BYOD (bring your own device) might be the top buzzword of 2012. To average employees, the acronym means the freedom to use noncompany devices on company networks to perform their duties. For network and security professionals, the acronym often provokes a much different reaction. Instead of the feeling of freedom, BYOD raises all kinds of red flags as IT professionals try to keep internal resources safe from the foreign devices being allowed to roam freely on the network. And for many, the answer to BYOD is yet another acronym: NAC (network access control).
NAC is not a new security concept, but it's also not widely implemented. It essentially revolves around performing four tasks.
Identification: You need to understand what types of devices are trying to connect to your network. Before BYOD, the only allowed devices were company-owned PCs and such. Now you can get anything from an Android phone to an iPad or even a personal laptop. The ability to identify the hardware and software of the device attempting to connect helps to control the information moving to and from that device.
Authentication: You must be able to identify the user attempting to gain access. Authentication is nothing new in most corporate environments. However, the difference with BYOD is that now you have to authenticate all kinds of devices running different hardware and operating systems. A far more robust solution is needed to handle them.
Authorization: Once a user is authenticated, it's becoming increasingly important to be able to permit/deny access to company resources based on both the user and the device that user is using. If Jane Doe, an accountant, logs in with her company-provided laptop, she has access to several financial applications and shared storage to do her job. If Jane logs in with her iPad, the only access she gets is to corporate email.
Posture checking: Since IT administrators have no control over user-owned devices, it's important to check the posture of the hardware/software being used to access the network. This means being able to scan a foreign device to check for things such as the latest updates for the OS and AV software. Devices that fail this posture check are quarantined and allowed to access only locations to update the software that failed the inspection. Once a device passes the posture check, it is allowed on to the network.
Even though NAC has been around for years, many companies have yet to implement it, in part because of the cost and complexity and in part because there really was no need for such measures when only company devices were permitted. BYOD has changed all that, and NAC is becoming a necessity. Fortunately, vendors have made tremendous strides in the past few years in making NAC easier to implement and manage. Getting everything to work properly used to be a pain, but these days NAC plays very nicely with 802.1x, active directory, and AV software.
If your IT organization hasn't looked at NAC yet, or it looked a few years ago and decided it was too difficult to implement, give it another shot in 2012. You'll be surprised how much NAC has changed -- and just how much you actually need it.
"the acronym means the freedom to use noncompany devices on company networks to perform their duties"
The above statement suggests that employees would be allowed to do their personal duties on company time and that is enough to deter companies from allowing their employees to connect their own devices to the company network.
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: firstname.lastname@example.org
Dell's Efficiency Modeling Tool The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.