This post is for IT folks who would like to understand the minimum steps required to secure their network in an age where so many devices are attempting to connect to your network. An earlier post looked at developing policies for a formal BYOD program – this post is more about securing your environment (with or without a formal BYOD program). It covers employee’s personally owned devices that they bring to work with them, as well as visitors who are looking for a connection to the internet through your network.
It is possible to manage risk in your current BYOD situation today. Here are some tips and technology tools that take care of your existing BYOD needs now, even if your important BYOD policy plans aren’t quite polished yet.
1. Ask some basic questions
To get started on the road to managing the risk of your company’s mobile devices, seek answers to these questions:
- What types of devices are permitted to connect to your wired network?
- What types of devices are permitted to connect to your wireless network?
- Who is permitted to connect to these networks?
- What kinds of configurations are mandatory on the devices touching your networks?
Filling in the blanks to these questions quickly gives you a picture of what security scenarios you’ll need to deal with within your organization. Once you you have these, you can start managing them with some helpful technology solutions – right now.
2. Look at technologies you’re already using
Don’t forget to look at technologies you’re already using. We’ve provided an overview of 7 technologies that help create a secure BYOD environment. For example, Microsoft Exchange for ActiveSync has many BYOD-friendly features like PIN reset, device password policies, and auto-discover for over-the-air provisioning. Admins can use ActiveSync to set password policies, lock devices, initiate a remote wipe and control which mobile OS’s can synchronize with your organization through device access rules.
Also, do you have a Virtual Dekstop Infrastructure (VDI)? With VDI the virtual desktop stays securely inside the data center, meaning the network identifies the mobile device trying to connect as a remote monitor and keyboard with very little need for storing data. Leveraging your VDI infrastructure is one of the most secure ways to enable BYOD with limited network investments.A third example is network access controls
(NAC) which you may already have for guest wireless networks. A good example of a NAC is Cisco ISE, a policy-control platform that is device and location-aware. It allows you to implement security policies that dictate what a user can (and can’t) access remotely. For example: users can’t access tier-1 apps from their local Starbucks… but coming from a trusted environment like their home office, they can.
3. Invest in new solutions to fill exposed gaps
Once you leverage what you have, fill any gaps with investments in new solutions. Below, I have mapped useful Cisco solutions some technologies that enable BYOD:
- Application Virtualization or Presentation: Cisco’s Application Control Engine (ACE) is a cost effective way for enterprises to simplify their application infrastructure and delivery through virtualization.
- VDI or Desktop Virtualization: Cisco’s Unified Computing System (UCS) is a good example of a unified computing solution. See how it compares in our Overview of The Top 3 Converged Infrastructure Offerings.
- Cloud brokerage solutions: Meraki is a 100% Cloud managed Cloud networking solution. View our Meraki slick to learn more.
- Wifi bandwidth: Cisco Access Points provide WiFi connectivity for the corporate network and handle authentication requests to the network via 802.1X. They can either tunnel all the traffic to the campus or switch traffic locally. Cisco Wireless Controller (WLC) automates wireless configuration and management to provide visibility and control of the WLAN. The WLC extends the same access policy and security from the wired network core to the wireless edge. The WLC interacts with the Cisco Identity Services Engine (ISE) to enforce authentication and authorization policies across device endpoints. Cisco Catalyst Switches like the Catalyst 3000, Catalyst 4000, and Catalyst 6000 families, provide wired access to the network and handle authentication requests to the network via 802.1X. When deployed as access switches, they provide power-over-Ethernet (PoE) for devices such as VDI workstations, IP phones, and access points.
- Data Loss Prevention: Cisco Adaptive Security Appliance (ASA) provides traditional edge security functions, including firewall and Intrusion Prevention System (IPS), as well as providing the secure VPN (AnyConnect) termination point for mobile devices connecting over the Internet, including home offices, public WiFi hotspots, and 3G/4G mobile networks. The ASA delivers solutions to suit connectivity and mobility requirements for corporate-owned devices as well as employee-owned laptops, tablets, or mobile devices.
- Network Access Control and Authentication for Guests: Cisco’s Identity Services Engine (ISE), centralizes and simplifies BYOD compliance, control and security across your wired and wireless networks. Learn more about network security by watching Cisco’s Networking 101: What is Mobile Device Management video. Also, Cisco Integrated Services Routers and Aggregation Services Routers provide direct connectivity to the Internet, Cloud services, virtual applications and WAN optimization services.
Below, explore a list of the Cisco technologies (most mentioned above) than enable BYOD:
- Cisco Access Points
- Cisco Wireless Controller
- Cisco Identity Services Engine
- Cisco Adaptive Security Appliance
- Cisco AnyConnect Client
- Cisco Integrated Services Routers
- Cisco Aggregation Services Routers
- Cisco Catalyst Switches
- Cisco Prime Infrastructure
Learn more about Cisco’s BYOD technologies by emailing Softchoice Product Marketing Manager who will point you to the right Cisco expert to answer any questions you may have.
What external devices access your network the most often? What is your biggest worry with BYOD? Leave a comment below and one of our experts will respond!