The challenges of BYOD for campus network by Leonard Raphael
-
Upload
leonard-raphael -
Category
Technology
-
view
649 -
download
2
description
Transcript of The challenges of BYOD for campus network by Leonard Raphael
![Page 1: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/1.jpg)
The Challenges of BYOD for campus Network
Leonard Raphael, 10th October 2013
![Page 2: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/2.jpg)
BYOD Momentum
Identifying the Risks with BYOD
Security as the Main Challenge
BOYD Creates Management Challenges & Role of Network Access Control
Mitigating Risk
Agenda
![Page 3: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/3.jpg)
BYOD Expertise Know Every
Device Know Ever User Reduce Help Desk Minimise Risk Ensure
Compliance
3
What to Expect …
![Page 4: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/4.jpg)
BYOD Maturity Roadmap
Block
Contain
Disregard
Embrace
Visibility Automation
![Page 5: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/5.jpg)
Archiving is much more difficult Data on personally owned devices is more difficult to archive because some of it is stored on the
mobile devices themselves, not necessarily on the backend servers that are operated by IT. Monitoring content is more difficult Monitoring content sent from and received by mobile devices is much more difficult than it is
from a conventional desktop infrastructure. This means that legal and regulatory violations are easier to commit, which can lead to adverse legal judgments and regulatory sanctions.
Users are more autonomous Mobile users tend to be more independent from IT’s control because they are outside of the
office and so IT cannot control how devices are used. Compliance is more difficult According to an Osterman Research survey, nearly two in five organisations find managing
policies for e-discovery or regulatory compliance to be difficult or very difficult, while 35% find managing other types of policies to be this difficult. Managing mobile policies for issues like e-discovery and regulatory compliance is slightly more difficult than managing other types of policies.
The environment is more diverse The normal desktop infrastructure consists of mostly Windows machines and possibly some Macs
and maybe a few Linux machines. The typical BYOD environment, on the other hand, is much more diverse, typically consisting of iPhones, Android smartphones, iPads, Windows phones, BlackBerry devices, and other platforms. Further complicating the management of this environment is that there are multiple versions of the operating systems in use, each of which can provide users with slightly different capabilities.
BOYD Challenges
![Page 6: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/6.jpg)
Containing the Risk of a Cyber Threat
Data Consolidatio
n
DataExfiltration
Internal Network
Scan
PhishingEmail on Device
Device Compromise
d
Attack Surface is Multiplying With Every New Device
![Page 7: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/7.jpg)
New Risks With Personal Mobile Devices
Configuration
Devices
Applications
Consistent
UnmanagedManaged
Diverse
User DownloadedCorp Push
Websites OpenContained
Risk
EndpointProtection EmergingMature
![Page 8: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/8.jpg)
Network Security Gap / Blindspots
NAC is now one of the key mechanisms for mitigating
the risks of consumerisation (BYOD)
GartnerStrategic Road Map for Network Access ControlPublished: 11 October 2011 ID:G00219087
Enable BYOD
60% Know The Devices
9%
![Page 9: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/9.jpg)
Have Access to Campus Networks, Systems, and Data
Download/Store/Forward Sensitive Information
Why are Personal Devices Risky?
9
![Page 10: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/10.jpg)
Managing Risk of BYOD
Network Risk
Device Risk
Application RiskMalicious Applications
Vulnerable Devices
Unauthorized Network Access
![Page 11: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/11.jpg)
11
Gartner’s Best Practices to Address BYOD
Mobile Device Mgmt
Hosted Virtual Desktop
Network Access Control
![Page 12: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/12.jpg)
Implementing the right Technologies Implement the right Network Policy Providing the right Resources to meet the
challenges.
Mitigate Risk
![Page 13: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/13.jpg)
3 Phases of Network Access Control
Employee
EndpointCompliance
GuestNetworking
ConsumerizationBYOD
CorpDevice
GuestDevice
HybridDevices
Guest Hybrid Users
![Page 14: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/14.jpg)
Secure BYOD Essentials
NETWORKSENTRY
BYOD RISKMITIGATION
BYOD RISKASSESSMENT
![Page 15: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/15.jpg)
Role-Based Network Access Policies
WHO WHAT WHERE WHEN
TRUSTEDUSERS
TRUSTEDTIME
TRUSTEDDEVICES
TRUSTEDLOCATIONS
![Page 16: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/16.jpg)
16
Role-Based Access Policies
Profiles
Information Locations Devices
IP PII
Guest Access
Office
Telemarketer
Branch Office
Road
Laptop
SmartPhone
iPadDesktop
Academic Staffs g g h h h a a a
Researchers g g h h a
Students g g h h h a a
University Staffs g h a
Guest Users g g a a
![Page 17: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/17.jpg)
SECURITY WIRED & WIRELESSMOBILITY
BYOD Network SmartEdge Platform
WHOWHATWHEREWHEN
NETWORKSENTRY
NETWORKACCESS
CONTROL
SECUREBYOD
GUESTMANAGEMENT
REGULATORYCOMPLIANCE
EDGEVISIBILITY
ENDPOINTCOMPLIAN
CE
EASY 802.1XONBOARDING
NETWORKANALYTICS
![Page 18: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/18.jpg)
NAC – 3 Generations
Employee
EndpointCompliance
GuestNetworking
ConsumerizationBYOD
CorpDevice
GuestDevice
AllDevices
Guest All Users
Appliance
Cloud
Virtual Server
Appliance Appliance
Virtual Server1.0
2.0
3.0
![Page 19: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/19.jpg)
Network Edge VisibilityWHO WHAT WHEN
Real-TimeVisibility
SingleNetwork Sentry
Appliance
….
LOCATION 2
LOCATION N
LOCATION 1
WHERE
VPN
![Page 20: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/20.jpg)
Network Inventory
![Page 21: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/21.jpg)
Secure BYOD / Network Access Control
IdentifyUser
AssignNetwork Access
AssessRisk
IdentifyDevice
NoAccess
GuestAccess
RestrictedAccess
UnrestrictedAccess
![Page 22: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/22.jpg)
Device Profiling
![Page 23: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/23.jpg)
Safe Policy-Based Network Access
Location 1
Location HQ
CaptivePortal
FacultyData
StudentsData
GuestAccessLow Trust
Required VLAN
No TrustRequired VLAN
Med TrustRequired VLAN
High TrustRequired VLAN
FacultyRegistered DeviceCompliance
StudentRegistered DeviceCompliance
Any UserAny DeviceNot Jailbroken
Any UserAny Device
SingleMgmt
Appliance
![Page 24: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/24.jpg)
GuestAccess
Guest ManagementLocation 1
Location HQ
CaptivePortal
SingleMgmt
Appliance
Remote Registration and Scanning
In need of assistance, please call the Help Desk.
Authorized Users
Pre-Authorized Guest With An Account
Device Registration
Self-Service Guest Registration
WelcomeTo gain network access users are required to adhere to our established registration policies. Please select one of the following options:
Delegated & Automated
UserDevice
Compliance
![Page 25: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/25.jpg)
End-to-End BYOD Solution
Enterprise SSIDFull Access
Guest SSIDInternet Only
Blocked Devices
Enterprise Resources
Network Sentry
Internet
Captive PortalClassify User/Device/Location
Enforce Policies
Xirrus Wireless AP/Array MDM
AAAAD/LDAP
802.1x
Open or PSK
Restricted Access
EmailAppsDatabases
• Visibility• Policy Manager• Automation / Control• Compliance
XMS
Mobility Device Management
![Page 26: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/26.jpg)
Network Analytics
Network Sentry/Analytics
HTTPS HTTPS
Network Sentry
Appliance
ReportServer
Network Sentry
Data Warehouse
AnalyticsEngine
JobScheduler
Security Rules
WHO
WHAT
WHERE
WHEN
COMPLIANCE
INVENTORY
ANOMALIES
EXCEPTIONS
![Page 27: The challenges of BYOD for campus network by Leonard Raphael](https://reader035.fdocuments.us/reader035/viewer/2022081518/553b4d1f4a79593d798b4691/html5/thumbnails/27.jpg)
SmartEdge Platform / SecurityEliminate BYOD Blind Spots
Guests, Contractors, Students
ActiveDirectoryDevices
And Users
Non-ActiveDirectoryDevices
and Users
AD RegisteredDevices & Users
100% Devices & Users
Partial Visibility Remediation
100% Visibility
Remediation
Palo AltoNetworksAgent
Palo AltoNetworksFirewall