how to be agile and secure - Cisco

December 2014

HOW TO BE AGILE AND SECURE – THE FUNDAMENTAL CHALLENGE FACING ORGANISATIONS TODAY

A Management Guide for EMEAR from Cisco Prompted by the Cisco Security Insights Survey January 2015 © 2014 Cisco Systems, Inc. All rights reserved.

1

December 2014

Table of Contents Foreword

3

The Implications of the Cisco Security Insights Survey

5



Summary of Results

5



Weak links

8



Behaviour-centric security strategies

8

Why Worry About Business Agility?

11

Shifting the Security Context from Things to People.

12



Top 14 questions for CISOs to ask about the readiness for user-centric security.

13

Cisco Secure Access and Mobility.

14



14

How the Cisco Identity Services Engine (ISE) Helps

Cisco’s Threat-Focused Next Generation Firewall

15

Conclusion.

16

© 2014 Cisco Systems, Inc. All rights reserved.

2

December 2014

Foreword By Adam Philpott, Director, Security, Cisco EMEAR What keeps CEOS awake at night? We have seen a lot of discussion on this topic. Noreena Hertz from the Wall Street Journal, recently blogged on this question, looking at the top five issues keeping CEOs tossing and turning. Her words triggered a response from the CEO of Forbes. 1. Hertz writes, “Technology is proving to be the game changer in industry after industry. CEOs need, to quote Wayne Gretsky, ‘to see where the puck is going and get there first.’” Technology is certainly an issue for my company, but it won’t be me that “sees where the puck is going.” Instead, I’m concerned with giving an impactful voice to those in my company who do see where it is going and can propose fast solutions to “get there first.” In our case, this includes some of our youngest and newest employees. 2. “Super-transparency increasingly defines the business environment. In a world in which there is no ‘off the record’ companies need to be truer faster and CEOs need to think beyond their legal counsel’s advice when they get things wrong,” continues Hertz. Of course. When clear and honest communications are part of a company’s culture, there is far less to fear. When legal counsel understands that its advice must fit within that culture, they become part of a team working to quickly and transparently correct any missteps rather than a barrier to such efforts. 3. Which brings us to her third point: “Products or services that just do the job increasingly won’t suffice—consumers are increasingly voting with their wallets on social and environmental issues as well. CEOs need to interrogate their supply chain and think about how to differentiate their offerings along these lines.” Helping our clients to “insource” the talents and experience of their people to achieve exceptional results is at the core of what we do. In my experience, supply chains don’t need to be interrogated. Rather, the people at all levels who work within that function can become the engine for accelerating efficiency as well as environmental and social responsibility – and they do that because they want to, not because they have to. The same goes for customer-facing employees in terms of determining what serves the customer best. The CEO’s job is to recognize the enormous potential of her employees, create the culture by which that potential can thrive, and demonstrate the kind of leadership that will accelerate the organisation’s goals.

Just these three points raise the need for organisations to connect people both inside and outside the company in real time to drive disruptive innovation, a better customer experience, increased productivity and a greater sense of personal achievement. In short, organisations need to enable open communication and collaboration.

© 2014 Cisco Systems, Inc. All rights reserved.

3

December 2014

All of this would be fine if there wasn’t a veritable army of organised criminals and others intent on doing harm. In fact, in a PwC report in 2013 entitled: Dealing with disruption - Adapting to survive and thrive the 1,300 CEOs interviewed identified the scenarios that would have the worst impact on their organisation. Cyber-attack or major disruption of the Internet was ranked third – above significant issues like the breakup of the Eurozone.

Figure 1: Major social unrest tops the list of scenarios that would have the worst impact on CEOs’ organisations

Major social unrest in the country in which you are based

75

Recession in the US

67

Cyber-attack or major disruption of the internet

63

A natural disaster disrupting a major trading/manufacturing hub

56

A breakup of the Eurozone

53

Military or trade tensions affecting access to natural resources

53

Health crisis (e.g. viral pandemic, food/water safety crisis)

52

China’s GDP growth falling below 7.5% per annum

51

Base: All respondents (1,330) Source: PwC 16th Annual Global CEO Survey

This extract from the PwC report provides a nice summary of the challenges facing organisations of all sizes – especially those that want to operate internationally or globally. “The only way forward is to build organisations that can survive and thrive amidst disorder: organisations that are agile and adaptable, able to cope with disruption and emerge stronger than before.” These issues and trends are developed in more detail in the Cisco 2014 Midyear Security Report.

