These days everyone has either a smartphone or a tablet or even both with them at all times. The expectation for businesses both large and small has become to allow and support these devices for every user at all times. However, how you set-up and support a byod wireless network, what kinds of issues can you expect? In the past month at SecurEdge we’ve had a number of IT Managers & Directors contact via our website or over the phone with the conversation going like this.
Corp IT Manager: “the executives want to bring their iPads to work, and they want to allow other employees to bring their iPads. They want them everywhere.”
SecurEdge: “Ok, we can help. How many users have iPads? What type of access do you want to provide? Have you thought about how to authenticate the BYOD devices?” (we ask a lot of questions here).
Corp IT Manager: “I have no idea, this was just thrown on my desk today and they want it yesterday. What should we do?”
Of course the answer to the “what should we do?” question is a long one. But let’s get started with a few issues that should be considered when you want to allow BYOD on your network. These are potential issues that IT staff should be thinking about as they’re planning to allow BYOD.
1) WiFi Capacity Issues
Before the BYOD phenomenon, the math to manage capacity on your corporate wireless network was simple. If you had 2,500 employees with laptops, you figure you’ll need to plan for 2,500 devices on your network. Matter of fact, you didn’t even have to plan for 2,500 in most cases, because most of your users realized the wired network was much faster than the wireless, so they were plugging in when they were in the office. Today, tablet PC’s are the craze…….but the iPad doesn’t have a data port, this changes the game.
For BYOD Capacity planning, you should plan on 2.5 devices per person….and in environments like colleges and for campus Wi-Fi networks (universities & colleges) that number goes to 3-5 devices per student (laptop, tablet, smart phone, gaming device, etc.). You’re network has to be designed to support many more wireless devices.
2) BYOD Support Security
If the devices are corporately owned, the IT staff has built a standard image for the machines, authentication processes etc. So you know that the device is set up to the corporate standards of security. But what if you run a hospital wireless network and Dr. Smith wants to bring his own iPad. Do you now want to touch and configure each Dr.’s iPad? Obviously the answer is no, you don’t want to….but not only that, the help desk can’t physically get to all of those devices, it’s just not feasible.
In the BYOD world, the wireless infrastructure has to be designed from the start to allow Device Registration and Secure Access for the devices that you don’t own. There has to be an automated process to allow users to register their own devices and the network has to connect them into a secure role that limits access to allow things like email and web content, but limit access to internal resources.
3) Unified Access for Wired and Wireless Users
In the past we built our wired infrastructure. We secured it by separating VLANs and having port level security. When we added wireless we only allowed corporate owned machines so we just put it on top of the wired network and sent users into the appropriate VLAN. But today, users are accessing the network with their OWN devices. We can’t just connect them to the wired network, we need to segment their traffic and even control it. It’s a much more complex networking environment that requires a unified access strategy.
Today’s IT staff must build one Security Policy for their wired and wireless users that incorporates VISIBILITY and CONTROL into both the wired network traffic as well as the wireless network traffic.The days of building separate infrastructure for each service are coming to an end.