2.
BYOD Momentum
Identifying the Risks with BYOD
Security as the Main Challenge
BOYD Creates Management Challenges & Role
of Network Access Control
Mitigating Risk
5. Archiving is much more difficult
Data on personally owned devices is more difficult to archive because some of it is stored on
the mobile devices themselves, not necessarily on the backend servers that are operated by IT.
Monitoring content is more difficult
Monitoring content sent from and received by mobile devices is much more difficult than it is
from a conventional desktop infrastructure. This means that legal and regulatory violations are
easier to commit, which can lead to adverse legal judgments and regulatory sanctions.
Users are more autonomous
Mobile users tend to be more independent from IT’s control because they are outside of the
office and so IT cannot control how devices are used.
Compliance is more difficult
According to an Osterman Research survey, nearly two in five organisations find managing
policies for e-discovery or regulatory compliance to be difficult or very difficult, while 35% find
managing other types of policies to be this difficult. Managing mobile policies for issues like ediscovery and regulatory compliance is slightly more difficult than managing other types of
policies.
The environment is more diverse
The normal desktop infrastructure consists of mostly Windows machines and possibly some
Macs and maybe a few Linux machines. The typical BYOD environment, on the other hand, is
much more diverse, typically consisting of iPhones, Android smartphones, iPads, Windows
phones, BlackBerry devices, and other platforms. Further complicating the management of this
environment is that there are multiple versions of the operating systems in use, each of which
can provide users with slightly different capabilities.
8. Enable BYOD
60%
NAC is now one of the key
mechanisms for mitigating
the risks of consumerisation
Know The Devices
9%
(BYOD)
Gartner
Strategic Road Map for Network Access Control
Published: 11 October 2011 ID:G00219087
9. Have Access to Campus
Networks, Systems, and Data
Download/Store/Forward
Sensitive Information
9
16. Students
University
Staffs
Guest Users
g
g
g
Desktop
iPad
a a a
a
h
a a
h
g
g
Smart
Phone
g
h
Laptop
g
Researchers
hh
hh
hh
Road
g
Devices
Branch Office
g
Telemarketer
IP
Academic
Staffs
PII
Profiles
Office
Locations
Guest Access
Information
a
a
a
16
23. Single
Mgmt Appliance
Location HQ
Location 1
High Trust
Required VLAN
Med Trust
Required VLAN
Low Trust
Required VLAN
No Trust
Required VLAN
Faculty
Data
Students
Data
Guest
Access
Captive
Portal
Faculty
Registered Device
Compliance
Student
Registered Device
Compliance
Any User
Any Device
Not Jailbroken
Any User
Any Device
24. Single
Mgmt Appliance
Location 1
Remote Registration and Scanning
Location HQ
Welcome
To gain network access users are required to adhere to our established
registration policies. Please select one of the following options:
Authorized Users
Delegated & Automated
User
Device
Compliance
Guest
Access
Captive
Portal
Pre-Authorized Guest With An Account
Device Registration
Self-Service Guest Registration
In need of assistance, please call the Help Desk.
25. Enterprise Resources
Databases Apps
Email
Enterprise SSID
Full Access
Restricted Access
802.1x
Xirrus
Wireless AP/Array
MDM
Guest SSID
Internet Only
AAA
AD/LDAP
Open or PSK
XMS
Blocked Devices
Captive Portal
Classify User/Device/Location
Enforce Policies
Network Sentry
Internet
Mobility Device
Management
•
•
•
•
Visibility
Policy Manager
Automation / Control
Compliance
KBExplain graphicsLet us look at different aspect of our joint solution that deliver the three key capabilities – first being optimzied access, next comprehensive security and lastly validated solution.
Bradford Networks’ Network Sentry maintains username information for all non-corporate device types. Because Network Sentry is “network aware”, it knows in real time when any device connects to the network. Network Sentry then immediately sends username and IP address information to the User-ID Palo Alto Agent, allowing the Palo Alto Networks firewall to apply policies based on the user information supplied by Network Sentry.