In our view, the extracts from the Forbes blog and the PwC report demonstrate nicely the need for this Management Guide. It’s not easy to be both Agile and Secure but we aim to give you guidance here.

© 2014 Cisco Systems, Inc. All rights reserved.

4

December 2014

The Implications of the Cisco Security Insights Survey Every day Cisco listens to thousands of organisations across EMEAR (Europe, Middle East, Africa and Russia). In these discussions, a recurring theme has emerged — what to do to satisfy the need to be agile whilst also protecting the organisation from an increasing number and vectors of threats. As part of these discussions there is always the question about what to do before, during and after a breach or compromise. Increasingly, we realised that one possible source of threat and a key part of the solution – employees – was not always being considered when security strategies and policies were being developed. So, we decided to ask employees about their security attitudes and behaviour and commissioned Research Now – an international research company – to collect answers from over 12,000 employees in 13 countries. The results – summarised below – show the extent of the challenge faced by CISOs today and represent a rallying cry for the entire Board to put in place the enablers of agility and security.

Summary of Results Our research uncovered two key issues:

Issue One - Employee behaviour is a genuine weak link in cyber security and becoming an increasing source of risk. This appears to be more through complacency and ignorance than malice, because companies have so insulated employees from the scale of daily threats that people expect the company’s security settings to take care of everything for them. Some of the more surprising statistics can be seen below.  Employee behaviour (52%) was second only to cybercrime (60%) when employees were asked to identify the top two greatest sources of risk to data security.

© 2014 Cisco Systems, Inc. All rights reserved.

5

December 2014

 35% of people expect their company’s security settings to protect them against any risk, while less than half (42%) believe it is their responsibility to keep personal and company data safe.

 A massive 62% seem so insulated from the true extent of threats that they think their behaviour has low or moderate impact on security.  While 59% of employees thought their company had a security policy, a quarter (23%) did not know if there was one or not.  43% admitted to low or moderate levels of adherence to the policies that were in place and one and a half times more people admitted to being more rigorous about data security at home (25%) than at work (16%).  One in 14 people confess to actively bypassing the IT security policy when they feel the need.  An astonishing 69% of people are not aware of recent high-profile security breaches such as Heartbleed.  A third of people (32%) made no changes at all following a well-publicised breach.  All those surveyed use their company’s network for personal transactions – the most popular was personal banking (73%) followed by online shopping (61%) and social networking (48%). While these statistics make gloomy reading in terms of the risks they represent. It is important to underline that most employees (57%) understand the need for security and think that it should be maintained or increased and a third think it should be even more rigorous. Action is needed to bring their behaviour in line with their underlying thoughts on security.

© 2014 Cisco Systems, Inc. All rights reserved.

6

December 2014

Issue Two - An increasing number of employees feel that security policies are inhibiting innovation and collaboration, and are making it harder for them to do their job effectively – to the point where 14% of employees take steps to circumvent the policy.  One in six (17%) believes the focus on IT security is stifling innovation and collaboration in their organisation.

 One in seven (14%) believes that it is making it harder for them to do their job.  One in six (17%) believes the costs associated with maintaining security outweighs the cost of a potential security breach. Some may consider discounting these statistics because they represent less than one fifth of the workforce, but what if the very same employees are the ones who could be the source of a disruptive innovation that could transform your market success? The results also indicate that the current IT security strategies in place do not correlate with the way people prefer to work today. Employees are telling us existing security policies need to change in order for businesses to maintain a culture of innovation and collaboration, whilst keeping the corporate network, devices and the cloud safe from external attacks. As cybersecurity becomes more of a strategic risk, organisations look to make it a formal business process where it has a holistic view of cybersecurity risks and is continually improving cybersecurity practices. This should be a key part of daily operations to protect the business from internal and external threats, to ensure there are no weak links caused by employee behaviour and to facilitate business agility, innovation and growth.

© 2014 Cisco Systems, Inc. All rights reserved.

