Cisco Systems - Innovation in Business Information Apps

Gold Stevie Award Winner 2019, Click to Enter The 2022 Asia Pacific Stevie® Awards

Name of Organization / Company: Cisco Systems
Category: Award for Innovation in Business Information Apps

Entry Title: Role Manager: Managing Application Security

Cisco, a global enterprise uses diverse on-premise and cloud solutions for its Business efficiently. By the virtue of being networking company we have a robust network level security, but in the era of globalisation and increasing threat because surface of attack being open to hackers through application, we need to have application level security through role based access control.

Role based access control (RBAC) can be implemented at two layers; first at the infrastructure layer, second within the applications; to complement each other as defence in depth philosophy of security. While most of the RBAC offerings in the market focus on Infra level access requirements, Role Manager focuses on application specific role based access.

It not only focuses on who can get what level of access in application but also focuses on what data they can operate on. Hence providing end to end security from access level all the way to data.

Why Role Manager?

Role Based Access Control (RBAC) is a standardised way of providing access to a specific set of assets/application throughout the organisation. With the advent of zero trust security posture, RBAC has become increasingly critical for the organisations.

RBAC has two major functions -Role Engineering and User Role Assignment. Role Manager embeds secure access based on the organisations business hierarchy into RBAC functions. The assignment of a role to a user of the business function is called user role assignment. Every user role assignment is a combination of user assignment and criteria assignment. The criteria assignment adds data level security to the user role assignment by incorporating the organisations business hierarchy.

Key Features

1. Easily manage customer access – Unified user role access policy lets the customer access only required information.
2. Customisable Role definition – Business Roles are entities which is modified by organisation changes. Role Manager maintains timely audit of role definition. The role definition can be easily modified as the framework is built on customisable role templates.
3. Ensure zero trust security posture for on-premise and cloud solutions- Organisation can trust Role manager authorised user as the access is granted by the admins of specific functions only for specific criterion.
4. Event hooks – Role Manager event hooks allow admins to be notified on changes in organisations business hierarchies. Potential features added by event hooks are:
• Deactivation of the user role assignment due to user’s organisation change.
• Deactivation of the user role assignment due to business hierarchy deactivation.
5. Avoids Role Explosion – Role Manager maintains role criteria access policy specific to business functions. Multiple projects in the business function can share the user role access policy eliminating the creation of roles repeatedly in multiple projects.
6. Frictionless integration with External Apps – Role Manager acts as the centralised repository for RBAC management, thereby eliminating the repetitive RBAC process performed in every application. The consuming application can validate the users authorisation through the Rest APIs.
7. Role Search engine – Role Manager search engine allows customers to analyse data by searching on functions, role, criteria and user list. The filters enable customers to have easy access to the different values of functions, role and criteria.

Key Benefits

Role manager is currently the RBAC platform of choice across 5 Supply Chain Business Functions/Orgs in Cisco and has more than ~ 80 roles and ~ 38,000 unique assignments created to be used across ~ 200 applications.
Within limited time of its operationalisation,

Tangible Benefits

Centralised maintenance of roles reduced the average time taken to create and maintain the roles, enabling productivity gain and a savings of ~20M/yr

In-tangible Benefits

o Reduced data breach issues in Supply Chain business.
o Consistent process in identifying data owners with timely expiry notifications.
o Enabled Automatic work assignments in the orchestration workflow.

Credits:
Manish Mehrotra (Cisco)
Atul Shah (Cisco)
Ram Krishnamurthy (Cisco)
Durga E (Cisco)
Revathy Ganesh (Cisco)
Tanay Mathur (Cisco)
Abhishek Joshi (Cisco)
Dilip Kumar Gopinathan (Cisco)
Ganta Pranay Kumar (Cisco)

Files & Links:

Role Manager.pdf
Role Manager Architecture.pdf
Role Manager Demo.mp4
Role Manager Summary.pdf