Opinion: BYOD (bring your own devices) is the next Y2K

We all recall the commotion surrounding the Y2K bug at the turn of the last century. Now, many vendors are using the concept of BYOD (bring your own devices) to scare organisations into buying new products. What many IT managers don’t realise is that they may already have the tools to control this influx of wireless devices.

Personal devices connected via Wi-Fi are surging, yes, but product peddlers have positioned BYOD as Armageddon 2.0. Wild-eyed Crackberry-turned-iAddict users are making enterprises reassess their wireless strategies.

But in reality, what most businesses really want to do with BYOD is simple: find an easy way to bring known devices onto the network, apply policies to these devices, extend wired security and design to the wireless network and easily add wireless capacity to networks.

Understandably, some organisations (those with strict compliance requirements) need highly customised security policies in place. But despite the BYOD hype claiming that everyone needs all the customisation and then some, very few companies in the mid-tier segment really want to implement every bell and whistle, because they don’t have time, skilled staff or budget - they often also don’t see the need.

BYO BYOD

Many organisations may already have the right network components to address their BYOD basics without having to purchase more network equipment:

• Authentication - You already securely authenticate users against your database servers for some networking functions.
• Network security - Many organisations have already invested time and energy designing proper network segmentation and security with VLANs, ACLs (access control lists), firewalls and content filters.
• Role-based access policies - You know who people are and where they belong on the network; now it’s time to use that information to make sure everyone gets the right access and nothing else.
• Visibility - There are many devices in the network that can monitor who’s on your network and what they’re doing. A smart Wi-Fi system provides this information at the edge.

Existing Wi-Fi features

Wi-Fi features that have been around before the BYOD bell started ringing will help most organisations overcome BYOD fears and despair.

Dynamic pre-shared keys (DPSKs) are a unique feature for organisations that aren’t ready to wade into the deep end of Wi-Fi BYOD security with 802.1X. Traditionally, WPA2-Personal uses a shared PSK for the entire network. There are several known security and manageability problems with these shared keys. However, with DPSK, a unique, secure key is created for each user or device. By pairing each user/device with an individualised PSK credential, the key/device/user combination can receive a unique policy and can be managed and monitored individually. It’s the Goldilocks principle!

DPSK is a suitable fit for the BYOD craze, especially for companies caught between the less palatable extremes of 802.1X and traditional passphrases.

Features that automate device provisioning can also be beneficial for BYOD. Some, when combined with DPSKs or 802.1X, can offer a secure onboarding tool that allows users to self-provision devices without IT intervention.

In a typical workflow, users connect to a provisioning network, securely log in with their domain credential and the provisioning tool autoconfigures their device with the appropriate network profile and its associated privileges. The device reconnects to the proper network and the user receives access, based on the role-based policies in place on the Wi-Fi system - or obtained from a user database. IT stay out of the onboarding loop and yet they retain full control over the user/device access. And in most systems, administrators gain visibility to see device-specific settings, which user registered the device, what type of device it is and plenty more. For enterprises that want additional device-specific policies, most vendors have integrated software that profiles new devices using OS fingerprinting techniques.

These solutions are less intimidating than full-blown NAC and MDM (mobile device management) approaches, but they solve the real problems for a majority of organisations. If the WLAN is designed properly and provides reliable RF functionality, users stay connected and productive. And that is exactly how BYOD should be.

*With more than 30 years’ experience in the IT&T industry, Carl Jefferys is ANZ Ruckus Wireless Country Manager. He has held senior management roles at NEC and Macquarie Telecom as well as engineering and sales positions with Amalgamated Wireless Australia (AWA), Control Data, Datacraft and Lucent. He has worked for start-ups, vendors and telcos