Since the big marketing scam of Y2K, nothing seems to have caused a bigger ruckus in computer networking than BYOD. BYOD is scary, and scary sells products, which is good for vendors. But, the reality is that BYOD has become a bit like Y2K. It's a big problem that isn't that big.
Mobile is surging, yes, but product peddlers have blown it way out of proportion. Wild-eyed Crackberry-turned-iAddict users are making enterprises reassess their wireless strategies. But truth be known, most businesses really only want to do a few simple things with BYOD:
- Find an easy way to onboard all devices (organisation- and user-owned)
- Automatically provide user-based policies when a user connects
- See who is accessing the network with which devices
- Extend wired security and design (content filtering, firewalls, and VLANs) to the wireless network
- Add wireless capacity to networks with 2x, 3x, or 4x devices per user
- Keep it simple, cost-effective, and leverage existing infrastructure.
Sure, some organisations also want to directly manage devices and apps, provide NAC (and anti-x) inspection, quarantine, and remediation, and then filter, control, and steer their users with highly customised policies based on 17 unique criteria including (but not limited to) user, device, location, time, access method, user mood, moon phase, ambient outdoor temperature, tide levels, and pant size.
Understandably, some organisations (such as those with strict compliance requirements) need highly customised security policies in place. Where IT staff expertise and budgets are sufficient. But despite the BYOD hype claiming that everyone needs all the customisation and then some, the middle of the enterprise market may chafe against these assumptions.
When it comes to BYOD, very few companies in the mid-tier segment really want to implement every bell and whistle because (a) they don't have time, (b) they don't have the skilled staff, (c) they don't have the budget, (d) they don't see the need, or more likely, (e) all of the above. But more important, organisations already have the right network components to address their BYOD basics without having to purchase more network equipment:
- Authentication - you already securely authenticate users against your database servers (LDAP, AD, etc.) for some networking functions. Even if you don't want to use 802.1X, there are still excellent options for user-specific wireless authentication.
- Network security - many organisations have already invested time and energy designing proper network segmentation and security with VLANs, ACLs, firewalls, and content filters. Why replicate the configuration and complexity on wireless devices if you're already doing it on the wire?
- Role-based access policies - you know who people are and where they belong on the network; now it's time to use that information to make sure everyone gets the right access and nothing else. Authorisation policies can apply to device types too.
- Visibility - There are many devices in the network that can monitor who's on your network and what they're doing. A smart wi-fi system provides this information at the edge, where you can make provisioning changes as needed, as network usage changes.
Sign up for Computerworld eNewsletters.