Feature Article

April 10, 2013

Aruba Networks Enhances ClearPass Management System: BYOD Solution Integrating Network Access Control with Application and Device Management

The Bring Your Own Device (BYOD) phenomenon (what critics call “Bring Your Own Danger”) is only about four years old. However, it did not take that long to change everything about the way we live and work, and blurred the two in profound ways. 

In the process, BYOD set a big precedent for the future of enterprise security. 

Along with its increased rewards, BYOD has created what some call “IT Anarchy.” People and departments increasingly circumvent and/or ignore corporate policies and rules on using personal devices on enterprise networks. This has meant that despite being responsible for security, IT has lost visibility as what is out there—what it is running, and who, what, where, why and when is accessing the corporate network in a compliant manner. It may not be anarchy but it is chaotic.  

The question C-levels, particularly CIOs and CSOs are grappling with is, “How can we keep the convenience and utility of BYOD which our users and management want, but manage all aspects of BYOD’s impact on security?” After all, in a BYOD world, security now involves protecting and managing people (IDENTITY), devices, applications, file transfers, business processes and the networks they all rely on. 

The challenge has been that there have been solutions that address some of the things to be managed but not all of them, and certainly not all of them on a single platform. This leaves IT to be a solutions integrator on top of everything else, including being viewed as a hindrance rather than a help.

Aruba Networks, with the announcement that its ClearPass Access Management System – with the addition of its new capability Aruba WorkSpace – has done just that: keeping the benefits of BYOD while giving IT the tools to manage all of the complexity to secure the enterprise. How so?

 Aruba is now offering the capability to have Network Access Control (NAC), Mobile Device Management (MDM) and Mobile Application Management (MAM) systems one a single platform. It gives IT the visibility, context and control it wants and needs, without turning users into skeptics.

Plus, along, with the added protection comes reduced BYOD helpdesk costs and IT no longer having to play the role of solutions integrator in a big way.

A workspace that is secure and manageable

Aruba, which started as an enterprise wireless LAN (WLAN) company, has grown into a significant player in network access, as mobility use explodes. It is thus no stranger to network access and more than a little about authentication and device management in the enterprise. In developing Aruba WorkSpace, the firm built it on an enterprise network policy system that is network-fluent.

From a security perspective this means:

  • A higher network priority can be automatically assigned to work applications.
  • In the event an employee’s device connects to an un-trusted network, Aruba WorkSpace can automatically establish application-specific VPNs to encrypt traffic and provide uninterrupted access to internal resources.
  • Aruba WorkSpace can also restrict network access if a device is jail-broken or contains unapproved applications.

This type of solution is known as “containerization,” or employment of a secure “wrapper.”   


Source: Aruba Networks

How this is implemented is that an Aruba WorkSpace mobile app is pushed to employee devices. This allows users to access and manage work applications, share AirPrint and AirPlay devices with other users or groups, manage other on-boarded devices, and configure guest accounts. All of this is accessible to end users in one location so they can tailor their user experience to meet their needs. Users have control, but as critically so does IT. 

That separate, encrypted area for work applications and content gives IT full control over the corporate information in this encrypted space, and there is no visibility into personal areas of the device, thereby protecting employee privacy.

As Aruba points out, the issue of end-user privacy is big. A recent Kelton survey commissioned by Aruba revealed that 61 percent of BYOD users worry about losing their devices because they contain corporate data. Plus, 63 percent say they wouldn’t immediately report the loss of these devices to their IT department; this presents a significant security concern for enterprise IT.

This is a major concern in places like Europe which have very strict privacy laws.

A Holistic way to control access, devices, content and leverage context

Since so much of this solution is based on visualization and context a few additional graphics are useful here. The graphic below shows, this is an integration of NAC, MDM and MAM in a holistic approach.


Source: Aruba Networks

In fact, to make life easier for IT what Aruba has done, as an alternative to its native device management functions, Aruba ClearPass features integration with top MDM vendors, including AirWatch, FiberLink, JAMF Software, MobileIron and SOTI. 

This means customers with existing MDM solutions can realize a combined value of integrated, context-based network policy, device on-boarding and security, and a full range of mobile device management capabilities.  This integration lets IT orchestrate critical mobile device security actions based on who the users are, what device they are using, what applications they are running, and their location. For example, mobile device cameras can be disabled if the device is in a secure, restricted location.

Context, and its portability across the management domains, is key. The graphic illustrates the applicability the solution—based on who, what, where, why, how and for what reasons—can have the access and authentication they require. It highlights that the authentication contexts from one management domain can be integrated and used for the others. 

An analogous way of thinking about this is the joy of not having to reenter an ID and password, usually ones that are different or that we can’t remember, every time our volition, real-time persona and location changes in order to make transactional behavior—work and personal—easier, seamless and with a high degree of security.  


