User Protection: Removing the Security Burden From Users episode artwork

EPISODE · Oct 5, 2023

User Protection: Removing the Security Burden From Users

from Info Risk Today Podcast · host InfoRiskToday.com

Eric Eddy, principal technical marketing engineer at Cisco, discusses critical aspects of user-centric security. From alleviating the security burden on users to the role of zero trust in granting access, Eric provides actionable insights for achieving a seamless and robust security posture.

Episode metadata supplied by the publisher feed · Published Oct 5, 2023

Eric Eddy, principal technical marketing engineer at Cisco, discusses critical aspects of user-centric security. From alleviating the security burden on users to the role of zero trust in granting access, Eric provides actionable insights for achieving a seamless and robust security posture.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

User Protection: Removing the Security Burden From Users

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

Hi there, I'm Tom Field. I'm senior vice president of editorial for information security media group. Five Act Today is user protection as my privilege to be speaking with Eric Eddy, his principal technical marketing engineer, cloud security with Cisco. Eric, thanks for taking time to speak with me today.

Awesome, thanks for having me Tom, glad to be here. Let's start here. How do we remove the security burden from users? Well, we need to stop, you know, certainly stop burning the end users with security.

You want to make it as invisible as possible to them. You want to enable them to do their job, to do it in a performant way and not make security a hurdle for them to get over. Users want to get their work done, you want to get it done as fast as possible, get it done wherever they want it done. But ultimately they want to get their work done more than security, right?

So if security's in their way, a lot of times they're going to try and find some way around it. So if we can marry those two together, giving them the best connectivity possible with a nice performant connection and make it secure all at the same time, then we have a really world-class solution. Let's talk about zero trust. What role can it play in granting access to applications and resources that the users truly need?

zero trust is a really big exciting topic to talk about with any customer. But I think firstly, we need to make sure we realize how big zero trust it is. Zero trust isn't just a new firewall, zero trust is a new way of thinking about applications and resources and accessing them through a network. So you want to first look at what, as an organization, you need to do to implement zero trust and implement zero trust controls in your network.

So it plays a really big role because ultimately that's the foundation that you're going to use to build all your new rules around implementing zero trust and making sure this user is accessing this application and they're doing it in a really granular way because previously it was all just about getting on that network, making sure you're a trusted resource is making sure that endpoint is patched. But once you're on, it was kind of just full access. With zero trust, we add the, you're not just on the network, you're accessing specific applications and authorized just for those applications. So it's a lot more granular control and allows, prevents that lateral movement that we're all scared about.

Eric, you get to see lots of organizations across sectors. Your opinion, what's the key to ensuring a continuous agile and efficient security posture? I think there's a lot of good things in that question there. Like continuous agile, efficient, right?

All those things scream sass to me, software is a service, right? And offering that security from a platform that's delivered everywhere, it's a globally, right? Because you don't want to have to spend your time patching and deploying hardware. You want to make sure you're spending your precious hours, right?

Because our network resources are security administrators. Their time is very precious. We want them focusing on what's most important in the organization. And that is ensuring that you have the best policy, that all those people are authorized to only what they need to have access to, by not spending time, patching that hardware, looking for the next equipment to deploy, and really focusing on what's key to your organization, that policy and implementing it and ensuring that's the best connectivity for all your users.

Eric talked a little bit about Cisco. How are you helping customers be able to optimize their operations with consolidated tools and services that can secure identities, devices, applications, and data? Another great question, right? So I think about SAS again when you talk about all that consolidation, right?

So we want to bring together capabilities and products. And we see a lot of that with SSC or Security Services Edge. But at Cisco, we're bringing that even higher, right? We're bundling together and bringing together a suite of capabilities around the type of level of protection, like the user suite protection.

So we're looking at offering capability of suite of capabilities in our user suite to protect those users wherever they are, whether that's in office, whether that's the hybrid worker that was working from home or an office somewhere else, bringing those all together and ensuring that you have everything you need to be able to protect that user or wherever they are. How would you describe the security outcomes you produce for your customers? Security outcomes, right? So of course, security is top of mind, right?

When you're talking about security outcomes, we want to make sure we're providing the best security possible. But we also need to make sure we're looking at the type of connection and how fast that connection is and how going back to your first question, how we're not in the way of that end user, right? Because yes, we can create the most secure thing ever with seven factor authentication I've seen with customers and how realistic is that for your end users. So you want to make it easy, right?

You want to make it such that they don't try and bypass that security because people are getting more tech savvy, right? As the younger generation joins the workforce, they're going to try and find ways around it if you're preventing them from doing their job. And that just brings in shadow IT in many organizations when you start putting all these roadblocks in their way. And then you end up data in places you don't want and have no control over it.

So it's better to meet them where their app provides the best connectivity possible and the best experience possible. So that drives ultimately better security and health for your entire organization. Eric, I'm not sure we shouldn't call that over shadow IT these days. I think it over shadows the traditional IT organization.

Indeed, indeed it does. Hey, ask you this. We talked to lots of customers. What are the results they report back to you?

Report back to us. It's great. They always want new features, which is exciting to talk about. But when it comes to transitioning to something like we offer with the user suite, we're looking at being able to, again, focus on that end policy, that experience, that tuning that performance for your end users, making it more available in other regions, especially for smaller customers, it's always a struggle to make sure, hey, we have a couple of users that are remote across the pond in Europe.

How are we going to give them a performant connection to either the internet or private apps, and secure them at the same time? So being able to offer great connectivity globally is something that a lot of customers struggle with, even the big ones that I have struggled with, especially with COVID, the pandemic, everyone going home. The scale just increased how many remote workers you need to have. And moving to something like the user suite, you really push that burden off to the vendor, Cisco.

So we have to deal with that problem instead of you. And it allows them to, again, focus on what's important to them, their business, and driving the outcomes to their customers, rather than, hey, where's our network? Do we have enough performance? Can we buy this other company?

Like, all those things just become less of their own problems and more of the vendor's problems. Well said, Eric, I'm grateful for your time and insights. Thanks for taking time to speak with me. Yes, thanks for having us, Tom.

Again, the topic has been user protection. You deserve from Eric Eddy, his principal technical marketing engineer, cloud security with Cisco, information security media group. I'm Tom Field. Thank you for giving us your time and attention today.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on October 5, 2023.

What is this episode about?

Eric Eddy, principal technical marketing engineer at Cisco, discusses critical aspects of user-centric security. From alleviating the security burden on users to the role of zero trust in granting access, Eric provides actionable insights for...

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!