Companies are looking for more granular security and control over segmentation across their network infrastructure. The most challenging part when it comes to network administration and compliance management is monitoring, scaling, and proper security policy of a user/device regardless of where and how the device connects. A security breach can occur with any organization that has to manage many different security policies that are not using the same policy constructs and allow for the same controls.
Traditional segmentation is based on subnets, VLANs and ACL rules. The rule sets are limited to the network which it resides in and is not meant to be globally scalable. Moreover, maintaining ACL based rules can become an operation challenge in sizable deployments with thousands of rules to maintain. Modification of any rule set requires removal/addition/resequencing which brings administrative overhead and complexity. This is a big operational challenge and oftentimes, administrators prefer to add more rules instead of optimizing existing ones.
Cisco’s solution to this challenging problem is Cisco TrustSec (CTS). CTS simplifies policy management by segregating endpoint traffic into groups. Each group is assigned to a Security Group Tag (SGT) and all user traffic associated with the group inherits the tag and its associated enforcement policy (decentralized policy enforcement). The policy should be applied locally and across infrastructures for better security and administration. When a user connects to the network, the assigned tag to the user becomes the identity, and the networking devices use this tag to enforce policies and to make forwarding decisions regardless of where and how the end device connects to the network. In addition, policies can be managed centrally using Cisco ISE and are provisioned dynamically on demand.
For more details, refer to the official KB - https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adapt...