CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE ClearPass Access Management Solution Sales Guide – Confidential – Aruba Networks and Partners only A fully integrated and complete solution for access security policy management, enabling organizations to centrally enforce and refine policy to meet the requirements of the business.
20
Embed
ClearPass Access Management Solution Sales Guide … · access from mobile devices (smartphones, laptops, the OPPOrtunity in BrieF ClearPass Access Management Solution: • Provides
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CLEARPASS ACCESS MANAGEMENT SoLuTioN SALES GuidE
ClearPass Access Management Solution Sales Guide – Confidential – Aruba Networks and Partners only
A fully integrated and complete solution for access security policy management, enabling organizations to centrally enforce and refine policy to meet the requirements of the business.
the OPPOrtunity in BrieFClearPass Access Management Solution:• Provides a centralized point of policy management• Allows mobile devices to be used easily and securely within an organization• Creates an attractive working environment for employees and contractors• Helpsorganizationsenhancetheuserexperienceandinteractmoreeffectivelywithguests• Enables customers to contain the costs of managing network access
1
Why it is worth your customers’ time Many customers want to open up their networks to access from mobile devices (smartphones, laptops, tablets etc.), owned by the organization or by the end user. They are responding to a growing expectation by employees and visitors that they should be able to use mobile devices for work and for interacting with the organization.
#GenMobile, people that have a preference for all things mobile, are an increasing proportion of the workforce. Organizations need to attract this talent pool to remain competitive.
ClearPass offers organizations the opportunity to centrally develop, automate, enforce and audit an access security policy that will enable them to meet business requirements and comply with regulations and legislation, while enhancing the user experience.
What are ClearPass’ key advantages?ClearPass is the only access management solution that:
• Works efficiently and cost-effectively across multi-vendor wired and wireless networks
• Is highly scalable, managing access security in very large deployments, across multiple sites, and handling high density authentication requests
• Delivers policy management, policy enforcement, guest functionality, device profiling and onboarding from a single platform
• Has workflow and interoperability to provide automation and self-service which improves user experience and reduces IT costs
• Enables contextual policy management to a location, device and user level
Why SELL CLEARPASS ACCESS MANAGEMENT?
value of a typical sale
Small deal: $15-35k (to gain entry into a new account)Medium deal: $50-75kLarge deal: $100k+Very large deal: $250k up to $1M+
time to close
For a small deal, can be as short as 8-10 weeksMore typical (e.g. where budget is needed): 3-12 months
Other benefits
• Consultancy business: Professional Services can be up to 20% of the deal• Support revenues: generate 12-15% in annual spend • Enables you to talk wider within your customer’s organization (e.g. to the CMO’s team)• Unlock a single vendor stronghold; create opportunity to talk about other (Aruba WLAN) solutions• ClearPass upsell: sell additional capacity and module licences as users and devices increase• As a partner, you can cross-sell other Aruba products, and other vendors’ products and applications (via
integration), such as MDM, Security Information and Event Management (SIEM), Palo Alto firewall
Why this opportunity is worth your time
Confidential – Internal and partner use only
oPPoRTuNiTy oVERViEW
Confidential – Internal and partner use only
Confidential – Internal and partner use only2
SoLuTioN oVERViEW
ClearPass Access Management SolutionClearPass enables customers to control access to wired, wireless and remote (VPN) networks. The solution provides capability for an organization to:
• Develop, automate, enforce and audit access security policy
• Manage and refine policy from a centralized location
With ClearPass the customer has a single point of policy implementation at a device and individual level which better protects the network against threats, and the organization’s information assets against improper use. For example, accessing accounts data from a laptop at HQ can be allowed, but not via a wired port in a branch office, unless it is by the CFO.
ClearPass Policy Manager The core of the solution is an enterprise RADIUS/TACACS+ hardware appliance or virtual machine (VM) server with advanced policy control. It includes:
• Profiler – identifies and classifies devices on the network
• ClearPass Exchange – RESTful based APIs for integration with other systems, including but not limited to third-party MDM, firewalls and SIEM
• AirGroup Registration portal – makes plug-and-play network services for media management (e.g. Apple AirPrint/AirPlay, DLNA, UPnP) controllable and secure within an enterprise network
Advanced featuresAdditional features, enabled through purchase of perpetual or subscription licences, are delivered in three modules:
• ClearPass Guest – providing secure wired and wireless access for guests and contractors, with self-registration, social login and linkage to credit card billing, plus an optional advertising module
• ClearPass Onboard – automates device configuration and enables customizable self-provisioning of target devices with unique credentials for secure access
• ClearPass OnGuard – assesses the health of connecting devices, and provides automatic remediation workflows and device compliance reporting
Aruba and partner services• Customization – Aruba Professional Services deliver
support for customizing the look and feel of guest and employee portals
• Design and deployment – delivered by Aruba or specialist partners
• Support – delivered via the partner or direct to Aruba
• Easily enrol guests and onboard devices – relieve IT burden
• Apply policy• Control access• Check device health
• Re-profile• Check compliance• Analyse usage
• Simulate policy change
• Enhance user experience
6 MANAGE AND REFINE
2 DEVELOP
3 AUTOMATE
REFIN
E POLICY
4 ENFORCE
What network access policy do we
need for the business?
