Cisco Security GM: Embracing Consumerization Is Smarter Than Fighting It

This was one of the main themes that Tom Gillis, general manager of Cisco's security technology business unit, explored in a Tuesday session at the GigaOM Mobilize conference in San Francisco. The good news, according to Gillis, is that virtualization has emerged as a great way to tackle the security challenges that the consumerization of IT brings.

"When you're decoupling security from physical infrastructure, you can actually deliver better security," Gillis said in a conversation with Quentin Hardy, deputy technology editor for the New York Times. "With virtualization, we can now lift up the applications and OS and examine how they're behaving. That is incredibly powerful."

An early pioneer of the bring-your-own-device mindset, Cisco began allowing its employees to choose and use their own consumer mobile devices several years ago. Over time, Gillis said, Cisco has come to realize that embracing the consumerization trend is more rational than fighting it, even though doing so brings greater security risks.

"One lesson we've learned is that you can create a better overall security solution by embracing these technologies, because people are going to use them anyway," Gillis said at the event. "Security is very difficult to add later on, so you need to be proactive."

Cisco's BYOD program, which includes 10,000 Mac users, has reduced costs by 25 percent and led to a 200 percent rise in end user satisfaction, Gillis said. He attributes the program's success to the fact that "people want freedom of choice and the flexibility to choose the right tool for the right job."

However, Gillis said Cisco, like all IT vendors, needs to continue to rethink security and the network technology underneath, particularly in light of the risks created by mobile device users, contractors, joint ventures and other transient users of the network.

"We can't repackage the firewall, we need to re-imagine it," Gillis said. "That’s a challenge, because you have to have the courage to break piece of that off and try something new and different."

Gillis said this is a long term shift will play out over the course of the next five to ten years, but Cisco also sees opportunities for near-term innovation. For example, Cisco is working on security solutions that can understand both physical and virtual boundaries, regardless of the infrastructure underneath, he said.

In terms of investment, consumerization of the endpoint and virtualization of data center infrastructure are two key drivers at the moment, Gillis said. "The notion of a secure container that's independent of infrastructure is common," he said. "This gives you ability to wrap the container around data than can run on the end point or on server in the data center."

The problem is, where does the secure container reside in a network with ever-blurring boundaries? In Cisco's view, security in the future will need to be built into the fabric of the network itself, according to Gillis.

Still, Gillis acknowledged that many of the challenges of this approach remained unsolved.

"When you have security with containerization, you need to preserve the user experience, and no one has solved that problem yet," he said. "That will be solved within 24 months, but there are significant pieces missing."