Trials and demos
How to buy

Education

RCSI confidently expands cloud operations

By adopting Cisco Hybrid Mesh Firewall, RCSI improved overall security posture—delivering best in class, resilient on-premises and cloud security with speed and certainty.

Accelerating secure cloud delivery while reducing risk

Facing growing cloud complexity, RCSI adopted Cisco security to automate upgrades, eliminate manual workflows, and deliver resilient, always-on services across their global footprint.

Royal College of Surgeons in Ireland (RCSI)

The Royal College of Surgeons in Ireland supports a global academic and research mission, operating campus and cloud environments that serve thousands of users across Ireland, the Middle East, and Asia.

Challenges

As RCSI expanded their use of public cloud services, they needed to improve resilience, simplify operations, and reduce risk across hybrid environments without slowing service delivery or increasing headcount.

  • Manual scripts and thousands of static routes were required for resilience and upgrades in Azure, increasing risk and reducing agility when updating infrastructure or services.
  • Publishing public-facing websites required multiple network address translation (NAT) layers and manual tracking, slowing delivery and making the process difficult to delegate.
  • Fragmented visibility across on-premises and cloud environments reduced operational confidence and slowed incident response and change approval.

Solutions

To modernize cloud and campus security, RCSI deployed an integrated Cisco security architecture that delivers unified visibility, cloud-native firewalling, and automated operations—reducing risk while dramatically accelerating service delivery.

  • Cisco Secure Firewall 4215 delivers high-performance, identity-aware firewalling at the campus core, supporting 400 Gbps traffic while enforcing consistent security policy.
  • Cisco Multicloud Defense provides cloud-native firewalling for Azure workloads and public-facing services, simplifying traffic flows, consolidating IP ranges, and enabling zero-downtime upgrades.
  • Cisco Security Cloud Control centralizes firewall and cloud security management with unified policy, analytics, automation, and AI-assisted optimization across on-premises and cloud environments.
  • Cisco Umbrella adds DNS-layer security to block malicious domains early, reducing exposure to threats before they reach users or applications.
  • Cisco AnyConnect enables secure remote access for staff and administrators, supporting encrypted connectivity across campus and cloud environments.

Outcomes

Accelerated cloud service delivery

Reduced website publishing time by 95%, turning weeks-long cloud changes into routine, repeatable tasks.

Zero-downtime upgrades with rapid recovery

Automated upgrades and 4-minute rollback eliminated outage risk and transformed change management confidence.

Operational complexity reduced across hybrid environments

Centralized control and automation replaced manual workflows, lowering risk while improving daily operational clarity.

    Securing a historic medical institution

    For more than 250 years, Royal College of Surgeons in Ireland (RCSI) has stood at the center of medical education, research, and healthcare governance. Headquartered in Dublin’s city center, the institution operates 5 additional sites across Ireland—many within hospital environments—and supports academic operations in the Middle East and Asia.

    Each day, RCSI supports approximately 12,000 connected devices across their global footprint, serving more than 5,000 students and nearly 2,000 staff. More than 65 public-facing websites underpin teaching, research, and institutional operations, all of which must remain continuously available and secure.

    A small security team is responsible for protecting this environment for both on-premises infrastructure and cloud services hosted primary in Microsoft Azure. At the core of the network are Cisco Secure Firewall 4215 appliances acting as Layer 2 and Layer 3 gateways, terminating all VLANs and VPN connections while handling traffic volumes that can now reach up to 400 Gbps across the campus network.

    As RCSI expanded their use of public cloud services, expectations around resilience—the ability to withstand outages, cyberattacks, and system failures without disrupting operations—along with speed and operational clarity increased. Leadership required confidence that critical systems could be upgraded and protected without interruption. The security team needed deeper visibility, simpler workflows, and a way to scale security without increasing headcount.

    Balancing the demands of a centuries-old institution with the realities of modern, cloud-first delivery required more than incremental change. RCSI needed a security architecture designed to simplify operations, reduce risk, and provide consistent control across on-premises and cloud environments—without sacrificing reliability.

    From cloud complexity to architectural clarity

    Before modernizing their security architecture, RCSI relied on earlier-generation firewalls deployed both on-premises and in the cloud. Over time, the environment became increasingly complex. At one point, about 9 firewalls were operating across Dublin alone. A new security architecture would enable RCSI to collapse these into a single clustered pair to support higher bandwidth demands and simplify routing.

    In Azure, resilience was largely manual. Traditional virtual firewalls could not be clustered natively, forcing the team to rely on custom scripts to move traffic during issues or upgrades. These scripts modified thousands of static routes—sometimes as many as 8,000 at once—introducing risk and discouraging change. Upgrades were delayed, and even routine maintenance was treated cautiously.

    Delivering public-facing services added further strain—publishing a new website required multiple layers of network address translation, tracked manually so others could understand the traffic flow. In practice, only one person fully understood how services were delivered, making delegation difficult and slowing delivery. What should have taken hours often stretched into weeks.