5 AUDIT
Do we need to modify the
policy?
• Profile users and device types
1
uSiNG CLEARPASS To bENEfiT ThE buSiNESS
MAin CUSTOMER bEnEfiTS• visibility: the ClearPass platform provides centralized visibility of and control over access to all iT
networks, ensuring that security policy is applied consistently across the whole organization• Security: enforcement, auditing and reporting features enable customers to comply with relevant
regulations and legislation, demonstrate compliance, and mitigate the risk of a breach of access security• Workflow: users are able to connect securely and easily from tablets, smartphones etc., delivering an
improved mobility experience across both corporate-owned and user-owned devices (e.g. byod)• Mobility:employeesgiventheflexibilitytoworkfromtheirpreferredlocationsanddevicesaremore
productive• Cost: the reduced number of appliances required, automated enrolment and device onboarding, and a reductioninIThelpticketsthroughworkflowenabledself-servicemaketheClearPasssolutionefficientandcost-effective
ClearPass enables the business requirements for resource access and security policy to be implemented directly using a complete end-to-end process
Confidential – Internal and partner use only4
Which of my customers shall i target?A ‘YES’ answer to some of the following questions mean they are a good prospect.
yeS nO1 Has the prospect or another organization in the same industry sector recently suffered a security breach?
2 Is a large proportion of the prospect’s workforce using mobile devices?
3 Do they hire contractors, or work collaboratively with partners/agencies?
4 Do they have frequent and large numbers of guests?
5 Do they have distributed offices?
6 Are they moving into a new building, or consolidating sites?
7 Have they recently been or are they about to be involved in a merger or acquisition?
8 Are they a public sector organization that is being encouraged by government to share resources?
9Are they in an industry where new regulations or legislation have recently been or are about to be introduced, which relate to information security or operational risk?
10 Do they have a heterogeneous (multi-vendor) network?
TARGET MARkETS
Why customers need ClearPassAcross all verticals and sizes of organization, there is a growing requirement to allow access to corporate networks from mobile devices. These devices may be corporate-owned, or owned by the end user (e.g. BYOD, or for guest access).
Until recently, the Network Access Control (NAC) function has largely been targeted at enforcing access security policies for Windows PCs. Now control is being extended to mobile devices running a variety of operating systems, across wired and wireless networks, and for remote access via VPNs.
ClearPass meets this extended NAC requirement, but can also do a lot more for the customer’s business. So, although many opportunities might arise from a need for improved network access control, it is important to explain to your customer what else can be achieved with ClearPass, because it is this complete capability that sets ClearPass apart.
WHy THE MARKET iS ATTRACTivE nOw• There has been rapid and widespread
growth in types and models of mobile devices,whichpeoplefindconvenientandwant to use
• The availability of apps and services (including cloud) has made mobile devices indispensable, so owners expect to be able to use them for work and for interacting with organizations, from any location
• The ‘consumerization of iT’ is now a reality: giving employees a choice about how theyworkhasbecomeessentialforstaffrecruitment and retention
• Competitive pressures continue to drive organizations to look for ways to enhance customer experience while containing costs
• iT departments are being outpaced by user demand: they need tools that accelerate the onboarding of new devices and reduce workload through self-service, while enforcing security and providing visibility
ThE MARkET
Confidential – Internal and partner use only 5
General market needsvisibility and control: customers in all verticals want visibility of how their network is being accessed – from where, by whom and using what device. They need to be sure that only authorized users are allowed access, and that unsecure or compromised devices are either denied access or removed from the network.
Compliance: organizations must comply with mandatory security requirements, regulations and legislation, and protect networks against data loss and cyber-attacks.
Productivity: many organizations are looking to improve employee productivity by providing staff with secure access from any device, so that users have a wider range of options to get work done.
user engagement: this is of growing importance, especially in Finance (retail banking), Retail and Hospitality. Being able to deliver targeted information to users based on context (user profile, location etc.) is a major driver for fostering customer loyalty.
Cost containment: reduce the burden on already overstretched IT resources and avoid/lower the costs of owning and replacing devices.
