What is it?
Bring Your Own Device (BYOD) is simply allowing your users to bring in their personal equipment and connect it to your network. Unlike guest networks BYOD networks tend to allow the user access to certain internal systems from mail to full file access. Where the line is drawn is the most critical part of a BYOD strategy.
So where do you draw that line? Most users expect a minimum of being able to access company mail. Equally most businesses thinking about BYOD already offer guest Internet access, so assuming that’s already in place, is that not enough?
In this post well take a look at some of the questions you should think about before opening up your network to user equipment.
Where should you start?
As with any solution, the first thing I would suggest is you need to answer the key question, which in this case is why do you want to implement BYOD on your network? Answers can range from convenience, to CAPEX savings, though that last one can be a bit of a pyrrhic victory. In most cases, you won’t be able to negotiate such great rates if you are buying less hardware. Regardless, as long as you have a reason to offer the service and have decided that BYOD is the solution for you, let’s take a quick look at some of the bigger questions.
If you’ve chosen BYOD then Internet access is the most basic requirement, so the first question usually becomes not should you allow it, but how do you allow it, and allow it in a secure manner. Making sure your guest network’s Internet traffic never goes near your corporate network, was probably looked at when the guest network was installed, so the main question becomes how will you now allow access to both.
What should users devices have access to and what do they actually need access to; email, printers, the corporate intranet? Equally important is how will you manage this access? Should only certain user devices have access to the corporate network and if so how will you separate them from guest devices? Will you need additional security devices such as IDS or a new firewall to protect your systems against non corporate devices can you current security systems cope with the additional load?
Assuming you will be utilizing a secure connection to the corporate network the authentication question becomes how should users authenticate to your network, a shared key for everyone is generally not encouraged. So if every one needs a unique identifier, how will you manage that? will you use internal authentication such as an Active Directory or will you opt to force users to undergo two factor authentication?
Opening your front door to any device can be a bit of an eye opener, so you may want to take some time to think about whether a posture assessment solution is required. Do you want to make sure devices have up to date antivirus installed, what about software patches? if they are not up to date do you want to provide a remediation service or just restrict their access?
Another big concern that is often not reviewed until it becomes an issue is, can the interal services cope with another load of connections? With guest Internet access the only concern is whether enough bandwidth is available on your Internet connection. With internal services, the question has to be much broader can the servers and the infrastructure withstand a 2 or 3 times increase with the number of devices accessing the network
Finally being able to determine which users are connected and then being able to verify the correct settings have been applied is an absolute must. So always take some time to think about how you will actually monitor all of these devices and remove their access as necessary
As you can see BYOD is a small acronym that comes with a lot of questions.