BYOD, which stands for bring-your-own-device, is an important concept. With its supporting technologies it is accelerating telecommuting and collaboration in the workplace at a rapid pace. When selecting a BYOD strategy it is important to focus on some key areas. Understand your users’ needs. Establish clear policies. Define the discovery and enrollment process. Customize the user experience. And paramount to all of this is proper security.
Having a comprehensive BYOD strategy is the first step to making sure the launch of a BYOD program is successful. Know what users you want to allow. Understand what devices they will be bringing to the workplace. Clearly fine the policies for BYOD and educate the users of proper use and the risks involved. Again, your security strategy pertinent to BYOD, will be key. Although BYOD is usually assumed to be via 802.11-wireless realize that BYOD access (just like guest access) can extend to 802.3-wired access. So how is your IT organization addressing the discovery of these devices? Through the use of Network Access Control (NAC) the IT department can discovery, profile, provision and protect both users and the network to which they are connecting. HP/Aruba’s Clear Pass and Cisco’s Identity Service Engine (ISE).
When considering what to offer consider that some organizations do not wish to provide access to every device types and operating systems of every stripe. Some organizations will allow BYOD access for corporate-owned assets such as smartphones. In this case, it is important to use software like mobile device management (MDM) this will allow for a remote wipe of part or all of a devices data. Some MDM’s create a partition that separates data of a personal nature such as family photos from corporate data such as the company contacts.
Your security depart has concerns and rightly so. Set their minds at ease by presenting a clear, comprehensive, and layered security approach. First make sure that policies are created, disseminated, and users are educated. Make sure the users acknowledge this by signing a EULA. Employ Identity Management with a RADIUS server or if you decide to use ClearPass or ISE; they will cover your identity management as well as NAC. If you wonder about the safety of over-the-air-configuration, always consider what information is going over the air and if it is secure. If you choose to use open (or null) authentication for BYOD or guest access then your policy should require the use of VPN to reach any corporate assets. Also, use proper segmentation depending on type of user and associated access.
Providing self-service portals for user provisioning is another feature beneficial to providing BYOD properly. It will empower the user to onboard themselves: in the method you and your organization chose. You can make this experience completely user driven or tie it to a sponsor from your company.
BYOD is a great technology to use for the right organization. However, remember that proper security is at least as important as the mobility you are providing for your users. Develop a clear Strategy. Define sound policies and procedures. Educate your users and have them sign off. If you follow this plan you will be on your way to implementing a successful, secure BYOD implementation.
We are interested in hearing from you. What policies does your company have on BYOD? What security strategies are in place to keep your company safe?
Author Bio: John Busso is a Senior Network Engineer/Mobility Specialist at CCSI. He has almost 20 years experience providing secure voice and data solutions. John has been a Subject Matter Expert for Enterprise Mobile Solutions such as Guest WiFi and BYOD, providing vision for diverse clients.
John has been an Adjunct Professor and trainer. He holds numerous Industry certifications, including CISSP CWNP, CCNP, ACMP and ITIL. His experience includes working with retail, TNL-Couriers, DC’s and Airports, Healthcare, Education, DOD, Local Government, Financial, Non-Profit-Public WiFi, Entertainment and Hospitality industries. His expertise is in mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, licensed/unlicensed PTP and PTMP networks. Connect with John on Twitter via @JohnBusso.
1 Comment