7

December 2014

Weak links This study confirms the complex challenges facing businesses when it comes to IT security. The results show most employees recognise that the threat from cybercriminals is real and worthy of continuous defence, but it also reveals that employee complacency about IT security is increasing the risks for EMEAR businesses. An employee who blindly trusts is one amongst several “weak links” in the security chain. These expose an organisation to greater risks by providing enterprising hackers with multiple points of entry leading to sensitive data. It is clear from their responses that many do not fully appreciate how their behaviour can create an opening for cyber-criminals. The balancing act of business enablement and protection will require a fundamental shift in how we approach IT security. It will need to accommodate and adjust to user behaviour as part of a visibilitydriven, threat-centric, and platform-based approach. Businesses whose security policies only address point security solutions will put their businesses at greater risk of exploitation by hackers This approach creates gaps in traditional defences which attackers exploit. This is particularly risky when IT-proficient digital natives with the knowledge and wherewithal to bypass these policies enter the workplace, as supported by the bewildering survey result that one in 14 people who confess to actively bypassing the IT security policy when they feel the need.

Behaviour-centric security strategies As part of the Cisco research we identified four different profiles of user behaviours across EMEAR which could form the basis for user-centric security strategies. Each demonstrates a different level of threat to data security and requires a specific approach in order to limit the risk posed whilst allowing employees freedom to perform without being impeded by some security policies.. These profiles are developed below:  The threat aware – those aware of security risks and who try hard to stay safe online. They try to stay safe by having different passwords for every site and application but have not changed all their passwords following the very well-publicised Heartbleed compromise. Despite being aware of corporate security policies, they still use the corporate network for personal transactions including online shopping and personal banking. They believe it is a joint responsibility to keep personal and corporate data protected while a company security settings are still expected to protect the employee from external risks. They believe that it is essential that security should be even more rigorous.

© 2014 Cisco Systems, Inc. All rights reserved.

8

December 2014

 The well-intentioned – those who try to adhere to policies but who abide to policies on a ‘hit and miss’ basis. They try to have different passwords for every site and stay protected at home as much as at work. They try to adhere to policies but are not always aware of them and don’t fully understand the impact of how their behaviour can compromise corporate security. While trying to be safe at home and work, their perspective is that it is mostly the company’s responsibility to keep corporate data safe. They believe the focus on IT security can stifle innovation and the ability to collaborate with others but also believe that the risks from threats make it essential that security is maintained or increased.  The complacent – those who expect the company to provide a comprehensive security environment that protects them against any risk and therefore do not take individual responsibility for data security. They use the corporate network for personal transactions including online shopping, personal banking, travel bookings and accessing social networks. They have the same passwords for every site and don’t change them frequently. At work they are unlikely to follow corporate security policies and might even circumvent them if they think the limitations make it harder to do their job. They can be twice as rigorous at home than at work. Employee behaviour is not seen as a major risk to the company because the focus is on external risks including organised cybercrime.

© 2014 Cisco Systems, Inc. All rights reserved.

9

December 2014

 The bored and cynical – those who believe the cyber-security threat is overhyped and that the cost of security outweighs the cost of a security breach. They believe that IT security inhibits their performance, stifles innovation and collaboration and will therefore circumvent corporate security policies. They have heard of Heartbleed but don’t change passwords nor do they have different ones for every site they log on to. They expect the company to protect sensitive data and believe their online behaviour has little or no impact on the company’s exposure to attacks. They don’t adhere to policies and if necessary, they will actively try to bypass security policies. They are likely to use different devices at work.

The development of user-centric strategies and policies would indicate that, in future, CISOs will need to adopt a dynamic security policy that will adapt, scale and move away from traditional point security procedures. This trend, driven by enterprise mobility and the changing expectations employees have about collaboration and information access, will give IT managers the scope to set user-specific protocols working across the entire suite of an individual employee’s devices wherever they are working. These more ‘responsive’ security policies should enable businesses to be simultaneously more agile and less prone to risk; while better prepared for the threat-centric world we live in today. While better communication and education will help advance security policies, it won’t completely resolve the culture of complacency uncovered in this study. IT leaders will be compelled to establish more user-friendly security policies that accommodate each behavioural profile in order to lower the risk of a breach across the entire organisation. If employees continue to believe that IT security is making their job more difficult or remain unaware of the dangers their behaviour can place on the organisation, businesses will continue to play a game of Russian roulette with their IT security, which could lead to a very costly security breach.

