Story image

Improve productivity with BYOD

30 Dec 14

Access versus security - it shouldn’t be a trade-off, says Fortinet’s Scott Cowen. He offers some security tips for the mobile workforce.

Enterprises can improve productivity by supporting BYOD (bring your own device) capabilities for management and staff. 

Users should be able to log on to the corporate LAN, either wired or wireless, from the device of their choice, access the application services they need and then exit the system. But, to ensure that only authorised users can do so, stronger security must be implemented .

The challenge for IT managers is to maintain real-time visibility of both traffic and application services, not only to guarantee a quality user experience but to add another level of protection against abuse or unauthorised activity.

To do this savvy managers are ensuring that access to the network (either wired or wireless) is based on a combination of authentications based on both user and device. This is achieved with a unified approach to security that adds protection at every node on the network.

From Wi-Fi to a secure wireless LAN
The key is to start with the premise that there is ONE network, regardless of how users are connected to it – wired, wireless or remote access.

This can only be achieved if you integrate a single, comprehensive security-centric infrastructure - the so-called unified access layer - into the network’s fabric. A secure environment with a common set of rules and policies that determine the level of user access based on their needs/roles, not by which access method they use.

All of the components on the network have to be secured: the gateway, servers, switches and access points. Secure gateways are nothing new, indeed most gateways have embedded firewalls, application control, web filtering and intrusion prevention as standard features.

These features secure the LAN behind the gateway. But, with the advent of BYOD, there is now a back door that can bypass the secure gateway and provide unauthorised users a free hand.

Authentication, single sign-on and ID 
Authentication is a standard feature of wired LANs. Extending authentication to the wireless world has traditionally been difficult and entails separate security for both access layers and infrastructure layers. Not only does this entail more operational overheads but it is cumbersome for users as they log on and off the WLAN. Hence the rise of single sign on (SSO).

SSO essentially takes advantage of the identity management capabilities inherent in the security-centric infrastructure to identify the user by both name and device. SSO interacts with other authentication servers on the network to act as a central repository for user identification. This in turn improves the user experience by reducing the number of logins that a user must execute. And once users are identified and authenticated, they are governed by a set of policies defining their resource access rights.

The secure WLAN: Access and security
Corporates need to make it easy for staff to work from any device, any time and in a secure manner. The technology has caught up with the requirement and is now available at a reasonable cost. Building security into your WLAN is no longer a separate exercise but a vital component of the security-centric infrastructure. It’s the most cost-effective and accessible strategy to remove the ‘access versus security’ trade-off from your network. 

Scott Cowen is the New Zealand and Pacific Islands channel director for Fortinet, which provides high performance network security.

Nasuni receives AWS competency status for primary storage
The recognition certifies that Nasuni Cloud File Services meet AWS's strict technical proficiency requirements for primary storage.
How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.
InfluxData aims to accelerate growth with new sales executives
As time-based data is generated at exponential rates from increased use of DevOps and IoT sensors, companies are requiring more advanced performance tools to analyze their complex environments. 
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Slashing commute time could save NZ from 900,000 tonnes of C02
In New Zealand, workers could save between 7.7 and 8.8 million hours of commuting time every year.
Huawei continues 5G trails despite interational concern
Huawei completed the 5G NR test at 2.6GHz spectrum in the 5G trial organised by the IMT-2020 (5G) Promotion Group. 
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.