BYOD is the newest marketing buzz word, thankfully replacing "cloud" it seems (unless you run into the double whammy of a BYOD company with a "cloud" offering). For the first time in recent memory marketing has actually somewhat aligned with the needs of IT. There’s only one problem… there is nothing new about BYOD. In healthcare, with patient and guest access, and smaller businesses, with your executives wanting to attach all their home devices to the network, it has been standard procedure for years. On top of that, neither of them can hold a candle to higher education. That doesn’t matter anymore. Now that the proliferation of i-devices and numerous Android tablets has flooded the market and given the consumer some real productivity on the go, organizations across the globe are struggling and wondering how these "been there, done that" organizations are able to keep their security and sanity. This past week I was graciously invited to become a member of Cisco’s Enterprise Mobility Technical Advisory Board. The board is comprised of several professionals who are going to meet with Cisco and discuss the future of their wireless products. We also get a look at upcoming changes to the lineup and help shape their feature sets. I feel I should mention that I am not advertising Cisco’s products nor am I paid by Cisco to attend. They covered the hotel room and a couple meals. It still cost me a bit of money out of pocket. Myself and a few other delegates from higher education and healthcare met in San Francisco to discuss all things mobile. When the meeting started it was quite clear that Cisco is an enterprise focused organization. Now this doesn’t mean they can’t provide what is needed in other places, but posing a questions such as "Who here is interested in BYOD?" in a room full of people that have been doing it for the better part of a decade gives some insight into the mentality of how new a concept it is outside of our world. (Note: I’m pretty sure this will be true of any vendor out there. I have yet to visit a site from anyone that isn’t touting their BYOD capabilities) I don’t plan on talking about any specific vendor, it’s up to you to decide what is right for your company, I’m just giving an overview of basics and the importance of BYOD. By now if you’re in IT and haven’t heard of or been affected by BYOD in one way or another, it might be time to consider a career change. All that being said…
What is BYOD and why is it such a hot topic?
"Bring your own device" is an initiative started by the need of organizations to adapt to the consumerization of IT. Long ago it was the Blackberry movement reserved for CxOs wanting the latest and greatest in mobile technology, always connected to their job and the world. Since RIM wasn’t a consumer focused company and most people didn’t personally own a smartphone, you could throw up a BES, apply some policy, tie it in to exchange, and call it a day. Then came the day of the Treo and WinMo devices. A well connected executive or IT manager saw the opportunity to keep his staff on top of the infrastructure at all times (read: exploit). IT was connected and it was a badge of nerdiness to have that leather holster on your side without having to use that abysmal RIM software, but the same rules applied. Company owned and operated equipment that you were allowed to use. Out of nowhere Apple seized the opportunity to bring this kind of usability down to the lay person. Within a year millions had been sold on being connected and willingly brought their devices with them everywhere. Coupled with corporate wireless networks, home wireless, and 3G service, employees were working on the go. Someone could now answer emails before bed, schedule appointments while grabbing a coffee at $coffeshop, and check the latest company news on the train. Productivity spread from the office to anywhere with cell or wifi service. On top of that, employees were now comfortable working on what they had and developed workflows specific to their configuration (devices). Fast forward to today. The proliferation of handheld and mobile devices is everywhere. Consumer level equipment has manufacturers rethinking their products and sales models. Employees are working at home and in coffee shops using their own equipment, on the go all the time. All while IT is crying "protect the data!", writing policies, and deciding how to handle the massive surge of new equipment. Some argue that the security concerns are enough to outweigh the value, others tout the productivity gains, while some say the decreased cost because of phones, tablets, etc. being purchased by the end user instead of the company and the management that goes along with them make the argument a no brainer. Whatever you and your company decide, it isn’t something that can be avoided. BYOD isn’t for everyone, but it’s here to stay.
How to deal with BYOD
Most companies have adopted policies in the past that allowed employees and guests to access the corporate wireless network, maybe even access internal resources using a VPN or VDI solution. Now employees are demanding to be able to work directly on their devices. In order to allow this there are certain requirements any department will have in place to protect the data. Enter one of the newer features to any BYOD solution, pre-authentication profiling and posturing. This sort of technology existed before in many forms, but looking back, the integration of it into the access control system seems like that’s where it should have resided all along. Many companies will start using these solutions to give employees the ability to work natively on their machine, but give IT visibility into the health and validity of the system.
Posturing: In the posturing portion, probing a machine (using either a client or disposable application) for it’s OS patch level, antivirus worthiness, and more before giving access seems to be key in many IT departments. Having this information and giving the network the ability to react to it accordingly seems to be the peace of mind that IT managers were looking for.
Profiling: This allows the network to change variables based on device type, OS type, and even jailbreak status. All the manufacturer claim their method of gathering this info is the best, and they all do it in different ways. What this gives a department is the ability to decide that an Android device is welcome on the network, but not at the same access level as a person on their laptop. An iPad may only need web access and need to be rate limited so users aren’t watching Netflix in HD on the corporate pipes. You can limit the resources they have access to because simply, a mobile device operating properly shouldn’t have the capabilities to do certain functions. You can take it another step and decide that a jailbroken iPad or rooted Android device aren’t allowed because they pose a vulnerability to the safe operation of the network. The list goes on.
Onboarding: When a client is accessing your internal resources you want to make sure the connection is as secure as possible. This requires some level of encryption and access control. The issue lies in the fact that not all client devices are able to connect to a secure wireless network easily. You want your employees to find the network, enter their credentials, and have everything else happen in the background. Certificates, registration, and joining the network happen seamlessly to the client. This is a fairly new enterprise concept but there are a few companies that have been facilitating this process using captive portals and java apps for a few years now.
Of course there are many more methods and facets of each of these technologies, these are just some basic examples.
The Future of BYOD
I think there is a long way to go before the wireless experience is truly considered as safe and secure as the wire, with changes needing to be made on both sides to accomodate. With the fast pace of wireless technologies, the evolution we see each year it is no doubt that wireless will catch up to wired. Until then, there is a lot to be learned from higher education and healthcare organizations and they will be leading the way into the future, shaping these products and feature sets. Early adoption will be highest among these verticals to combat an issue that has been around as long as wireless itself and is just now seeing true solutions to the problem.