Cisco IT remodeled safety for its international workforce by partnering with product and engineering groups to design and deploy Cisco Safe Entry internally. As buyer zero, Cisco IT helped enhance the product for each our enterprise and our prospects to ship simplified operations, strong safety, and a seamless consumer expertise empowering staff and setting a blueprint for the way forward for zero belief and safe, versatile work.
Because the crew chargeable for securing Cisco’s international community and workforce, Cisco IT faces a singular problem: securing a hyper-distributed setting for 130,000 and contractors, a sprawling ecosystem of units, purposes, and connectivity strategies.
For years, we tackled this problem with our custom-built resolution, “CloudPort.” It was our try and create a single-tenant Safe Entry Service Edge (SASE), a regional hub for networking and safety. Whereas CloudPort delivered vital advantages, it grew to become clear that sustaining and evolving this bespoke structure was consuming vital assets. Assets we would have liked to give attention to driving innovation and strategic initiatives.
Like many organizations, we confronted the problem of doing extra with much less. Quite than persevering with to speculate helpful time and assets into constructing, sustaining, automating, and integrating our personal platform and instruments, we made a strategic choice to shift in direction of a SASE/SSE method. The transition would permit our groups to give attention to what really issues—addressing rising safety threats, significantly these associated to the usage of AI.
A deliberate and strategic method
Our timing was supreme, as Cisco was starting to launch initiatives to develop a wholly new SASE/SSE resolution. Our crew strongly believed that Cisco might construct a extra trendy, clever safety platform that really addresses the advanced challenges of at the moment’s distributed workforce. Challenges like:
- Consumer friction: Customers usually confronted inconsistent connectivity experiences, significantly with VPNs that required thought round how to connect with the community reasonably than the method being clear. This launched pointless complexity with damaging impacts on consumer productiveness. The UX was dated and wanted to be modernized to handle the wants of our workforce.
- IT overhead: Sustaining and integrating our current safety infrastructure consumed vital engineer time, diverting assets from strategic initiatives.
- Fragmented safety: Our safety enforcement mechanisms spanned a number of merchandise, requiring diligent efforts to take care of constant insurance policies and complete visibility. To reinforce effectivity and streamline administration, we acknowledged the worth of adopting a unified method to safety.
- Evolving threats: Rising threats, such because the dangers related to Generative AIdemanded stricter controls and proactive safety measures.
- Hybrid work: Our workforce connects from house, workplaces, and numerous different places, accessing purposes throughout personal knowledge facilities, public clouds, and SaaS environments. This panorama required an answer that would adapt to various environments and connectivity strategies.
- Scale and variety: Managing a worldwide community with an enormous variety of customers, units, and connectivity choices is inherently advanced.
Sluggish and regular wins the race
With full confidence within the imaginative and prescient that might turn into Cisco Safe Entry (CSA), we dedicated to deploying the answer at scale inside our group as an early adopter, proving its readiness earlier than it grew to become publicly out there and fixing for the real-world enterprise issues we confronted in IT.
We already had over 10 years of expertise in constructing and working our personal {custom} resolution and supplied our experience and distinctive perspective to assist form Safe Entry right into a product that might meet the wants of each our personal group inside Cisco IT and our prospects. Our focus was on designing a complete platform that would adapt to the evolving digital panorama and assist future-proof our workplaces for years to come back.
As a substitute of dashing to market, we took our time to establish probably the most urgent wants. We knew that if it didn’t tackle the issues we confronted in Cisco IT, it wouldn’t for our prospects both. We wanted to verify the answer was completed proper and as much as our personal requirements with zero exceptions.
How we helped as Cisco’s first buyer
Our purpose is to all the time be Cisco’s first buyer and assist enhance our merchandise within the early phases, earlier than they go to market. We spent a yr growing and perfecting the product earlier than our personal inside deployment, and we’re proud to report that now we have virtually 100 function enhancements submitted so far which have helped optimize the product for not solely ourselves, however our prospects as nicely. Our “Buyer Zero” technique is prime to the journey of delivering the absolute best merchandise which are simple for each our enterprise and prospects to undertake.
We began with small Proof of Ideas, testing totally different applied sciences, gaining confidence, and dealing carefully with the product and engineering groups to make sure the product shipped was the very best high quality. The groups constructing the product had been the primary to check it, giving them firsthand expertise with each the product’s high quality and the outcomes of their very own work.
The result’s a cloud-delivered resolution that consolidates a number of safety features right into a unified platform. This method allowed us to:
- Simplify IT operations and safety administration
- Cut back the operational complexity of disparate parts
- Present a constant and clear consumer expertise
- Implement extra strong safety controls
Delivering a optimistic expertise for Cisco staff
Our preliminary part of internally adopting Safe Entry took six months — with minimal disruption to customers. Whereas we might have accelerated the migration, we prioritized high quality and consumer expertise over velocity. Making certain a virtually seamless transition for our inside IT purchasers was important in demonstrating to our prospects that they can also migrate with confidence.
