Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers, we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editor at: [email protected].
Since the big marketing scam of Y2K, nothing seems to have caused a bigger ruckus in computer networking than BYOD (bring-your-own-device).
BYOD is scary, and scary sells products. Good for us. But the reality is that BYOD has become a bit like Y2K. It’s a big problem that isn’t that big.
Most businesses really want to do a few simple things with BYOD:
1. Find an easy way to onboard all devices (organization- and user-owned)
2. Automatically provide user-based policies when a user connects
3. See who is accessing the network with which devices
4. Extend wired security and design (content filtering, firewalls and VLANs) to the wireless network
5. Add wireless capacity to networks with 2x, 3x or 4x devices per user
6. Keep it simple, cost-effective and leverage existing infrastructure!
Sure, some organizations also want to directly manage devices and apps, provide NAC (and anti-x) inspection, quarantine and remediation, and then filter, control and steer their users with highly customized policies based on seventeen unique criteria including (but not limited to) user, device, location, time, access method, user mood, moon phase, ambient outdoor temperature, tide levels and pant size.
But despite the BYOD hype claiming that everyone needs all the customization and then some, we’re hearing a different story from the middle of the enterprise market.
Organizations already have the right network components to address their BYOD basics without having to purchase more network equipment:
• Authentication—you already securely authenticate users against your authentication server (LDAP, AD, etc.). Even if you don’t want to use 802.1X, there are still excellent options.
• Network security—many organizations have already invested time and energy designing proper network segmentation and security with VLANs, ACLs, firewalls and content filters. Why replicate the configuration and complexity on wireless devices if you’re already doing it on the wire?
• Role-based access policies—you know who people are and where they belong on the network; now it’s time to use that information to make sure everyone gets the right access and nothing else. This can apply to device types too.
• Visibility—there are many devices in the network that can monitor who’s on your network and what they’re doing. A smart Wi-Fi system provides this information at the edge, where you can make provisioning changes as needed.
Role-based access is often the biggest hurdle, but for those that have group policies wrapped up with a pretty bow, the new question that needs answering is whether all users and devices are the same. Users with personal devices are forcing the question. Thus, the basic problem surrounding BYOD is that users are known but devices aren’t.
There are a few easy-to-use features that have been around before the BYOD bell started ringing that will help most organizations overcome the BYOD blues.