Source: Aruba Networks

All of this capability has Aruba channel partners anxiously awaiting availability of the enhanced solution in July. They are expecting interest similar to the positive reactions voiced by Regional Medical Center at Memphis, Tennessee (The MED). The MED is in beta with Aruba WorkSpace.

IT has an Aruba Network for WLAN serving over 2,200 employees, including 500 nurses and 300 doctors.   

Cameron Parker, manager of technical services, Regional Medical Center at The MED, said, “Our physicians and medical staff depend on the wireless network to access critical patient information…As we expand our support for BYOD, we need a reliable solution that can properly manage and control access of these personal mobile devices. Given Aruba’s proven track record in network access, security and device provisioning, Aruba’s new WorkSpace solution integrates the network, the device and application management which provides us with an ideal, single vendor solution to meet all our mobility needs.”

Apps on tap: more than 40 mobile apps are integrated with Aruba WorkSpace

Given containerization and the need for BYOD users to have in their work space things that they find useful and today more than likely would get themselves without notifying IT, Aruba has done a good job on two things as part of the rollout. 

First, Aruba has integrated more than 40 popular mobile applications for use with Aruba WorkSpace via its new WorkSpace Partner Program that was announced along with the solution and is continuing to add more. Apps already certified for Aruba WorkSpace include:

  • File Access: Filamente, Averail Access, Avatron Air Sharing
  • Business Analysis: Roambi
  • Collaboration: Jive Mobile, Producteev, TeamBox, Zoom, LiveBoard, Xavy-MSFT Lync, Xriz-Asterisk, Xvio-Cisco Tandberg, Xime-IBM Sametime
  • Office Document Editor: PDF Expert Enterprise, SmartOffice 2, CloudOn, Polaris Office Enterprise
  • Education: Lanschool
  • Enterprise Productivity: Box, YouMail, Dolphin, Mail+, Moxier, Breezy, CamCard, CamScanner, CamDictionary, BizExpense, Avatron Air Display, Avatron Air Login, SlideShark, BigTinCan, mColleagues, mMeetings
  • Healthcare: MobileCare, Eye Chart Pro, TigerText
  • File Sharing: YouSendIt, SugarSync, NetDocuments, Egnyte

Second, and as importantly, enterprise IT customers can quickly upload custom, internally developed or third-party applications to their own Aruba WorkSpace Enterprise App Store for easy distribution and management.  What makes this so attractive is that rich, contextual security policies can then be applied to each app.

And, Aruba WorkSpace as depicted above adds enterprise security features such as Active Directory authentication, jailbreak detection and content encryption to applications.

 “With mobile device and application proliferation accelerating at an unprecedented pace, IT departments simply need a solution that eliminates the extra work and expense associated with bridging the silos across the network, the device and the application,” said Keerti Melkote, founder and CTO, Aruba Networks. “By integrating our core strength for network access control and security we can streamline the BYOD process and take the burden and risk away from the IT department.”

In discussing the introduction with MobilityTechzone, Robert Fenstermacher, director of product and solutions marketing for Aruba, Workspace noted that, “The very nature of how IT services are delivered is transforming at a rapid rate. Users want to use their BYOD devices according to their personal and professional needs and have control of their experiences and privacy. Yet, IT remains responsible for securing what is an increasingly complex and risky environment.” 

He continued that, “This does not have to be an either or situation, or users vs. IT. We think Workspace in combination with ClearPass and the integrations with MDM, and our affiliation with enterprise app providers provides the balance that addresses everyone’s wishes and concerns.”  

“Context has been the crown jewel of our development work,” he added. “It is significant for cost as well as security reasons that IT will be able to use context to write policies across all of the management areas which is going to save time, money and in the end create peace of mind.”

In terms of availability, the ClearPass Access Management System is shipping now. The Aruba WorkSpace software for ClearPass is as noted in beta testing and will be available in July, 2013. A client-side software application called Aruba WorkSpace for both iOS and Samsung Android-based devices will be available from the Apple App Store and The Google Play marketplace, also in July, 2013.

For more information about WorkSpace, click here.

NAC, MDM and MAM – all visible and controllable from a single platform that provides enhanced security without disturbing the end-user experience – sets the competitive bar pretty high. It also does something that going forward is of critical importance. This type of solution gives IT the capabilities it needs to fulfill its security responsibilities. In fact, this will be the subject of TMC’s SecureIT: Protecting Your Enterprise in A BYOD World event and expo to be held July 23, 2013 at the Kimmel Center on the NYU campus in New York. 

We hope you can join us and the discussion, as the industry looks to meet the challenges and opportunities BYOD is creating.




Edited by Braden Becker


FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter