Applying NAC to mobile
Applying NAC to mobile
The past year has seen a substantial increase in the number of solution providers for mobility. Most of them fall under two broad categories: MDM (mobile device management) and MAM (mobile application management). While there are different solution models between these two core platforms, MDM, at a general level, focuses on the device management lifecycle. This includes device registration – access to standard collaboration applications, such as email, calendar and messenger – access termination, or registration revocation. MAM, on the other hand, is driven by the mobile apps market, and provides a controlled platform to push custom-built applications or applications from the public marketplaces.
By now, every well-established procurement and support group has the process down for getting a new laptop or PC model into the network with its asset lifecycle management. But, what is the asset lifecycle management for mobile devices? Should they be vastly different? Not necessarily, but the additional differentiator here are the nonstandard devices. It becomes impossible to create an asset life cycle for every personal device out there. So, is there a practical way to open selective doors of the corporate network for bring-your-own-device (BYOD), while providing reasonable security controls and meeting regulatory requirements?
Network access control (NAC) has been around for a while, primarily morphing to maturity in universities and academic institutions. But, within the past two years, NAC providers have seen substantial growth both in solution development and adoption. At a broad level, NAC, or device access control, vets the device that is connecting to the network against a set of published policies, rejects or remediates devices, and authorizes a device to a specific network based on its characteristics and organization policy. This approach can be adapted to mobile devices, as well, with reasonable efforts.
A more substantial enterprise mobility framework can be conceived with a combination of NAC, MDM and MAM based on organizational requirements. For instance, to visualize a solution model for email, calendar and Wi-Fi access for BYOD, a multiplatform MDM solution can be used for registration that will also subscribe the device to receive email messages, access calendar and, in some cases, allow corporate instant messaging.
As the organization evolves and resolves applicable privacy, usage policy and apps support concerns, NAC controls can be optimized for greater access while still delivering effective security controls.
Don't get caught in the whirlwind of BYOD, says Viswanathan. Evaluate the options, possibly with the help of a third party, to understand the true benefit of adopting BYOD.
Plan and communicate:
Develop a clear roadmap on how you see mobility playing out within your organization, says Viswanathan. Socialize and get consensus with the right leadership team.
Keep it simple:
Start small with a pilot program by identifying an MDM solution and launching BYOD for one flavor of popular mobile devices. Optimize as you go and expand the rollout over a period of time.
With a split wireless network, policies defined in NAC will “interrogate” the BYOD unit and can reject, e.g., jail-broken devices, or allow devices to connect to a BYOD network.