    At the same time, RCSI faced pressure to increase availability, simplify operations, and support cloud growth without expanding the team. Multiple vendors were evaluated, but Cisco Multicloud Defense stood apart. It was purpose-built for cloud networking rather than adapted from on-premises designs, and Cisco demonstrated dedication to partner closely throughout the implementation project.

    RCSI was not looking for another firewall. They needed a cloud-native architecture that could eliminate fragile workarounds and make security predictable. Multicloud Defense became the foundation for that shift.

    Cloud-native security, delivered in days

    The transition to Cisco Secure Firewall, Multicloud Defense, and Security Cloud Control was completed in just 2 days—a process that had previously taken up to six weeks using legacy cloud firewall approaches.

    From the outset, Cisco’s cloud-native design delivered immediate visibility. By integrating directly with Azure through APIs, Multicloud Defense automatically inventoried virtual networks, workloads, and dependencies before any enforcement points were deployed. For the first time, the full scope of the cloud environment was presented in a single, readable dashboard, allowing confident planning and reducing migration risk.

    Multicloud Defense ingress and egress gateways replaced complex, manually engineered traffic paths with automation designed specifically for Azure’s operational realities. More than 70 public IP addresses were consolidated into a single address while continuing to securely deliver 65 public-facing websites. Built-in load balancing and automation eliminated custom scripts and reduced configuration sprawl.

    Security Cloud Control unified management across on-premises firewalls and cloud enforcement points established a single control plane for policy, analytics, and lifecycle operations. By managing Secure Firewall and Multicloud Defense through one policy framework, RCSI created a Hybrid Mesh Firewall architecture—even as the environment remains predominantly cloud-based.

    What followed deployment was equally important: stability. The architecture that went live remains fundamentally unchanged today. The solution aligned so closely with RCSI’s operational needs that no redesign was required—allowing the team to focus on delivery rather than constant adjustment.

    Measurable gains in speed, resilience, and trust

    Operational improvements were immediate and measurable. Publishing a new website is now approximately 95% faster than before, transforming a complex, time-intensive task into a routine operation that others can understand and support.

    Resilience also improved dramatically. With Multicloud Defense and Security Cloud Control, upgrades are automated end to end. New instances are created, traffic drains gracefully, routes migrate automatically, and updates complete with no downtime. If an issue occurs, rollback takes roughly 4 minutes, restoring service without disruption.

    This predictability reshaped how the organization approaches change. Cloud-related updates that once raised concern are now treated as standard changes or simple notifications. Confidence replaced caution as reliability increased.

    Visibility also improved. Unified logging presents full Transmission Control Protocol (TCP) transactions in a single view, allowing the team to trace traffic from arrival through session completion without correlating multiple tools. With a smaller public IP footprint, monitoring and risk management became simpler and more effective.

    Just as importantly, operational knowledge is no longer concentrated with one individual. Simplified workflows and intuitive dashboards make it easier to delegate tasks, onboard new engineers, and communicate security posture to stakeholders across the organization.

    AI-driven operations and a hybrid mesh future

    RCSI was an early pilot customer for Cisco’s AI Assistant within Security Cloud Control, using AI-driven policy analysis to improve firewall hygiene. In a single optimization cycle, the environment moved from 14% of rules flagged as optimizable to effectively 0%, reducing shadow rules and improving policy clarity.

    These AI capabilities are already delivering value, and RCSI sees them as a force multiplier for a small team managing a large environment. As AI-assisted troubleshooting, policy recommendations, and threat-driven insights continue to evolve, automation will play an increasing role in daily operations.

    Cisco Hybrid Mesh Firewall is central to this long-term strategy, unifying cloud and on-premises security under a single policy and management framework. That architecture enables a single dashboard view of distributed enforcement, allowing the team to assess risk at a glance. If everything looks healthy, operations continue uninterrupted. If not, action is immediate and targeted.

    Looking ahead, RCSI is evaluating additional Cisco security capabilities, including Cisco AI Defense—a solution designed to monitor, govern, and protect AI applications and usage—to address emerging risks tied to AI in academic environments. Throughout the journey, Cisco’s customer experience and engineering teams have remained closely engaged, collaborating regularly to refine offerings and incorporate real-world feedback.

    The result is a security foundation that supports innovation without sacrificing stability—one that allows a historic institution to operate with modern confidence.

    More for you

    Technology has changed how we live and work.

    Leading organizations are innovating with Cisco solutions to connect, secure, and transform.

    Security

    Organizations like yours rely on Cisco

    Each industry has its own challenges that require tailored solutions.

    Education

    You are a changemaker, innovator, and discoverer.

    We want to help you share your story. Learn more about how you can build your organization's profile—and your own—as you expand your network.

    Customer Reference Program Cisco Insider Advocacy

    A fundamentally new approach to firewalling

    Enforcement points change, policies don't. See how you can get started with Hybrid Mesh Firewall that meets you where you are for securing your hybrid enterprise.

    Talk to an expert