Mobility: many organizations are frustrated by the difficulties of using mobile devices for business and enforcing an appropriate access security policy. They wish to improve the mobility experience for their customers, staff, contractors and partners.
business drivers in selected verticalshealthcare• Enable patient and hospital visitor guest access
• Allow doctors, nurses and admin staff to self-configure their own devices
• Enable clinicians to securely access patient data, regardless of location
• Securely transfer patient data based on user privileges and/or device profile
finance• Use mobile devices for enhanced customer
interaction (e.g. electronic signatures)
• Implement sponsored visitor guest access for regulators, auditors, consultants
• Phase out corporate-owned devices by allowing staff to purchase and use their own replacements
• Deploy improved access security to comply with the latest industry regulations (Basel III)
Retail and hospitality• Attract customers by offering guest Wi-Fi
• Engage with customers (including advertising and loyalty marketing) using contextual information
• Improve customers’ experience with Wi-Fi that remembers them on their next visit
• Enforce PCI requirements with secure access
Education• Enable students to use personal devices for
interactive learning
• Allow non-IT specialists to securely grant guest access to students, parents and authorized visitors
• In schools, save money by allowing pupils to purchase and use their own devices
MARkET NEEdS
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE MARKET
Source: Aruba view, based on reports from Frost & Sullivan and Gartner
ClearPass worldwide addressable market size
1200
1000
800
600
400
200
02014 2015 2016 2017 2018
$M
MARKET TREnDSAnalysts like frost & Sullivan and Gartner are forecasting that organizations worldwide will spend a growing amount on network accessmanagementsolutionsoverthefiveyears to 2018. from a worldwide market worth $uS 350 million in 2014, the forecast is for demand to steadily increase at a rate of almost 31% per year to break $1 billion by 2018. This is a major opportunity for partners to work with Aruba to establish ClearPass as a primary source of revenue generation.
Confidential – Internal and partner use only6
What are the business needs of key people in your customer’s organization? Here’s how ClearPass addresses each need.
CiO: ACCESS MAnAgEMEnT nEEDS
need How the business need is addressed
Provide a good service− executives wanting to use own
devices− employees using multiple
devices− employees bringing their own
devices (i.e. BYOD)− simple guest access
• ClearPass OnGuard protects against unsecure and compromised devices, enabling organizations to allow use of employee-owned devices without putting the business at undue risk
• ClearPass Onboard enables employees and contractors to easily and securely onboard their newly-supplied or own devices – by provisioning 802.1X settings and issuing certificates
• Onboard provides the ability to customize the portal and workflow for each user group and device
• ClearPass Guest provides customizable portals, plus support for guest sponsors and IT-controlled guest privileges, to make self-registration by guests straightforward
Reduce the risk of a security breach− guard against malicious attacks− maintain the trust of customers
and partners
• With ClearPass, network access security policy can be defined centrally, then implemented consistently across all wired and wireless network access points, minimizing the risk of leaving a vulnerability that can be exploited
• User authentication, context and role-based profiling guard against unauthorized users gaining access to sensitive areas of the network and data
CFO: FinAnCiAl needS
need How the business need is addressed
Contain the costs of network access security management− implementation− network equipment upgrades− hardware− licence fees− administration costs− multiple device support− dealing with visitors
• Automated device configuration and provisioning reduce the cost of access security, especially when introducing 802.1X into a wired network or moving to a new site
• A single ClearPass Policy Manager appliance can handle up to 25,000 unique endpoints across multiple networks, so even with a redundant architecture the amount of server hardware required is relatively small
• Optional advanced feature modules mean customers pay only for the functionality they actually need
• ClearPass Exchange ensures functionality of other investments is exploited to increase security, reduce support costs, and improve customer experience
• IT staff no longer need be involved in onboarding new devices, or registering and assisting contractors and guests, significantly reducing ongoing administration costs
• Users can use their own devices, reducing the cost of provision and replacement
Predictability of costs over lifetime of solution− scalability and linear growth− availability of perpetual licences− licensing flexibility
• ClearPass provides a single integrated system that can adapt as the organization grows and changes; it can scale to very large deployments and provide centralized control for new sites, without the need to rip and replace hardware or software
• Aruba operates a licence overrun scheme to lessen the cost impact when usage grows, and to allow organizations to meet short-term higher demand for access (e.g. during special events or unexpected peaks in user activity)
• Organizations have the option of a perpetual or subscription licensing format, whichever better suits their business model
• Enterprise licences can be shared across the Guest, Onboard and OnGuard modules
hoW CLEARPASS MEETS CuSToMER NEEdS
ThE SoLuTioN
Confidential – Internal and partner use only 7
CSO: SeCurity needS
need How the business need is addressed
Secure network access− user identification− role-based profiling− certificate of authority− accreditation
• ClearPass provides granular access security management which enables contextual access control to a location, device and user level
• ClearPass Policy Manager (CPPM) supports advanced user and device authentication based on 802.1X, non-802.1X and web portal access methods
• Guest access workflow can require confirmation by a trusted sponsor• Embedded Certificate Authority (CA) support allows ClearPass to interwork with
existing Public Key Infrastructure (PKI) or act as its own CA• CPPM is accredited as compliant to FIPS 140-2 for cryptographic modules
Protection against malware− device health checks− remediation− post-access removal
