Since the big marketing scam of Y2K, nothing seems to have caused a bigger commotion in computer networking than Bring Your Own Device (BYOD), says MICHAEL FLETCHER of Ruckus Wireless.
BYOD is scary, and scary sells products. However, the reality is that BYOD has become a bit like Y2K. It’s a big problem that isn’t really that big. Mobile is surging, but product distributors have blown it way out of proportion as users are making enterprises reassess their wireless strategies. But truth be known, most businesses really want to do a few simple things with BYOD:
– Find an easy way to onboard all devices (organisation- and user-owned)
– Automatically provide user-based policies when a user connects
– See who is accessing the network with which devices
– Extend wired security and design (content filtering, firewalls, and VLANs) to the wireless network
– Add wireless capacity to networks with 2x, 3x, or 4x devices per user
– Keep it simple, cost-effective and leverage existing infrastructure!‚
Understandably, some organisations (such as those with strict compliance requirements) need highly customised security policies in place. Where IT staff expertise and budgets are sufficient, we wholeheartedly recommend it. Yet despite the BYOD hype claiming that everyone needs all the customisation and then some, we’re hearing a different story from the middle of the enterprise market. When it comes to BYOD, Ruckus Wireless is seeing that very few companies really want to implement every bell and whistle because:
¬∑ They don’t have time
¬∑ They don’t have the skilled staff
¬∑ They don’t have the budget
¬∑ They don’t see the need
¬∑ Or more likely, all of the above.
More important however, organisations already have the right network components to address their BYOD basics without having to purchase more network equipment:
Authentication – they already securely authenticate users against the authentication server.
Network security ‚ many organisations have already invested time and energy designing proper network segmentation and security with VLANs, ACLs, firewalls, and content filters. Why replicate the configuration and complexity on wireless devices if you’re already doing it on the wire?
Role-based access policies ‚ the company knows who people are and where they belong on the network: now it’s time to use that information to make sure everyone gets the right access and nothing else. This can apply to device types too.
Visibility ‚ there are many devices in the network that can monitor who’s on your network and what they’re doing. A smart Wi-Fi system provides this information at the edge, where you can make provisioning changes as needed.
Role-based access is often the biggest hurdle, but for those that have group policies wrapped up with a pretty bow, the new question that needs answering is whether all users and devices are the same. Users with personal devices are forcing the question. Thus, the basic problem surrounding BYOD is that users are known but devices aren’t. IT needs to know what devices are on the network at any time and who owns them. But, network access has already been restricted by network security and segmentation (and any other overlay solutions in place, such as NAC and content filters).
This raises some important questions:
– How are personal devices initially provisioned to gain network access?
– How is each device identified, associated with a user, and then tracked?
– How is a user/device restricted to a WLAN or VLAN/firewall policy?
Ruckus Wireless points to a few easy-to-use features that have been around before the BYOD bell started ringing that will help most organisations overcome the BYOD blues:
¬∑ Dynamic Pre-Shared Keys (DPSKs) are a unique Ruckus feature for organisations that aren’t ready to wade into the BYOD deep end. Each key is paired with a specific device, allowing the key/device/user combination to be managed and monitored individually. DPSK are easy to implement and secure providing the following benefits:
– Unique access credentials for each user and device
– Individual control of user credentials (creating and revoking)
– No certificates, complex configuration, or backend dependencies
– Valid users can’t decrypt each other’s traffic.
¬∑ Zero-IT Activation is another unique feature from Ruckus – it is a secure on-boarding tool that allows users to self-provision devices without IT intervention. Users connect to a provisioning network, securely login with their domain credential, and Zero-IT auto-configures their device with the appropriate network profile and its associated privileges. The device re-connects to the proper network and the user receives access, based on the role-based policies in place. IT stays out of the on-boarding loop and yet they retain full control over the user/device access. They also have visibility to see who registered the device, what type of device it is, and plenty more.
BYOD shouldn’t be a scary concept, nor should it deter organisations and employees that want to reap the benefit that such flexibility has to offer. It’s just about cutting through the myths and the hype and really understanding the benefits, impact and necessary processes that need to be implements. Quick setup. Easy access. Productive users ‚ how BYOD is meant to be.