© 2014 Cisco Systems, Inc. All rights reserved.

10

December 2014

Why Worry About Business Agility? Back in 2008, IDC predicted that 34% of the global workforce would be mobile by 2013 and updated that to over 37% by 2015. The impact of this dispersed workforce on business operations is significant – particularly in the way that teams are formed and operate, where businesses are located and how they interact with customers. During the same seven year period businesses from start-ups to mega corporations have become much more ‘global’ as they chase the opportunities of both emerging and mature markets. Add into the mix the arrival of the ‘connected employee’ who is always on, inherently mobile and demands immediate access to information they need, upon which to base a decision, at the touch of an always-connected button. More than this, they will expect to have access to multiple, alternative points of view to feel confident about decisions made, and to work in far more collaborative ways than was previously thought necessary. This combination of a dispersed workforce, global operations and the need for real-time access to information is forcing organisations of all sizes and types to adopt – or at least consider – new ways of working. As a result, the concept of secure access for a mobile workforce has taken root in many organisations because it is expected to bring with it a number of benefits, including increased growth and profitability and enhanced customer engagement. However, it is also having a significant impact on the structure and performance of teams which, in turn, is driving the need for systemic change and therefore new ways of securing the enterprise. The ‘connected’ employee – and as a result ‘connected’ teams - will demand, as a basic need, collaborative technologies and platforms that enable its members to work and share and co-operate remotely on a 24/7 basis. This generation wants the tech in place to enable it to update and collaborate on a real time basis, unconstrained by security policies and strategies designed to keep the bad guys out. The conundrum facing CISOs is how to empower people to perform at their best in an increasing mobile and collaborative world while simultaneously protecting the organisation from ever more sophisticated, organised and persistent cyber-threats. The answer requires having sufficient visibility about what is happening across today’s network, whether it’s internal or external access requests. It also requires shifting the security context from things to people. The Cisco Security Insights Research shows that the behaviour of individuals needs to be factored-in to increase security. Moving to user-centric security enables both the breadth of security visibility and the depth to monitor activity at a user level. Only then can the right levels of access control be applied to optimise security effectiveness.

© 2014 Cisco Systems, Inc. All rights reserved.

11

December 2014

Shifting the Security Context from Things to People Any cyberattack, large or small, is born from a weak link in the security chain. Weak links can take many forms: outdated software, poorly written code, an abandoned website, developer errors or a user who blindly trusts. Adversaries are committed to finding these weak links and using them to their full advantage. The effects of cyberattacks are sobering, in terms of both costs and losses in productivity and reputation. According to the Ponemon Institute, the average cost of an organisational data breach was US$5.4 million in 2014, up from US$4.5 million in 2013. In addition, the Center for Strategic and International Studies’ Estimating the Cost of Cyber Crime and Cyber Espionage report estimates that US$100 billion is lost annually to the U.S. economy, and as many as 508,000 U.S. jobs are lost, because of malicious online activity. This might surprise the 17% of employees that believe that the cost of security outweighs the cost of a potential breach. More than 90 percent (93.75 percent) of customer networks observed in 2014 have been identified as having traffic going to websites that host malware. This could be as a result of an innocent transaction by an employee, and as 100% of employees in the Cisco Insight Survey carry out personal transactions at work, the potential for a weak link is significant. Malvertising, for example, is becoming more prevalent, and adversaries are able to launch highly targeted campaigns. Malvertising victims are infected with malware in the course of their normal Internet browsing and therefore have no idea where or how they were infected. Tracing the source is next to impossible, because the ad that delivered the malware has long since disappeared. Moving from securing things like networks and devices to securing the actions of people represents a major shift for many organisations.

© 2014 Cisco Systems, Inc. All rights reserved.

12

December 2014

Below, we have identified a number of questions, prompted by the results of the Cisco Security Insights Survey, that focus on how prepared an organisation is to be both agile and secure. We hope that they help you assess your readiness to meet the challenges of user-centric security.