• Automatic remediation workflows can be applied to non-compliant devices• Certificates and profiles can be issued to devices to allow for easy removal from
the network if required (e.g. if devices are compromised, lost or stolen)
Compliance to regulations and relevant legislation− appropriate level of security− reports and audit trails
• ClearPass provides the ability to develop, automate and enforce an access security policy that meets the organization’s business requirements, then refine that policy as new regulations come into force or business needs change
• Audit and reporting allow customers to check and demonstrate compliance
CMO: USER EngAgEMEnT nEEDS
need How the business need is addressed
Improve the mobility experience of users− attract and retain staff− allow network access from and
manage mobile devices− wide choice of devices− simple registration
• ClearPass allows customers to modernize their infrastructure to cater for and attract the #GenMobile employee
• ClearPass works with a wide range of mobile platforms, including iOS, Android, Windows Mobile, Windows Phone 8, Mac and Symbian OS
• ClearPass Exchange makes it easy to integrate with third-party solutions such as MDM, so organizations can manage mobile and other devices
• Self-registration speeds network access, while MAC caching makes sign-on straightforward for returning users
• Single sign-on to the network and applications makes mobile working quicker and easier
Enhance the experience of guest users− customized portals− social login− text messaging− relevant communication
• Portals can be customized with a wide range of options, including localized language support and location-specific information
• If desired, guests can use social networking identities to gain access, and receive login instructions and other information via SMS
• Using the optional advertising module, context-based messages can be sent to the user (e.g. special offers in stores)
iT/nETWORK DiRECTOR: infRASTRUCTURE nEEDS
need How the business need is addressed
Simple implementation− minimal new hardware− no change to existing infrastructure− automated assistance to reduce IT
effort involved
• ClearPass requires fewer physical appliances than other solutions, and can be run as a virtual machine on existing hardware
• There is no need to change out or upgrade existing network infrastructure• Automatic device profiling and self-registration relieve the IT burden of
onboarding• Detailed diagnostic information assists network administrators (e.g. in
troubleshooting failed 802.1X authentications)
System performance− reliability− scalability− effect on the network
• ClearPass solutions have proven reliability in ‘live’ customer networks• Solutions scale easily to manage up to a million endpoints from a single cluster,
and can handle a high density of authentication requests• Unlike other offerings, CPPM does not operate ‘in line’, and so has minimal
effect on network performance and no consequent scaling issues
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
Jan Brown
Cross-Out
Confidential – Internal and partner use only8
ThE CoMPETiTiVE LANdSCAPE
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
How does the competition rate and who are they?
Use this table to identify Aruba’s strengths and for guidance on how to beat the competition.
Scoring: 0 = No capability 1 = Very weak 5 = Exceptionally strong ? = No information
CLEARPASS COMPETiTORS
Capabilities Arub
a Cl
earP
ass
Cisc
o (IS
E/AC
S)
Fore
Scou
t
Brad
ford
Net
wor
ks
Juni
per N
etw
orks
HP
Smal
ler n
iche
Wi-F
i pl
ayer
s (e
.g. M
eru,
Ae
rohi
ve, E
xtre
me)
Solution for multi-vendor networks 5 2 4 3 2 ? 2
Interoperability 4 3 3 ? 2 1 2-4
Vendor’s Wi-Fi knowledge 5 5 0 0 3 2 4
Proven, stable solution 4 4 3 2 3 1-2 1-2
Scalability 5 3 2 3 3 3 2-4
Completeness of solution 5 4 3 3 3-4 3 2
Ease of deployment 3 2 4 2 3 ? 2-4
Capabilities: refer to the next page for a detailed explanation.
OUR MAjOR STREngTHS ARE ...• Solution for multi-vendor networks• interoperability• Proven, stable solution• Scalability• Completeness of solution
… EMPHASiZE THESE POinTS!
hOw tO win
we win if …• We tie down the scope of the requirements early
in the sales cycle
• The customer has an Aruba WLAN, and is implementing a refresh
• The network is wholly Aruba or multi-vendor
• The requirements are biased towards access for contractors/guests
• The customer agrees to a demo
• When an evaluation is needed, we sign off targeted success criteria in advance
we lose if …• The prospect has too few users/devices or has too
simple a business model to benefit from access security policy management
• We try to compete with smaller niche vendors by offering only a subset of ClearPass
• There is a strong ‘Cisco only’ attitude, across both wired and wireless
Confidential – Internal and partner use only 9
hoW To bEAT ThE CoMPETiTioN
CAPABility CAPABility exPlAined SuPPOrtinG FACtS And PrOOF POintS
Solution for multi-vendor networks
• Across multi-vendor networks, ability to develop, automate, enforce and audit an access security policy
• Applicable to wired and wireless networks
• In many deployments ClearPass manages access to Cisco, Avaya and HP networks
• We have customers with both wired and wireless deployments (e.g. SAP)• Other vendors’ offerings don’t provide centralized visibility and control
from a single, integrated system across heterogeneous networks: for example, Cisco ISE is difficult to administer in non-Cisco (e.g. WLAN) environments
Interoperability • Standards based• Integration with enterprise
applications• Connectivity to other
management systems (e.g. MDM)
• Provision of APIs• Flexibility of vendor
• ClearPass employs standards-based protocols and interfaces (e.g. using standard web APIs to receive context data from new sources)
• The solution is integrated with hundreds of commonly used enterprise tools (e.g. Palo Alto Networks firewalls, McAfee anti-malware)
• Aruba works with 5+ MDM partners (including AirWatch, MobileIron and Citrix)
• We can deploy ClearPass into any vendor environment, and support most smart mobile devices
Vendor’s Wi-Fi knowledge
• Experience in Wi-Fi• Business focus• Market leadership• Technical competence• Skilled staff
• Aruba has been delivering Wi-Fi networks for 13 years• We are a Gartner magic quadrant leader in Wired and Wireless LAN
Access Infrastructure• We have many SEs trained in wireless technology, and run the Airheads
community of engineers professionally engaged with wireless LANs etc.
