links, a high livel timeline and some basic informatoin about the solution.
We're all familiar with two-factor authentication; one key thing with this solution is that we improved user experience AND moved to three separate checks / controls - a certificate, a posture scan in real time on the endpoint and a check w/ the device management system. Another key thing is we changed NETWORK authentication to have these checks and process transparently. We left APPLICATION authentication to remain on user ID / password and multi-factor authentication. We felt this allowed for a consistency of sign-on for application auth paired with an increase of network access control. Easy to manage for end-users, but multiple gates and blocks for any threat actors.
| Attachments/Videos/Links: |
|---|
|
