This page contains a Flash digital edition of a book.
WIRELESS NETWORKS


How to manage and control employee-owned mobile devices Bring Your Own Device to Work By Chris Kozup, Senior Director of EMEA Marketing, Aruba Networks


In recent months, Chief Information Officers (CIOs) have found themselves in a difficult position. Employees are excited by the productivity potential they see from a fresh wave of consumer technologies. Social networking, high speed Wi-Fi access and highly capable new smartphones and tablets allow them to communicate and collaborate in ways that could not be imagined just a few years ago. The technology is here, it is


The latest wave of


consumer smartphones and tablets present a number of opportunities for use in the workplace. Chris Kozup discusses the management and control of employee- owned mobile devices.


available but it is not yet adapted for corporate use. CIOs are asking what security policies must be put in place to safeguard network services and company data if these devices are accepted to the workplace. It is a challenge, but if it can be overcome, organisations will be able to realise significant productivity gains. As employees bring their devices to


work, they are discovering that a Wi-Fi connection offers increased speed and reliability, especially in areas with poor cellular coverage. It is also a must, if access to corporate resources and data are required. However, IT groups are understandably unsure of the implications of endorsing the use of these new, unmanaged and potentially insecure mobile devices. The primary questions to be


answered are how to distinguish between Mr. Smith on his IT-supplied PC, rather than Mr. Smith on his iPad, and how to adapt network policies for devices that are not controlled


or configured by IT, but owned by the employee. Beyond these, it is important to automate the process to avoid overwhelming the helpdesk, and to provide tools for managing and monitoring these devices on the corporate network.


Challenges for IT Employee-owned devices gaining access to the corporate network present a number of challenges for IT. The first challenge is related to user behaviour and expectations. Many users are not technically adept and, despite the consumer-friendly features of these mobile devices, require assistance either with connecting to the network, or with performance and other application issues once connected. The difficulty of dealing with employee-owned devices of uncertain provenance and configuration poses a significant challenge for helpdesks. On the other hand, some employees


have already discovered they can use their credentials to connect to the WLAN. In most networks today, those who manage to connect will be undetectable by the IT group; it is not possible to see that they are authenticating from an iPad rather than their IT-supplied PC. Hence they are unmanaged. And as we shall see, unmanaged mobile devices can expose corporate data and services to intrusion. Secondly, securing an employee-


owned mobile device differs from security measures for the standard IT-supplied PC. Unless specially configured, mobile devices are live. No password is required for access to the device, and when the corporate WLAN is detected, credentials are already stored on the device for automatic authentication. This creates difficulties because,


Employee owned devices on the corporate network present several challenges. 24 NETCOMMS europe Volume II Issue 3 2012


even if IT could track such devices’ connections, there is no guarantee that Mr. Smith’s iPad on the corporate network is in Mr. Smith’s hands; it could have been lost or stolen hours earlier. Allowing smartphones and tablets to be configured for inside-the-firewall access increases the risk that corporate servers will be penetrated. A misplaced device can be brought to the workplace by an intruder and used to access sensitive corporate data via the WLAN.


Thirdly, without any visibility


to the device in question, network management costs can become unbearable. If IT policy allows employee-owned devices onto the corporate WLAN, the IT administrator must be given a way to identify and monitor these devices, and visibility to enable effective troubleshooting when employees report connectivity issues. Finally, there is a potential issue


of employees using resources on the LAN and WLAN that affect bona fide corporate traffic. Examples include using video calling and streaming TV services, where consumer devices used for non-corporate purposes can generate a large amount of traffic on the enterprise network, potentially swamping other services. Additionally, every new mobile device on the network will need its own IP address and will likely take up bandwidth resources, further impacting the available resources. To address these problems, IT


organisations should consider three steps: Device fingerprinting, device registration, and device visibility.


Device Fingerprinting The first and most important task in managing employee-owned devices is to distinguish them from IT-supplied PCs. IT should consider techniques that authenticate the device using standard methods, but immediately afterwards recognise the client as a personal mobile device and subject it to a different set of policies. One such technique is device fingerprinting, which recognises the unique signatures of mobile devices as they authenticate and subsequently perform DHCP and HTTP operations. This allows the devices to be identified and classified. Thus the network can distinguish Mr. Smith’s personal iPad from Mr. Smith’s IT-supplied PC. With this identification, it is possible


for the IT administrator to see all the employee-owned devices on his network, along with their type and owner.


Device Registration While it is possible to allow self configuration of employee-owned devices by publishing guidelines and instructions for connection and authentication to the WLAN, most IT groups will prefer a more controlled


www.netcommseurope.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56