Enterprise wireless LAN architectures were not designed with bring your own device (BYOD) in mind. Businesses need BYOD management tools to help support the new mobile devices and operating systems connecting to the corporate network.
Ruckus Wireless, a Sunnyvale, Calif.-based Wi-Fi provider, recently announced its new BYOD and mobile device management (MDM) software -- Device-Agnostic Networking (DAN) -- for onboarding, policy enforcement and application filtering for any device and operating system.
With so many different mobile operating systems -- like Android, iOS, Windows and BlackBerry -- enterprise IT needs a more device-agnostic approach to BYOD management, said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC. "IT needs to help its users with automated onboarding and provisioning of devices, irrespective of what the device make is," he said.
Because of the nuances of different mobile operating systems, not all devices are onboarded in the same way by the Wi-Fi infrastructure. "Some operating systems -- like Windows -- can be a bit more difficult to onboard because of security features that make the device re-authenticate, Kindness said. "Some Wi-Fi vendors are handling this differently."
Some vendors are offering the ability for users to onboard their own devices and give them access to corporate resources, independent of the device or operating system, but others aren't there yet. "Most vendors tackled iOS first, then Android, and now Windows. This is where the nuances start to happen, and where some vendors will be able to be device-agnostic and others will focus on one or two operating systems," said Andre Kindness, senior analyst at Cambridge, Mass.-based Forrester Research Inc.
Enterprises without device-agnostic BYOD management technology adapt by restricting new devices and operating systems to the guest network, but this leaves users without access to corporate applications and data, Mehra said.
Ruckus DAN: BYOD management for enterprise Wi-Fi
The Ruckus DAN software allows devices onto the corporate network while removing security concerns associated with BYOD by giving IT deeper visibility into the device accessing the network. Network managers can also enforce policies based on the user or device with DAN, said Salah Nassar, senior manager of product marketing for Ruckus Wireless.
More on BYOD management:
BYOD management: Using a device catalog to control users
App, device & network access control for BYOD management
Penn Medicine's approach to BYOD security, management
The DAN software -- which runs on the Ruckus ZoneFlex wireless LAN architecture -- includes user and device onboarding functionality, application filtering and policy setting based on device type. Network administrators can use DAN software to manage both corporate-owned and personal mobile devices user devices.
Employees can onboard their devices though Ruckus Zero-IT, the provider's existing onboarding portal that allows users to self-provision devices without IT intervention via an employee portal. "The end user shouldn't require IT to onboard their own device," Nassar said. "One of the values of BYOD is to reduce the cost for IT, and if they have to onboard every device a user brings in, that value will go away."
Once users log in with their credentials, the device can be authenticated to either the corporate or guest network, and policies are predefined based on the user.
"Ruckus DAN doesn't care what device or operating system the employee chooses," Nassar said. "[It] provides the reliable wireless connection, but also the ability to secure devices depending on the policies or the enterprise, or compliance and regulatory confines an enterprise is subject to," he said.
BYOD: Not just a networking challenge
BYOD management is not just a Wi-Fi issue. For many enterprises, the consumerization of IT can be a legal, security or HR concern, Kindness said. Users are bringing in devices and wanting access to corporate information and applications, but often don't consider the risks associated with storing company data on their phones. Granular access control can help with some of these issues.
"Employees want unlimited access, but they [aren't] OK with IT wiping their device clean in the event it goes missing and then is found," he said. BYOD management tools -- Ruckus DAN, Aruba's ClearPass and Cisco's Identity Services Engine -- give IT a middle ground option for giving users the access they need with the device of their choosing, and giving the enterprise the security and visibility it needs over their corporate network, he said.