Top 14 questions for CISOs to ask about the readiness for user-centric security 1. Does your Board see security as strategic and give the risk of disruption a similar ranking as the 1300 CEOs in the PwC report? 2. What proportion of your workforce is mobile or requires the need to access information remotely? 3. How important is it to your organisation to enable people to collaborate easily with other inside and outside your organisation? 4. How reliant is your organisation on interacting and collaborating with outside organisations? 5. What strategic security initiatives are in the pipelines that address the ability to have unconstrained collaboration? 6. How many security breaches were detected last year? 7. How long did it take your security team to recognise the network had been compromised? 8. Was remedial action taken – not just by the IT security team? 9. What proportion of employees fall into the four behavioural profiles identified by our research? 10. What are the weak links in your security strategy based on the behaviour of your employees? 11. Are you able to spot when an employee circumvents your security policies? 12. What remedial action do you take if an employee has tried to circumvent corporate security policies? 13. Do you know if you are losing or failing to attract talent because your current security policies do not allow people to operate in the way they expect? 14. How easy is it to understand the context of a request for access? For example can you tell whose device is trying to connect?

© 2014 Cisco Systems, Inc. All rights reserved.

13

December 2014

Cisco Secure Access and Mobility To meet the behavioural challenges identified above, we have created a new generation of Secure Access and Mobility solutions that secure access for authorised users and devices connecting to networks across wired, wireless, and VPN infrastructure. These will enable organisations to provide guest access, to support enterprise mobility initiatives (e.g., BYOD), to secure remote access and to secure networks through the context-aware, proactive, and comprehensive enforcement of acceptable-network-usage policies. In short, to enable more agile working while increasing security. Together, these solutions provide organisations with the superior visibility and context with control needed to identify automatically who and what is accessing the extended networks across the attack continuum – before, during and after an attack.

How the Cisco Identity Services Engine (ISE) Helps Maintaining network security and operational efficiency in today’s distributed enterprise networks demands new technology taking a more holistic approach to network access security that is more user-centric and includes:  Accurate identification of every user and every device offering better control and easier management.  Simple onboarding, provisioning, and pro-active securing of all devices.  Centralised, context-aware policy management to control user access – whoever, wherever, and from whatever device.  Deeper level of contextual data about connected users and devices to more rapidly identify, mitigate, and remediate configuration issues and advanced threats. ISE is a comprehensive security policy management platform that unifies and automates secure access control to enforce role-based access to networks and network resources. It delivers the superior user and device visibility that is essential to enabling simplified enterprise mobility experiences. It also shares vital contextual data with ecosystem partner integrations using Cisco pxGrid technology to accelerate their ability to identify, mitigate, and remediate threats. The benefits of ISE can be summarized in three main areas:  Securely Enabling Enterprise Mobility  Simply Applying Consistent Access Policy  Gaining More Context and Resolving Issues Faster For more detail on Cisco’s Identity Services Engine please visit http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html

© 2014 Cisco Systems, Inc. All rights reserved.

14

December 2014

Cisco’s Threat-Focused Next Generation Firewall To protect organisations from the malevolent attack challenges identified above, we have also created advanced threat defense across the entire attack continuum – before, during and after an attack - by combining Cisco’s proven ASA firewall skills with industry-leading Sourcefire next-generation and advanced malware protection. We call this Cisco® ASA with FirePOWER Services. It provides the full contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence, and optimize defenses to protect all networks. Given shifting business models and the fast-changing threat landscape, an organisation’s approach to reducing the time from breach to recovery needs to be truly integrated and threat-focused. With mounting concern at the executive level regarding the threat of lost intellectual property and compromised customer information and confidence, organisations require broad coverage across all potential attack vectors that can rapidly adjust and learn from new attack methods, and then implement that intelligence to protect themselves. Cisco ASA with FirePOWER Services provides enhanced protection without limiting business agility. It achieves this vital balance by being: Visibility-Driven – Delivering full contextual awareness of users, mobile devices, client-side apps, virtual machine‐to-machine communications, vulnerabilities, threats, URLs, and other important telemetry. Its enterprise-class management capabilities provide users with dashboards and drill-down reports of discovered hosts, suspect applications, threats and Indicators of Compromise (IoCs) for comprehensive visibility. Threat-Focused – Incorporating leading Next Generation Intrusion Protection Systems for comprehensive protection from known and advanced threats, as well as AMP to combat against zeroday and persistent attacks. Big data analytics, continuous analysis and Cisco Collective Security Intelligence (CSI) work together to provide detection, blocking, tracking, analysis and remediation capabilities to protect against the full spectrum of attacks, known and unknown. Platform‐Based – Combining proven firewall functionality and application control, leading NGIPS capability, and advanced breach detection and remediation in a single device. The integration provides organisations with better protection, while also reducing operating costs and complexity. In today’s climate of industrialised hacking and sophisticated cybercrime, organisations need to be able to implement dynamic controls to manage the pace of change of their environments and address security incidents. Cisco ASA with FirePOWER Services is a major step forward for the Next Generation Firewall market, empowering customers to deepen their protection from the data center, through the network, to the endpoint with the agility to identify, understand, and stop advanced threats in real-time and retrospectively. More information about Cisco ASA with FirePOWER Services is available at www.cisco.com/go/asafps Together Cisco’s solutions provide the dynamic platform based approach necessary to operationalise your security.