Proven, stable solution
• References• In service solutions• Number of licences• User community• Partner community
• ClearPass is in service globally across many verticals, whereas Cisco’s references are nearly all for ACS (not its replacement, ISE)
• ForeScout is locally strong (e.g. in ME) for small to mid-size deployments, but weak elsewhere
• Juniper’s deployment numbers have plummeted since 2012
Scalability • Ability to add new users easily
• Policy enforcement across multiple sites
• High density authentication
• ClearPass successfully manages network access security in very large scale deployments (e.g. SAP with 66,000 users worldwide, Barclays, Los Angeles Schools)
• ClearPass customers can enforce policy across multiple sites from a centralized location. ForeScout works ‘in line’ and requires many appliances
• The World Trade Center Exhibition in Dubai 2013 is a prime example of the capability of ClearPass to handle high density authentication requests
Completeness of solution
• Policy management• Policy enforcement• Guest functionality• Device profiling and
• ClearPass uniquely delivers a complete set of functionality for managing network access security in a single, integrated system
• Optional modules include guest self-registration and advertising, device onboarding, and device posture validation
• Workflow and ClearPass Exchange enable complete automation of processes such as quarantining devices
• ClearPass comes complete with tools for investigating problems (e.g. diagnostics for trouble-shooting failed authentications)
Ease of deployment
• Automated tasks• Policy simulation• Test deployment• Accredited engineers• Partners that can deploy
• ClearPass automated device profiling and onboarding simplify setting up devices and implementing policy
• With ClearPass, customers can trial changes to policy offline and test their effects, prior to rolling them out
• We have Professional Services Partners with the accredited skills to assist customers with design and deployment
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
Confidential – Internal and partner use only10
Enterprise: SAP selects ClearPass over iSE to replace Cisco ACS
• Multi-national SAP installation
• ClearPass preferred to Cisco ISE
The challengeHeadquartered in Walldorf, Germany, SAP AG is a global leader in enterprise software, with locations in more than 130 countries. Having experienced stability issues with ACS, the company investigated Cisco ISE, but found that administration was complex, the GUI was not intuitive, and there were maintenance and upgrade issues.
The responseSAP is a long-term major customer for Aruba WLAN. The account team has a close relationship with key decision makers, meeting on a regular basis, and so was able to pick up on SAP’s concerns about ISE and propose ClearPass as an alternative. An evaluation was rapidly arranged, demonstrating to SAP that ClearPass access management solution could address the issues it was experiencing with Cisco. SAP’s infrastructure and service teams were particularly impressed with the solution’s ease of use and deployment, which had been missing from Cisco ACS and ISE.
The resultClearPass is now servicing SAP’s 66,000 employees worldwide, with 8 ClearPass appliances in Germany, 4 in Singapore and 4 in Philadelphia in the US, all managed from SAP HQ. The ClearPass Guest module, which replaced an internally developed system, is also regularly providing secure SAP-branded access to 15,000 visitors and consultants.
SuCCESS SToRiES
Healthcare: A hospital moves to a new site and implements lAn security
• Hospital securing LAN and mobile devices
• ClearPass preferred for single platform and interoperability
The challengeOur WLAN customer, the University Hospital of Toulouse in France, had plans to consolidate from multiple sites to a new building of 600 beds. At the same time, it wished to add 802.1X to its unsecured Cisco LAN. With only three people in its network team, the new wired network would have to automate the configuration of the 18,000 ports.
The responseWhen the hospital approached Cisco, it discovered that Cisco’s ISE proposition would make the network complicated, with working across both fixed and wireless being particularly difficult. Further, as well as the high number of appliances required, Cisco did not offer perpetual licences, which would make the ISE solution costly. Our network integration partner, Orange, proposed a dual lab trial, to compare ISE to ClearPass.
