Gartner predicts that by 2023, over 60% of enterprises will consider networking as a core to their digital strategies, up from less than 20% today⁽¹⁾. As organizations embrace digital technologies like cloud, mobile, and analytics to innovate faster and become more agile, one key metric sits clearly in their sights: user experience. Going beyond digitalization to digital transformation by setting up strategic goals – largely driven by the demands of the user experience – is where organizations are able to fundamentally transform their businesses to gain competitive advantages in their markets.

Since almost all of the digital technologies are inherently network-centric in nature, the network is deemed as the strategic enabler for these digital initiatives. The fast pace and unpredictability of a business environment requires networks to adapt quickly and support the speed of business without impeding successful digital transformations.

Businesses must transform their networks to handle a massive, ever-growing number of users, devices, and applications and be able to tackle all sorts of connectivity and security challenges. They can drive their business priorities and enrich the customer experiences, only by harnessing the power and value of their networks. Hence, digital transformation is spurring the adoption of new network platforms or in other words, network transformation.

The network challenges and trends dictate the need for a new network architecture - an architecture that not only supports optimizing connectivity of each user to multicloud but can seamlessly and securely onboard an increasingly diverse set of devices and applications.

It’s time to re-invent the access network!

Cisco Secure Access is an evolved blueprint for a new network connectivity. As an intent-based networking architecture, it delivers a consistent connection experience for users and their devices to the right data and applications anywhere, anytime. It also ensures reliable and secure access between workloads wherever they reside (Figure 1).

By automating and unifying the access management policy for all switch and wireless products and by constantly analyzing the network data, it (Cisco Secure Access) makes sure the network is supporting the desired business objectives. It’s designed to bring better reliability, agility and security and is capable of supporting and managing more users and devices, no matter where they might be.

The enabling networking products of this architecture extend to every Cisco switch and wireless solution such as Cisco Catalysts switches, access points and controllers. Cisco’s security solutions are built-in into network products. The integration allows security applications and the network to work together to reduce time to prevent, detect, and mitigate threats.

Cisco Tetration and Cisco Cloudlock for cloud environments are security applications purpose-built to serve specific network domains, while others expand across multiple domains and can be triggered based on specific customer use case.For example, Stealthwatch can detect threats across the private network, public cloud, and hybrid environment, while Cisco Advanced Malware Protection (AMP) prevents breaches, detects and removes malware from endpoints as well as networks.

This seamless and secure connectivity (or access) experience must span across and between each network domain – branch, campus, remote, datacenter and multicloud. That means each network domain serves as a unique secure access solution (Figure 2):

What bonds these networking domains together is a shared access policy management that allows domains – while functioning independently – to join forces with each other to achieve the collective business intent. You can define a policy once, apply it everywhere, and monitor it systematically to ensure it is realizing its business intent⁽²⁾. This access policy follows the users and workloads, no matter where they are and where they go.

By coupling powerful policy automation and analytics network orchestration through Cisco software with a complete array of next-generation switches, access points and controllers for the campus, Cisco Secure Network Access helps IT securely onboards and segments everyone and everything that comes on the networks, leading to new levels of enterprise productivity and user experience.

The fundamentals of our secure network access solutions are anchored in four architectural principles and design points:

Architectural Components

As its name indicates, the building blocks of Cisco Secure Network Access consists of two functional layers: network and security (Figure 4).

A complete set of Cisco Catalyst portfolios Cisco Catalyst 9000 switches and Cisco Catalyst 9100 access points is the primary infrastructure for this solution. Cisco Catalyst 9000 switches are the next generation of enterprise-class switches built for security, IoT, mobility and multicloud. These switches are optimized to handle traffic for Wi-Fi 6 and support full programmability and serviceability as well as convergence between wired and wireless over a single platform.

The Cisco Catalyst 9100 access points powered by Wi-Fi 6 technology and supporting Cisco's intent-based networking architecture are ready for the growing user expectations, IoT devices and next gen cloud-driven applications. With the ability to handle the increased mobile traffic as well as support IoT at scale, Cisco's Wi-Fi 6 access points have superior RF innovations and will expand wireless access with intelligence to provide a secure, reliable high-quality wireless experience for all networks. Besides Wi-Fi 6 capabilities, Cisco Catalyst 9100 extends the power of intent-based networking with hardware and software innovations, with advanced analytics and multi-RF (Wi-Fi, BLE and Zigbee) support. Along with a better industrial design, they offer improved RF performance, and deliver reliability, security, and intelligence at scale.

The Cisco Catalyst 9100 access points consist of the Cisco Catalyst 9115, 9117, 9120 and 9130 APs and are the next generation products to the Cisco Aironet Access Points. The Catalyst 9120 and 9130 access points are powered by Cisco RF ASIC that perform advanced RF spectrum analysis and delivers unique features that go above and beyond the standard for a superior RF experience including:

Networking Tier

The network function of Cisco Secure Network Access solution is built on intent-based networking principles - capturing the business intent and aligning the network continuously with that intent. This layer is driven by advanced automation and unified orchestration and is able to scale from hundreds to thousands and even to millions of connected users and devices. The manual process of managing individual devices – be it wired or wireless – as part of a unified fabric, is replaced by a globally managed intent-based policy, controlled from a single location. Moreover, use of machine learning and the contextual analysis of data before, during, and after deployment to bridge the gap between what your business needs and what your network delivers in terms of scalability, operational effectiveness and security.

The key features of network layer can be defined in three main categories:

Security Tier

Security applications from Cisco ensure complete protection over all networking domains. With security built-in to the Cisco Catalyst solutions, you are able to get visibility into who and what is on the network, contribute to a complete zero-trust access security model, and build threat prevention, detection and response policies for constant protection. Within the campus and branches, for example, Cisco Advanced Malware Protection (AMP) provides maximum protection against advanced malware and Cisco Umbrella™ uses DNS to stop threats over all ports and protocols. Also, Cisco ISE prevents threats with its adaptive and dynamic network partitioning, and Cisco Encrypted Traffic Analytics (ETA) detects malware activity disguised in encrypted network traffic without decryption.

The key features of security layer of Cisco Secure Network Access can be defined in three main categories:

Continuous Visibility

Complete visibility of fast-changing, mobile-first and cloud-driven IT environments is critical to fill the gaps in traditional perimeter network solutions. In a campus environment, visibility begins with classifying who and what is on the campus network, where personally owned mobile devices or rogue wireless access points are connected, and how users or IoT devices converse with services or applications. Gaining a baseline understanding of all network communications – even in the cloud – provides a full inventory that a group-based policy can be built around. It enables the monitoring of unusual behavior, which could represent a threat or policy violation. Also machine learning is critical to better classify all types of devices or workloads and more quickly identify anomalies from the baseline.

Organizations of all sizes can accelerate their digital transformation journey with a strong intent-based network foundation provided by Cisco Secure Network Access. It delivers the new age of wired and wireless connectivity — powering a new era of immersive network experiences – with the ability to deploy network software in the cloud to deliver new innovations at scale. It is wireless-first, cloud-driven and data-optimized with security at the core. Unlike other solutions, Cisco Secure Network Access offers a simplified operational model with one management, one common OS, pervasive security, and common policy across wired and wireless networks. With it, IT teams can automate and scale network connectivity to thousands of users and devices, anticipate change and pivot quickly and securely as they adopt best practices with a network that’s built for the future.

(1) Cisco Networking Trends Report

(2) Cisco multidomain integrations for intent-based networking