22nd May 2012

You are here: Home / Blog / Is Cisco Licensing an attack on Corporate Privacy and Security ?

Is Cisco Licensing an Attack on Corporate Privacy and Security ?

9th May 2010 By 7 Comments

I was reviewing a design for Cisco License Manager today. I have written previously on how it will impact our current processes.

The not so obvious aspect of the License Management is that Cisco will receive reports from your license server that will not only show the licenses that you own but also all the hardware that you have. From this Cisco will be able to build a very effective picture of what your business looks like. In effect, you have no privacy.

The Sales View

Now, Imagine that you are Cisco Sales person who wants to understand which account should get the most attention. They will be able to look into your reported assets and understand exactly what you own and then determine what they should be selling you.

For example, lets say that you have a lot of C3550 that are end of life, then the sales person might want to be focussing on pitching the C4500 as an upgrade. Or perhaps the C6500 in your data centre are still running SupervisorII, then a good pitch on Nexus 7K might be a winner.

The Breach View

If you want to take a more “evil” view, Cisco will now have a complete list of everything you have ever owned and will be able to determine if you are in breach of your licensing and maintenance. The Cisco License Manager Service communicates with the Cisco Product License Registration Portal for all license fulfilment issues.

Current Cisco maintenance is based on the chassis and the software upgrades are automatically included. But what it Cisco moves to charge maintenance on every modules, blade, power supply and memory module.

The EtherealMind View

No one seems to questioning Cisco’s attack on privacy here. While Facebook is rightly being criticised for it’s access and sharing of information, what do we know about Cisco ? What are they doing with this licensing data and who are they sharing it with ?

Are Cisco Partners able to access the data, and, if so, what controls are placed on this ?

Therefore, I recommend that you consider very carefully whether you should share your licensing data with Cisco. You may need to consult your Legal Department to ensure that Cisco has given guarantees to keep this information confidential and to use and maintain the data in a proper manner.

So far, I don’t have any good answers to these questions. If anyone from Cisco could get in contact to discuss these matters or point me to people who can comment, I would be pleased to update the readers.

This post is copyright of Thropos Ltd ©2008-2011 at Etherealmind.com - contact | email: greg.ferro@packetpushers.net - twitter: @etherealmind | All rights reserved
Filed Under: Blog, Cisco Tagged With:
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • Wow

    You really have taken this from point A to pointJ with very little in between.

    How about the fact that Cisco, just like all other vendors, already knows everything you have purchased from them. They always have, just like MSFT, just like HP, these are both sales and support tools.

    How do you think TAC has a local depot for your dead hardware? because they know what you have and were it is located based on your support agreement. Once again just like all vendors.

    Seems like a really strange thing to get hyped up over and doesn’t really change a single thing.

    • http://etherealmind.com Greg Ferro

      Not really. Cisco will have unprecedented amounts of information about your hardware and software. In the same way that Facebook is invading your privacy, Cisco _could_ do the same.

      In fact, from a security perspective, this data leakage is significant breach in more corporate security policies.

      And Cisco does not have details on your equipment today. Mostly equipment is sold and maintained by third parties such as HP, IBM and Service Providers. Now Cisco will have a lot more information about your company and it’s infrastructure than ever before.

      greg

  • PG

    Like Wow said, it’s no different to any other manufacturer that requires licenses for it’s products.

    Surely licensing has more to do with the new Universal Image IOS, which doesn’t require a different file download depending on what feature set you purchased? Now you can use a single IOS image for all feature sets.

    • http://etherealmind.com Greg Ferro

      Cisco License Manager appears to upload a lot of data to Cisco about your equipment. What is Cisco going to do with this data ?

      Has Cisco ever said that “we are not evil ?”

  • http://packetattack.wordpress.com Ethan

    Cisco has been bad about license enforcement for years. If you had a CCO account, you could download about any software image in the library, on the honor system. So why begin changing that model now? The answer seems obvious – revenue growth. By strictly enforcing licensing, Cisco is taking steps towards making certain that your Cisco gear is covered under a SmartNet contract. That part of it’s not evil – it’s just smart business.

    But will Cisco “misuse” that information by disseminating it to their mighty sales force? I think we can count on it, if you agree with the assumption that what’s driving this whole thing to begin with is revenue growth. Cisco can feed their massive channel partner network sales leads based on what they think they know about the state of your network, based on inventory. I’ll go so far as to say that from a business perspective, they’d be foolish not to mine that information. OTOH, one could argue that if your VAR isn’t up to date on the state of your network, either you’ve purposely kept them very distant, or they aren’t doing their job well.

    Any way you look at it, it’s getting even more expensive to run a Cisco network.

  • Pingback: Do new Cisco IOS registration rules pose privacy concerns? - The Network Hub

  • http://verizon.net Ronald

    Hyperbole. Does the author of this article have experience at all in operations. Yep, vendors know what you have!! Is that really a privacy issue. Give me a break. All they know is you own it. Doesn’t mean they know how, where, why it is used. For an ops person like me I leverage their knowledge of my inventory to help keep our maintenance contracts straight, send me updated renewal information, etc. Ever bought anything at a supermarket lately without a club card? Guess what they are doing with the data… helloooo welcome to the 21st century. Privacy? really?? I find most of your articles good but quit with the Cisco hating. Call them out when it is something unique to them. I know here is an article for you next week. Hey guys!! Cisco is bad because they want to be profitable!!