The resultCHU Toulouse realized that the profiling available with ClearPass would enable it to onboard all peripherals on time. These included those within the control of the Building Management System, and not well known by the network team, such as IP cameras, alarms, door-locking mechanisms etc. Two ClearPass 25,000 user appliances (one for redundancy), together with 300 licences each for Onboard and OnGuard, were sufficient to ensure that the hospital could improve network security, as well as move to its new site promptly and cost-effectively.
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
Confidential – Internal and partner use only 11
Finance: upselling ClearPass capability to a major bank
• Large bank needing flexibility
• ClearPass provided better guest/device functionality and user experience
The challengeEmirates NBD (ENBD) is one of the leading banks in the United Arab Emirates (UAE). A Cisco-supplied NAC, first deployed in 2007, was too rigid for the bank’s needs. ENBD wanted more flexibility in the way it handled network access requests. It also wanted users to be able to work with their own devices, and to allow guest access. Further, the bank had recently acquired some Avaya equipment, so needed a solution that would work across a multi-vendor network.
The responseAfter investigating Cisco ISE and finding it unable to meet requirements, ENBD considered ForeScout and Aruba ClearPass. ForeScout had a better cross-vendor offering than Cisco, but required an appliance at every node. There were also limitations in ForeScout’s ‘own device/guest’ functionality. Hence the bank selected ClearPass to replace the ailing Cisco NAC function.
The resultThe Aruba account team took the opportunity to explain the wider capability of ClearPass and secured a meeting with the CMO and other key influencers. ENBD’s marketing people recognized the potential of the solution to help them engage more meaningfully with customers and visitors. Additionally, after the NAC project is completed, ENBD will migrate from Cisco ACS to ClearPass, primarily to save costs. As a result of the account team selling ‘high and wide’, what was originally a NAC-replacement deal grew into a sale of CPPM appliances and Guest and Onboard licences worth $500k, to be rolled out over two years across the entire ENBD network, with appliances to be based in UAE, Saudi Arabia, Singapore, London and Egypt.
Retail: Sainsbury’s values the completeness of the ClearPass solution
• Large retailer with 1000+ stores
• ClearPass’ single platform, superior features and improved end customer experience won the deal
The challengeSainsbury’s is the UK’s third-largest supermarket chain. The retailer has been an Aruba customer for over three years and is currently rolling out Wi-Fi to all its 1,000+ stores and warehouses. Sainsbury’s decided to add value to its wireless network by offering guest access in stores. In addition, it wished to be able to onboard and provide NAC capabilities to a number of corporate-owned devices. A further business driver the company is exploring is the possibility of offering location-based services to shoppers in-store.
The responseSainsbury’s considered NAC vendor NetScout, but our main competitor was Cisco, supplier of the Sainsbury’s wired infrastructure. We ran an evaluation offline to demonstrate the full ClearPass capability. The Sainsbury’s people were impressed by the way ClearPass combined different areas of functionality within one integrated platform, compared to Cisco ISE, which required different units and systems. They also preferred the richer feature set offered by ClearPass.
The resultClearPass is now being deployed across the whole of the Sainsbury’s estate, to occupy the same footprint as the WLAN. The ClearPass sale gave us the opportunity to talk to the Director of Digital Marketing at Sainsbury’s, to explain how the functionality of ClearPass and the data collected by the system could be used to improve customer experience in stores. It has positioned Aruba as a more strategic vendor to Sainsbury’s, opening up new opportunities for us, including a possible future sale of Meridian, Aruba’s location-aware content management solution, for in-store device location.
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
Confidential – Internal and partner use only12
ClearPass iT off-load vs. increase staff resourcesSupporting network access from employees, contractors and guests can use up significant IT and administration resources. This business case shows how labour costs can be saved through adopting ClearPass.
For this example business case we have used the scenario of an organization with a limited number of contractors and a growing number of guests, and whose employees are to be enabled to use their own devices. Also, there are wired ports that need to be secured and managed (for moves and changes). The areas of cost savings shown here are applicable to many types of organization.
