Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1705
Views
5
Helpful
4
Replies

ISE Management

jrgilkinson
Level 1
Level 1

‎09-24-2018 08:52 AM - edited ‎02-21-2020 11:01 AM

Any websites or suggestions on who owns and Administers ISE? It seems that network should own it and security get reporting from it, but should security be able to write policy's in in directly? 

Labels:
0 Helpful
4 Replies 4

slicerpro
Level 1
Level 1

‎09-24-2018 01:57 PM

The question of who gets to own/control the ISE is totally organizational dependent. I don't think you will find a vendor documentation directing you to one way or the other.
0 Helpful

Arne Bier
VIP
VIP

‎09-24-2018 10:38 PM

This is probably more of a discussion  than a blog ... but still, in a world where many organisation still operate in a silo'd environment, ISE is probably best placed in the Network team.  To be more specific, Network Operations.  Why?  Because the acronym NAC (Network Access Control) implies that we are controlling access to the network (as opposed to authenticating end user desktops ... that role might be better suited to the Security Team).  But at the end of the day this is an arbitrary decision that makes no difference how the dice fall.  Organizations should work together and stop being so silo'd - and give the job to those engineers who have the appropriate understanding of Radius, TACACS, ACL's, VLAN's, IP addressing.  But most network engineers panic when they have to deal with certificates - that's when they may need to engage the expertise of the Security Team.  But on the whole, most network engineers should feel comfortable working with ISE.

thomas
Cisco Employee
Cisco Employee

‎09-25-2018 11:32 AM

This is more of a question than a blog post.
0 Helpful

hestert
Level 1
Level 1

‎09-29-2018 04:40 AM

It doesn’t matter. I would just make sure the roles are defined. One major plus in ISE can be a major hurdle. Many elements are usable for multiple functions. I would mandate a required naming scheme so all users know who owns or controls an element.  I.e. NDGs are used in both TACACS and Radius functionality. In many organizations the device admin or TACACS administrators are not the same team as the network access team. Just have well defined roles!

0 Helpful
Customers Also Viewed These Support Documents