Top five tips for BYOD

How best to ensure security, ease of deployment and control costs of supporting a BYOD policy

Tags: Aruba NetworksBring Your Own Device (BYOD)
  • E-Mail
Top five tips for BYOD IT administrators need to have clear policies and plans to manage BYOD.
By  Cameron Esdaile Published  July 10, 2012

Cameron Esdaile, moderator of Airheads Social, Aruba Networks’ online interactive community, gives his top five suggestions for IT engineers when it comes to ensuring network security, achieving ease deployment and perhaps most important of all lowering operation and support costs.

Define a policy

First, IT organizations should define a BYOD policy. What does a BYOD policy look like? It all starts with noting down the types of users your organization has to provide network access to: contractors, guests, temporary workers, employees, C-level execs, IT staff, etc. These folks have to access certain applications to get their job done on a day-to-day basis.

The next piece of the puzzle is who can access what and when and from where. Finally, you define access policies per device type. Certain groups of users will be allowed to use certain types of mobile devices and operating systems to get access to certain type of applications while some won’t.

Use a device aware network

If the network does not know the device you are using when accessing these applications, it would be impossible to successfully implement a BYOD policy. Relying on an authentication system or intelligent fingerprinting techniques within the infrastructure or both are the available methods today.

Enforce access control rules

Enforcing access control rules is vital, preferably with a stateful firewall infrastructure and an easy to manage content filtering system in place. Security enforcement needs to be simple to integrate with the existing network to say the least. For instance, if the only way to enforce policies on mobile devices is through the use of different VLANs for each device type, that surely is not a scalable solution… given the types of mobile devices out there.

Reduce costs

Who does not want that right? At the end of the day, all mobile devices need to connect to the network using a secure authentication method, preferably using certificate based authentication with 802.1x EAP-TLS. The problem is, this means 15-20 minutes of manual labor per device - unless there is a way to automate provisioning of authentication credentials on mobile devices. An Auto-provisioning system should be in place as part of any BYOD initiative.

Physical security

What to do when your mobile device – with all the corporate email and data stored on it – is stolen or lost? This is one of the main reasons why Mobile Device Management (MDM) becomes important – it is not only about the access control but sometimes about the device and what’s stored inside. Revoking access to the device obviously is the immediate solution here but needs to be performed with care. Removal of privileges should not be performed for the user ID but rather on a per device basis. You would not want to disable network access for an employee’s laptop, just because he forgot his mobile phone on a restaurant table last night.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code