ThE fiNANCiAL buSiNESS CASE
year 1 year 2 year 3forecast costs without ClearPass $k $k $kiT staff time Wired ports (securing, adds, moves) 59.8 59.8 59.8 Employee devices (onboarding, audit, help etc.) 59.8 69.8 79.8 Contractors (onboarding, audit, help etc.), plus waiting time 24.9 24.9 24.9 Guests (resolving issues etc.) 4.3 8.6 13.0Administration staff time Contractors and guests (registration, issuing login details etc.) 10.4 20.7 31.1 Total costs 159.2 183.8 208.6 forecast costs with ClearPassPurchase, deployment and maintenance ClearPass system, including redundancy and optional modules 140.8 71.3 9.2 Professional services cost (delivered by partner) 10.0 5.0 5.0 System maintenance 19.3 29.0 29.9 Internal IT deployment, training and management costs 25.0 25.0 25.0iT staff time Wired ports (securing, adds, moves) 10.0 10.0 10.0 Employee devices (onboarding, audit, help etc.) 8.1 9.5 10.9 Contractors (onboarding, audit, help etc.), plus waiting time 2.1 2.1 2.1 Guests (resolving issues etc.) 1.4 2.9 4.3Administration staff time Contractors and guests (registration, issuing login details etc.) 0.0 0.0 0.0 Total costs 216.7 154.8 96.4
Cost saving –57.5 29.0 112.2THE bOTTOM LinE• Total savings over three years $83.7k• Net Present Value (NPV) at 10% $56.0k• internal Rate of Return (iRR) 67%
AdditiOnAl CleArPASS SOlutiOn BeneFitS• ClearPass server with RAdiuS/TACACS+ and advanced policy control saves the cost of replacing or
upgrading existing appliances such as NAC• improved guest experience – generating repeat business and enhanced brand value• better guest management and employee/contractor removal reduces/eliminates unauthorized Wi-fi use• No need for multiple Wi-fi networks (e.g. separate networks for employees and guests) • Wired ports can be protected and an audit trail produced, reducing the risk of a security breach• Futureproof–growthinmobilityandcollaborationwillnotincreaseITstaffoverhead
Main assumptions year1 year 2 year 3Wired ports: 6 changes per year to 20% of the ports Wired ports 1,500 1,500 1,500Employees: average of 2 devices each, replacing 1 every year Employees* 3,000 3,500 4,000Contractors: connect 1 device for an average 2 months contract Contractors* 200 200 200Guests: connect 1 device every visit for an average of 7 days Guests* 250 500 750
StaffcostsassumetypicalWesternEuropeworkingconditionsandsalariesforITandadministrationstaff.* - Maximum number of users of mobile devices in any 24 hour period
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SOLUTION
Over 3 years, ClearPass reduces iT resource requirement by 2.7 man years.
Confidential – Internal and partner use only 13
Deal discovery guidance
A prospect meeting should identify the following:
1 The number of devices currently connected to the network
2 The maximum number of guests per day
3 The number of devices requiring health checks (OnGuard)
4 The type of devices allowed onto the network
5 Total number of devices/endpoints to be authenticated
6 The identity stores that are employed for user and device authentication
7 Existing policies for guest access, remote access, certificates etc.
8 Alternative solutions that the prospect is considering
QuALifiCATioN
Key qualification factorsThe more questions you can answer ‘YES’ to, the better.
yeS nO1 Will the prospect be looking to control network access for more than 500 devices?
2 Do they want to open up their network to new types of devices, or have a need to improve security as a result of a growing number of mobile devices?
3 Have they recently made a large investment in mobile devices (e.g. smartphones, tablets)?
4 Are they insourcing either IT or their network?
5 Are they looking to replace Cisco ACS?
6 Do they have a problem with limited IT support, in terms of number of people, locally at remote sites, or skills (especially with regard to handling requests from devices connecting to the network)?
ThE SALES PRoCESS
Gain visibility of how the network is being accessed . . . . .
Contain the costs of access security . . . . . . . . . . .
Improve the mobility experience of users . . . . .
What business problem is the prospect trying to solve? [Tick all those that apply]
Use the questions on this page to help you capture information about the prospect and qualify the sale, before committing more resources.
Confidential – Internal and partner use only14
OBJECTION We’re a Cisco house.
REAL CONCERN Your system might not be compatible. Why should I risk my reputation buying non-Cisco?
ANSWER The fact that you have heavily invested in Cisco is not a problem. Aruba has successfully deployed ClearPass into many Cisco environments, including SAP worldwide, major bank Emirates NBD in the Middle East, and Sainsbury’s retail in the UK. Our customers tell us that ClearPass is much easier to deploy and manage than the equivalent Cisco offering, and it also costs a lot less. May I organize a demo for you, so that you can see why others have chosen ClearPass over Cisco?
OBJECTION You’re a Wi-Fi only company.
REAL CONCERN I don’t want to risk putting this into my wired network.
ANSWER It’s true that Aruba has built its reputation on providing enterprise-class Wi-Fi networks. However, ClearPass was designed from the outset to work across both wired and wireless multi-vendor networks. We have successfully deployed ClearPass into many wired environments, including enterprises, hospitals, retail outlets and schools, and have been recognized by Gartner as a magic quadrant leader in the provision of Network Access Control, as well as for Wired and Wireless LAN Access Infrastructure.
OBJECTION We don’t need a complete solution.
REAL CONCERN I don’t want to spend money on functionality I don’t need.
ANSWER The great thing about ClearPass is that it is a modular solution, so you only have to buy what you actually need. Built-in is all the functionality you require to be able to deploy a consistent access security policy across both wired and wireless networks, extended to mobile devices. If you decide later that you want additional functionality, such as guest access, or more capacity, then this is easily added. Let me organize a demo for you, so that you can decide which modules you would require to support your business.
OBJECTION We’re happy with what we’ve got.
REAL CONCERN I don’t want to buy extra security I don’t need.
