Most employees have a smartphone or a tablet that they use for work. In many cases, these devices are owned by the employees which, de facto, means that any bring your own device (BYOD) environment must cater to a very wide variety of devices.
BYOD brings new challenges to the IT department. No longer able to apply 100% control to the endpoints of the network, security and access control are taking on new levels of urgency. Keeping corporate data safe requires a refocusing effort and some changes to the traditional IT approaches.
This isn’t a one-way street, incidentally. IT and the enterprise have a burden of responsibility, both morally and under the law, to avoid improper intrusion into the device owner’s private space. Besides, it won’t help your career longevity if your CEO’s emails to his girlfriend surface.
Managing BYOD on your network requires a policy-setting exercise up front that does the following:
- establishes boundaries of access
- sets rules of connection
- puts limits (the fewer, the better) on devices
- identifies apps, applets and services that are banned from any devices that are allowed on the network
Part of this exercise is establishing access methods. These include passwords and protection of them, which, today, usually means no-copy persistent on the device, encryption and anti-malware tools. Downstream, we will see secure-mode browsing and app store validation as methods to keep malware out.
Now, the hard part of the program takes place. BYOD is essentially a wireless system, and most enterprise networks are designed around desktops with Ethernet connections. With wireless routers being quite inexpensive, there is no reason to be tightfisted. Wireless users want rapid response and fast downloads. Good Wi-Fi planning, and testing of reception, is essential in metal-framed buildings. Existing usage patterns provide some guidance to hotspots, but remember that these are predicated on tethered desktops.
The average CIO is surprised when the number of devices connecting to the enterprise network is 200 to 300 percent of the initial planning numbers. Tablet owners have phones, for instance, and employees who previously might have only had desktop computers are now connecting via laptops. The key to keep in mind, though, is that the device list is fluid, not static. This means that control has to be automated as much as possible, which runs counter to most current philosophies on network management.
This means that employees need to be able to do most of the work themselves to get online. The tools used have to be capable of validating the devices app set and hardware, flagging any malware risks, and downloading all the required software to the device, all without having employees constantly calling into the Help Desk. Tying authentication to Active Directory is one way to start the process.
Likewise, updates and periodic audits should be automated. Most employees want to work in a trusting environment, so polite warnings not to play Sudoku during work time are better for employee morale than undertaking remote wipes of any offenders.
With devices mainly interacting with virtualized servers, and with each other, it’s essential that automation extend to path management. This creates a strong use case for network virtualization and an Software-Defined Network (SDN) approach. This is still an evolving area, so it’s probably good to move in steps of complexity here. But it’s more a case of when, not if, a solution is available that will allow improved integration of different switches with virtualization hypervisors and applications.
SDN should provide control-by-policy approaches that make the whole IT setup more efficient and durable, and allow the evolution of tools to take place more easily, adding layers of control and new features to the working environment.
Because of automation, a BYOD-friendly network is likely to require less maintenance and support than the traditional network approach. The key underlying philosophy in the network of the future is to be nimble, and that is achievable even today. Remember, we face a future in which the Internet of Things connecting will be many more endpoints, from factory gear to the coffeepot. In a sense, BYOD is our training course for the connected future.
Modernizing and transforming your network
Best practices of network management
- 1Modernizing and transforming your network (Part 1)
- 2Modernizing and transforming your network (Part 2)