How Cisco Meraki Adaptive Policy Enforces Security

Cisco Meraki Adaptive Policy
February 6, 2020

As much as technological growth has expanded productivity and business potential, a great increase in the number of devices operating on the average network has made managing IT more complex.

Historically, this has introduced a number of complications for IT departments, often required to secure access to devices and applications on a user-by-user basis.  What’s more, this complication has security implications as well. The more difficult it is to provide and prevent access to key devices, applications and data, the easier it is to accidentally permit access to the wrong users, potentially resulting in a cybersecurity incident.

Recently, Cisco Meraki has made great strides in simplifying device access with a new security feature, Adaptive Policy, which adds valuable information to IP addresses. Adaptive Policy is available on the MS390 switch and advanced licensing as well as on MR access points.

Cisco Meraki Adaptive Policy

How Adaptive Policy Works

Though limited, IP addresses are nevertheless central to identifying devices for controlling access privileges. And this process is critical to the overall cybersecurity of any organization. Writing and rewriting access privileges can be time-intensive, requiring manual work for each new device added or change to a user’s access level.

Under Cisco Meraki’s Adaptive Policy, networks can recognize users by identity, application and intent in addition to their device’s IP address. Network policies can now be automatically applied based on the intent and identity of the client, creating a method of permitting access that’s less prone to error.

For example, a doctor’s office could allow guests to work on the same network as the medical and administrative team without risking exposing sensitive data to a guest user. In this scenario, doctors, nurses and administrators would be tagged with the permissions to view patient files, while patients and guest users would be identified and given restricted access. What’s more, the administrators could be given additional permissions to view financial information that’s restricted from the medical team.

With regulations as strict as HIPAA, leaving these decisions up to IP addresses alone can be dangerous (what’s preventing a patient from logging onto an administrator’s computer while they’re away from their desk?). Adaptive Policy takes security a step further by granting and restricting permissions by user identity and intent rather than just IP address.

Organizations can use Adaptive Policy to create user tags—i.e., “doctor,” “nurse” and “administrator” and apply custom rules to each one. This creates an environment with more intelligent and adaptable security.

More than simply an additional layer of security, Adaptive Policy addresses a new reality in cybersecurity previously difficult to tackle, according to Lawrence Huang, VP at Cisco Meraki, as quoted in Network World.

“Threat vectors are evolving and the way customers need to protect themselves need to evolve as well – how customers support applications and IoT devices exemplify the idea its not just one perimeter that needs protecting but a collection of micorperimeters,” Huang said.