It’s important to crawl earlier than you’ll be able to stroll, and stroll earlier than you’ll be able to run. Our method adopted this sentiment:
Part 1: Crawl (VPN Migration)
Our first part targeted on migrating VPN providers to Safe Entry. This part was strategic, addressing two important goals:
- Changing getting older VPN infrastructure
- Fixing for consumer friction whereas enhancing safety
By simplifying the connection expertise for customers and enabling sooner concern decision via unified knowledge, we lowered consumer friction. On the identical time, we enhanced safety by effectively limiting entry from high-risk places, implementing extra environment friendly coverage, and gaining highly effective safety telemetry.
As well as, we simplify the lives of IT operators and Safety Analysts with:
- You will have Assistant: The AI Assistant offers steerage in establishing Cisco Safe Entry and helps troubleshoot entry points to non-public purposes.
- ThousandEyes: Digital Expertise Monitoring (DEM) capabilities proactively measure UX and efficiency from the consumer endpoints to CSA and demanding purposes to supply insights into potential points.
- Splunk: Telemetry knowledge from CSA is fed into Splunk for fast entry to pre-built dashboards permitting for in-depth root trigger evaluation.
We are able to now leverage AI-powered capabilities to proactively detect and resolve points — usually earlier than customers actually have a likelihood to open a ticket.
Part 2: Stroll (Proxy and Zero Belief)
The second part is concentrated on accelerating our zero belief journey and mitigating dangers related to GenAI utilization. Over the subsequent three months, we plan to deploy these capabilities pervasively throughout your complete workforce. This part facilities round three key parts:
- DNS: Performing a full migration from Cisco Umbrella to Cisco Safe Entry to simplify and unify safety coverage.
- GenAI Threat Mitigation: Implementing AI Entry controls to guard in opposition to the dangers of utilizing third social gathering GenAI Purposes. With higher visibility into what AI Apps are getting used and the dangers related to them, we are able to inform our customers and stop publicity of delicate knowledge utilizing Knowledge Loss Prevention capabilities.
- Zero Belief: Enabling the vast majority of purposes for Zero Belief Entry, with each consumer and browser-based controls, to implement constant least privilege entry from wherever.
Part 3: Run (Unified Coverage and Enterprise Worth)
On this part, we’re shifting our focus from simply customers to additionally securing units and issues, integrating our SD-WAN workplaces with Cisco Safe Entry to ship unified zero belief throughout the setting. We’ll proceed to leverage ongoing product improvements to quickly tackle and adapt to rising safety threats.
Our final purpose is to advance our zero belief imaginative and prescient via unified coverage administration throughout Cisco’s Hybrid Mesh Firewall, driving even higher safety and enterprise worth for ourselves and our IT purchasers.
Reaping the rewards of Cisco Safe Entry
Sipping our personal champagne has by no means tasted sweeter. What beforehand required advanced, multi-step processes can now be completed in only a few clicks. With Safe Entry, we now have a single pane of glass for configuration and administration.
Not solely that, however by consolidating safety providers, we’ve lowered potential safety gaps and improved our capacity to implement constant insurance policies throughout the enterprise and mitigate potential AI-related safety dangers.
And eventually, our staff can now take pleasure in a constant connection expertise, whether or not they’re within the workplace, at house, or working from a espresso store. And there’s a lot extra to come back.
Classes discovered alongside the best way
Our journey with Safe Entry has been a rewarding studying expertise. Alongside the best way, we’ve gained helpful insights which have strengthened our method and contributed to our ongoing success:
- Cross-functional collaboration is vital: The adoption of Cisco Safe Entry has established nearer relationships with many groups throughout IT and Safety. By carefully working collectively in direction of a typical purpose, we obtain higher outcomes.
- Govt sponsorship is crucial: Securing government assist is essential for driving prioritization, funding, and alignment throughout groups.
- Consumer expertise issues: Prioritizing consumer expertise is important for adoption and satisfaction.
- A phased rollout minimizes disruption: A gradual, iterative method permits us to handle challenges and guarantee a easy transition.
- Modernizing insurance policies is a should: We have to reimagine our safety insurance policies to take full benefit of the Cisco platform and product capabilities, one thing we’ve efficiently exemplified with Safe Entry.
Powering the way forward for zero belief
Safe Entry is the cornerstone of our zero belief technique, serving as a complete, built-in safety resolution that goes past conventional entry strategies. It’s not a single instrument, however a complete ecosystem of safety providers delivered from the cloud.
Our adoption of Cisco Safe Entry is a testomony to our dedication to offering a safe, seamless, and modern IT setting for our staff and prospects alike. By persevering with to evolve and improve our zero belief technique, we’re empowering our workforce to be extra productive, collaborative, and safe — no matter the place they work.
We’re enthusiastic about each the longer term and potential of Safe Entry to remodel our safety posture and allow new and thrilling use circumstances, like AI-driven safety insurance policies and real-time knowledge loss prevention. We consider that Safe Entry is a strategic enabler, and a key part of our imaginative and prescient for a future-proofed office.
We’re assured that our journey with Safe Entry won’t solely profit Cisco IT, but additionally function a helpful blueprint for different organizations in search of to bolster their very own zero belief methods.
To study extra, learn the case examine (hyperlink to come back,) discover our journey (hyperlink to come back,) and take a look at this session from CLEMEA 2025.
To study extra, learn the case examine, discover our journeyand take a look at this session from CLEMEA 2025.
Discover extra Cisco on Cisco blogs right here