© 2014 Cisco Systems, Inc. All rights reserved.

15

December 2014

Conclusion The PwC report we featured in our Foreword identifies three ways CEOs are trying to drive growth. Each describes the kind of adaptive organisation that needs security strategies and policies that enable rather than constrain.  Targeting pockets of opportunity: CEOs are focusing on a few well-chosen initiatives, primarily in their existing markets, to stimulate organic growth.  Concentrating on the customer: CEOs are looking for new ways to stimulate demand and foster customer loyalty.  Improving operational effectiveness: CEOs are balancing efficiency with agility. They’re trying to cut costs without cutting value or leaving their organisations exposed to external upheavals. They’re also delegating power more widely and collaborating with organisations to share resources and develop new offerings. All three approaches above demand a more open and collaborative organisation which increases exposure to threats. The Cisco Security Insights Survey, accentuates that employee behaviour is a genuine weak link in cyber-security and is becoming an increasing source of risk. It also shows that an increasing number of employees feel that security policies are inhibiting innovation and collaboration, and are making it harder for them to do their job effectively – to the point where some employees take steps to circumvent the policy.

Strengthening weak links across the security chain rests largely upon the ability of individual organisations and industry to create awareness about cyber risk at the board level and make cybersecurity an imperative for the business. Aligning business strategy, security operations, and the controls that enable cyber resilience is also critical, as is the aptitude to create greater network visibility across a “noisy” network by employing emerging, intelligent solutions such as predictive analytics.

© 2014 Cisco Systems, Inc. All rights reserved.

16

December 2014

To cover the entire attack continuum before, during, and after an attack, today’s organisations must address a broad range of attack vectors with security solutions that operate everywhere a threat can manifest itself. This includes the network, mobile devices, virtually, and in the cloud or data centre. So if, as the PwC report highlights, the only way forward is to build organisations that can survive and thrive amidst disorder: organisations that are agile and adaptable, able to cope with disruption and emerge stronger than before, there will be no substitute for a user-centric, platform-based approach to security that automatically increases protection whilst also enabling a more agile enterprise. It’s time to operationalise security so that it becomes a pervasive business process. Cisco’s strategy to help organisations address these known and emerging security challenges is based on three strategic imperatives:  Visibility driven - The more we can see, the more we can correlate information and apply intelligence to understand context, make better decisions, and take action — either manually or automatically.  Threat focused - We must focus on detecting, understanding, and stopping threats through continuous analysis, and real-time security intelligence that is delivered from the cloud and shared across all security solutions to improve efficacy.  Platform based - Security requires an integrated system of agile and open platforms that cover the network devices, and the cloud. We want to work together with organisations of all sizes to increase protection levels wherever possible. To learn more about how Cisco can help you operationalise your security, so it embraces all threat vectors from the cloud to the data center, visit URL http://www.cisco.com/c/en/us/products/security/index.html

End Notes PwC http://www.pwc.com/en_IM/IM/publications/assets/life-insurance/dealing_with_disruption.pdf Wall Street Journal http://blogs.wsj.com/experts/2014/03/11/what-keeps-ceos-up-at-night/?mod=WSJ_hp_EditorsPic Forbes http://www.forbes.com/sites/johnkotter/2014/03/27/what-should-keep-ceos-up-at-night/ Cisco mid-year security report http://www.cisco.com/web/offers/lp/midyear-security-report/index.html?keycode=000489 although this is a gated page

© 2014 Cisco Systems, Inc. All rights reserved.

17

December 2014

Thank you.

© 2014 Cisco Systems, Inc. All rights reserved.

18