ANSWER The primary reason that organizations like yours are investing in improving their network access control is to allow secure access from mobile devices. Many customers tell us that their employees, contractors, partners and guests all now expect to be able to use mobile devices for work, and for interacting with the organization. ClearPass offers you a way to meet this demand from a single integrated platform, while delivering many other benefits, such as providing visibility, enabling compliance, improving employee productivity and containing costs. Can I run through an example business case with you, to show you how ClearPass could actually save you money?
dEALiNG WiTh objECTioNS
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SALES PROCESS
Confidential – Internal and partner use only 15
Examples of customer pricing and product mix for deals of different size and complexity. The table below shows figures for the first year. Upselling will generate revenues in the second year that can be 50-100% of first year revenues.
SOLUTiOn SiZing SMALL MEDiUM lArGe very lArGeEndpoints 100-500 500-2,000 5,000+ 25,000
Guest licences 100 500 2,000+ 5,000+
Onboard or OnGuard licences 100 2,000 5,000+ 25,000+
First year Gross Sales value 22.0 66.5 137.5 249.5
SALES TACTiCS
Use these tactics to start a conversation, differentiating ClearPass from the competition.If you already have a lead, or a customer has come to you with a specific problem, use these tactics to upsell the complete ClearPass solution. If your prospect’s primary concern is not in the table, use the information in this Sales Guide to create your own questions and ideal outcome.
iF the PrOSPeCt iS COnCerned ABOut…
THEn ASK yOUR COntACtS ABOut…
HELP THEM TO… EMPHASiZE…
NAC or AAA/RADIUS upgrades
• Any issues or limitations?• Future upgrades• How users authenticate• The number of devices connecting
Understand the importance of linking policy management to security solutions
Scalability and workflows
Securing employees and guests connecting to the network with their own devices
• Critical areas of network security• Any recent breaches or attacks?• Types of devices connecting• Number and type of guests per day
Describe the ideal access management solution, providing robust security across all devices and users
Completeness of security solution covering all scenarios
How to manage guests and onboard employee devices with limited IT resources
• Number and type of guests• The registration process• How devices are onboarded• The time IT spends today
See how onboarding and policy management can be automated with self-service and visibility
Employees are not guests, and have different needs
How to implement a single Mobile Device/Application Management framework
• Which departments want this?• Who has concerns?• Is there demand from users?• Has MDM been deployed?• Any privacy or compliance issues?
Appreciate how they can manage a mix of devices without compromising security, privacy or compliance
MDM needs network security
TyPiCAL dEALS
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SALES PROCESS
Confidential – Internal and partner use only16
A TyPiCAL SALES CyCLE
The diagram below shows the steps and key sales activities for identifying an opportunity and taking it through to a won deal.
CLEARPASS ACCESS MANAGEMENT SOLUTION SALES GUIDE > THE SALES PROCESS
PRoSPECTINg (2-8 WEEkS)
SoLUTIoN DEVELoPMENT (6-16 WEEkS)
CLoSE (2-6 WEEkS)
QualificationSector•Size•Need
DiscoveryAssessment survey
Security policy
ProposalDesign•Sizing•Licences
Redundancy
Implementationui Customization
Professional ServicesAruba advice
Case StudyWin flash Report
UpsellGuest
onboardonGuard
Sales Presentationbusiness level
how Aruba addresses the painuser experience
deployment strategyProfessional Services
RFPLead
generation
Lead generation
SaleTerms
Partner with Aruba support Aruba with Partner supportPartner Aruba
KEy fACTORS fOR A SUCCESSfUL SALES CyCLE• Evaluation (or exceptionally, PoC) must be preceded by signed success criteria• All sales cycles must involve a ClearPass Professional Services Partner• AllsalescyclesmustincludeaProfessionalServicesofferfordesignanddeployment
*By exception. Only offer a POC after approval from Aruba
DemonstrationSales demo
Technical demo
Evaluation or Proof of Concept*Success criteria
Reference Call
Confidential – Internal and partner use only 17
CoNTACTS ANd RESouRCES
Key Aruba contacts
reSPOnSiBility nAME EMAiL telePhOneEMEA Sales and Marketing
Vice President EMEA Wolfram Fischer [email protected] +49 151 40712477
Demos and evaluationsTo arrange a demo or evaluation for your customer, contact your CAM (see list above), who will organize SE support. In very exceptional cases a Proof Of Concept may be authorized. Again, contact your CAM in the first instance to request further information.
Partners with ClearPass Certification can obtain a free NFR licence of ClearPass from Channel Marketing EMEA at [email protected].
Other enquiriesSend an email with your detailed question(s) to [email protected].
Online resourcesAruba Networks PartnerEdge Program http://www.arubanetworks.com/pdf/partners/channel/Aruba_PartnerEdge_
EMEA_Brochure.pdf
How to Become an Aruba Networks Channel Partner in EMEA
http://partners.arubanetworks.com
ClearPass Certification and Specialization (Login required)