As the consumerisation of IT continues to evolve, so do CIO's attitudes towards Bring Your Own Device (BYOD). While some are still banning all non-corporate devices, many are endorsing mobile devices. However, BYOD for iPads, tablets, and Macs remain a sticking point for the majority of CIOs who are worried about losing control of IT security.
Despite these perceptions, the inexorable march of IT consumerisation means we have now reached a point where BYOD has become a matter of necessity for CIOs. They need to face up to the challenge of overcoming the risks associated with it, and make it a flawless, secure experience for staff, guest users and the organisation.
Any CIO considering BYOD will be aware of the need for network access controls to protect who, when, where, and how users and devices are accessing the network. Unfortunately, in the rush to be secure, all too often some of the most subtle nuances of balancing security against flexibility are overlooked with potentially unwanted consequences. To help avoid this, there are a handful of network access issues you should consider before even creating your BYOD policy, let alone deploying your shiny new BYOD solution.
Start with the basics first:
Don't forget the guests. We typically think of BYOD as employees bringing their personal devices to the workplace. But whenever a customer, contractor or partner pays a visit to another company, they will bring their corporate and their personal devices. These are part of BYOD - unmanaged devices that need to be granted controlled access to information resources on the network. Guests can account for a significant number of extra network users; hence you need to be able to provision guest accounts in an efficient manner without constant intervention by your IT personnel. As well as the obvious security risks, you also need to consider the main associated costs, including provisioning, managing and auditing guest accounts. A polite and convenient way of doing this can be via an e-mail or a text message that provides the access information to the guest. This provides them with the access they need, and you with the guest management information you require. This type of auto-registration, coupled with device fingerprinting capabilities can simplify the administration of BYOD considerably.
Are you agnostic? A company's network infrastructure is rarely from just one vendor. Therefore it is critical that any network access solution is truly vendor agnostic and based on open standards so companies are not locked in to proprietary protocols and capabilities. Over time, you will make updates and upgrades to your network, hence it is critical not to create locking dependency between your network access control and network infrastructures. Fabric technology provides a unique and yet flexible way of providing guest access without exposing any of your converged infrastructure. Similarly, it is critical for any security solution to truly unify access control across your wired and wireless network infrastructure. This is important for both the user experience and for the IT department's ability to apply the same access policies across the board. After all, a user may be connected wirelessly and suddenly link in via a wired connection and all the while they expect a consistent user experience.
Sign up for Computerworld eNewsletters.