BYOD is no longer a trend but a reality. The challenge now is to protect the network from information overload while keeping corporate data secure. Employees want to be more productive and require the same access to network resources on their personal mobile devices that they're privy to from corporate-issued devices.
Here are 5 things IT needs to consider to confidently enable BYOD:
When BYOD is knocking on the door of your network, remember it is not an all-or-nothing proposition. Enabling even a few of these considerations will allow you to benefit from BYOD while still maintaining a secure, simple network connection and creating a productive environment for your employees.
- Policy first: Define your business policy. This has ramifications beyond IT. Consider the security, legal, HR, regulatory compliance and financial areas affected by outside devices. Define how privacy is impacted and what services employees should be able to access based on their device and location. Consider creating an “Acceptable Use Agreement” for employees. This provides the guidance for a proper IT policy that is created once, applied per user across wired, wireless, and remote access, and enforced universally across the network.
- Fingerprinting the device: Granular user-based policy enforcement goes beyond user identity. Device fingerprinting allows for a unique user policy to be enforced with different levels of access per device. For example, different policies are enforced for iPhones, iPads and Androids connecting on the wireless network for a critical level of context-aware granularity. This improves security by allowing controlled access only to those employee-owned devices deemed necessary for the employee's productivity.
- BYOApps: It's not just the employee-owned mobile device that represents a new path of attack into the corporate network — it's the apps running on them. You need advanced security that prevents malware and blocks attacks. This requires visibility into the apps being accessed as well as the ability to control the usage of those apps based on the user's policy.
- To client or not to client: Requiring a full endpoint client brings a new level of control. The benefits of a client can include mobile device management (MDM) and the ability to remotely wipe and lock the device if the user leaves the company or loses the gadget. The client provides critical visibility for IT and enables an ease of provisioning and automation in the onboarding process while maintaining secure access to network resources and corporate data. It also provides more flexibility in defining user policies.
- Keep it simple: Enabling BYOD successfully means keeping things as simple as possible for both users and IT. An automated provisioning and enrollment process alleviates the burden of IT from manually having to deal with the process for each user and device. Ideally users connect directly to a captive portal, enter their existing credentials and in the background the system processes the request, pushes the policy across the network, populates the settings on their device and they are off and running. This can and should be done for both client and client-less deployments to provide an end-to-end solution maintaining the user identity policy and enforcing it across all key elements in the network, including security devices, switches, wireless LAN access points, controllers and user devices.
Before you take the leap to allow employee-owned devices on the enterprise network, talk to your IT staff about how to support BYOD. Take a holistic approach to mobile device access and build your plan to execute the policy that works best for your business.
Tamir Hardof is director, product marketing - enterprise systems marketing for Juniper Networks.