A generic background image tangentially related to the post

Securing A Mobile-First Digital Workplace

Zach Hargett  |  August 2, 2016

Share: Share on FacebookTweet about this on TwitterShare on LinkedInGoogle+

With the growing millennial presence in the workforce today, it’s safe to say GenMobile has definitely arrived. GenMobile isn’t about a specific age generation; rather, a “changing-how-we-do-work” generation. Think about how we do things today versus five or even ten years ago. No longer do we need to come into a dedicated office space between specific hours of the day to get our work done. GenMobile is an always-on-the-go, yet more-connected-than-ever generation, and it’s changing the way IT responds to their business needs.

160802164756Today, mobility is everywhere – and it can benefit everyone. If you are an employee, and your child is sick at home, you can be home with them and still meet your deadline. Maybe you are more focused at ten o’clock at night, versus ten o’clock in the morning.  Employers benefit from mobility for those same reasons.

Mobility also affects the business-to-consumer relationship as well. As more companies develop applications that customers can interact with on their smart devices, both parties benefit. Customers benefit from a variety of ways – from product information and reviews to location-based services that lead them around the workspace. Businesses pull valuable information about their customer base through these apps – from what products are generating a lot of interest online, to where customers are spending their time, and when.

Workspaces are changing as well. IDC claims there are over 1.3B mobile workers today, or 1.3B people who aren’t tied to a specific network port. Think of that unoccupied cubicle space in your office. Can you tell me that 100% of your cubicles are in use by a specific employee – not as storage space – as an actual desk space? On average, these spaces are sitting unused at $14k per cube. If it fits the needs of the workspace, what’s holding an organization back from going wireless?

The Internet of Things couldn’t be what it is today without mobility. IoT is all about the sensors, and most of those sensors connect wirelessly. IDC claims that by 2017, 90% of datacenter and enterprise systems management will rapidly adopt new business models to manage non-traditional infrastructure and BYOD device categories. That screams IoT. The only thing more important than those sensors, is securing the data that those sensors are gathering. If the integrity of the data is compromised, what’s the point of the sensor?

With all of these changes in mobility, and everything already coming from IoT, how do you respond? How do you accept these business-advancing changes while keeping your company secure? It all comes down to access – who has access to what on what device at what time. How do you enforce changes as your business changes? Let’s take a look at a few features that will help.

 

Authentication and Authorization

802.1x – It doesn’t matter if it is wired or wireless, 802.1x provides a great level of control over network access. Being able to throw a connection to a quarantine VLAN if/when needed keeps internal data and services safe.
Device Profiling – Having specific information about devices on your network can help create workflows and enforcement policies. It allows you to know what behavior you should expect from the device, and take action when that device is exhibiting unexpected behavior.

Identity-based Security – Not everything connects to the network through a wired port. The system needs a way to find out who is on the network, so that it can enforce proper permissions to its users.

 

Network Access Control Services

Device Differentiated Access – Being able to control not only who has access, but by what device, can help keep expected connections safe and unexpected connections off the network.

Managed Guest Access – Setting up an open Wi-Fi network with an Internet connection is not a guest network anymore. Bandwidth throttling, self-registration, and connection length monitoring are a few capabilities you need to have to provide a safe guest network.

Health/Posture Checks – Making sure that trusted devices are staying compliant before they reconnect to the network keeps networks safe.

 

Architecture and Coverage

Scalability – You never want to paint yourself into a corner when architecting a solution. Business growth shouldn’t mean ‘ripping and replacing’ architecture. Scalability is key.

Context Capture – Sharing information between systems can be extremely valuable. Why can’t your NAC solution benefit from information that your MDM solution has?

3rd-Party Integration – What happens when two companies merge? Often times, multiple hardware platforms are a result, but multiple connection scenarios shouldn’t be. IT needs a solution that has the ability to control a wide breadth of hardware, so the users see the same connection experience, regardless of what they are connecting through.

 

Management and Visibility

Workflow Automation/Template-Based Simplicity – Workflows should be easy enough for users to follow successfully, yet structured well enough that IT gets the information they need from them. These workflows can be created from templates – standardized, that all IT tiers can support them and a win-win for both users and IT staff.

Intelligent Reporting – This term shouldn’t seem like an oxymoron anymore. With a system that is natively aware of all of its parts, reporting should be simplistic yet specific. No more need for a flood of reports, just the ability to piece together what you’re looking for.

At the core of these 4 feature sets is security. The individual pieces of these feature sets are useful, but without security being at the core, they are worthless. Deploying security that works behind the scenes without interfering with a user’s productivity is what the industry is yearning for.

3 Steps to Data Security.jpgIf we combine these 4 feature sets together and we make sure that security isn’t just a ‘bolt on the door’ but an actual part of the solution or part of the DNA, what do we get? At its most foundational level, we get IT adapting authentication to mobile requirements. To do this, we really need 3 things – policy, context, and visibility. We need policy to help us control who we have connecting to what and from what device. Context identifies users and their devices and helps keep policies and enforcement current. Visibility is what ultimately allows us to see how effective our policies are, and gives us the eyes we need for effective troubleshooting. Policy, context and visibility are their own separate powerful entities, but making them work together is far more powerful.

So, IT adapting authentication to mobile requirements seems obvious enough. After all, users need what they need and IT needs what they need, but there’s no reason why both parties can’t have their cake and eat it too. Have you met my friend, Aruba ClearPass?

Aruba has put together a pretty sophisticated authentication engine to run access to your network. ClearPass can handle everything – from onboarding devices for part of your BYOD strategy to managing access to your guest network to providing enterprise AAA including RADIUS and TACACS+. ClearPass also has over 100 vendor dictionaries to make sure that regardless of your hardware platform, ClearPass will be able to not only communicate with it but also make sure that your policies are being enforced through those devices. Having all of these possibilities through one product and not bolted on or piecemealed together, helps ensure consistency throughout the entire ClearPass experience.

New Call-to-action

The following two tabs change content below.

Zach Hargett

Solutions Design Architect at ISG Technology
Zach brings more than 11 years’ experience designing, implementing and supporting highly available network systems and solutions that include diverse network technologies and capabilities. Primarily focused on storage, compute and virtualization, Zach works with large Enterprise network architectures, designs and systems. Success stories include relieving bottlenecks or contention in existing environments and building innovative systems that far surpass previous hardware. He holds a B.S. in Information Technology from DeVry University. Zach is located in Lenexa, KS where he resides with his trusty pal, a chocolate Labrador named Moose.
About

Zach brings more than 11 years’ experience designing, implementing and supporting highly available network systems and solutions that include diverse network technologies and capabilities. Primarily focused on storage, compute and virtualization, Zach works with large Enterprise network architectures, designs and systems. Success stories include relieving bottlenecks or contention in existing environments and building innovative systems that far surpass previous hardware. He holds a B.S. in Information Technology from DeVry University. Zach is located in Lenexa, KS where he resides with his trusty pal, a chocolate Labrador named Moose.

Posted in Blog, Communications, Professional Services Tagged with: , ,
Menu