Feature Article

Free eNews Subscription>>
February 11, 2014

Automated Device Enablement Framework for BYOD from Cloudpath

It is difficult not to sound like a broken record when it comes to securing the enterprise.  The facts are that as a result of the cloud, virtualization, mobility in general and BYOD specifically, the vectors of vulnerability that enterprise IT has to now deal with have made their jobs exponentially complicated in the past few years. 

Indeed, security professionals for enhanced risk management now must have better visibility and control over people, devices, the apps on those devices, the networks on which data travels, along with constantly monitoring the access to and integrity of stored data and all of the infrastructure that support modern computing and communications.  Plus, all of this must be done in a world where the bad guys are increasingly sophisticated, and where because of this traditional approaches to security are insufficient as authentication/identity has become the new perimeter.

With all of the above as background, it is hard to know what is most important for enhancing enterprise security, but certainly mobile device and mobile applications management is at the top of the list. And, drilling down a little deeper, given the proliferation of BYOD at all levels of enterprise activities, including the preference for C-levels to now run their businesses in real time on their smart devices, enabling everyone to be able to access enterprise WI-Fi networks easily and securely has become a significant challenge. 

Westminster, CO-based security solutions provider  Cloudpath Networks is aiming to make life much easier and provide peace of mind to IT security professionals with the release of XpressConnect Enrollment System (ES) 3.0 (www.cloudpath.net/products/).  It is being touted as the industry’s first Automated Device Enablement (ADE) platform that combines secure device onboarding and advanced certificate management.

ADE with certificate management for better protection

A bit of familiarization with terms is in order.  Automated Device Enablement (ADE) provides infrastructure-based control and security for personal and IT-owned devices without the need for on-device agents.  As Cloudpath explains, they have modeled ADE on approaches used in carrier network whereby ADE uses smart, policy-associated certificates to provide visibility and control over every device starting at the Wi-Fi layer and working upward.  In fact, XpressConnect ES 3.0 is designed to allow an ADE approach to be deployed quickly and easily, even in complex, distributed environments, and can  adapt to new use cases and visually monitor devices and their associated policies in real-time from a single dashboard. 

“Automated Device Enablement allows environments to selectively enable services and capabilities on a device-by-device basis for a full spectrum of users, including guests, contractors, BYOD and IT, in a manner that is secure, scalable and sustainable,” said Kevin Koster, founder and CEO of Cloudpath. 

The Automated Device Enablement framework centers around six key premises:

  • Secure every device. Every device should have secure, encrypted connectivity, even if connectivity is Internet-only. 
  • Wi-Fi is the new hub for the enterpriseEnterprises should handle guests, contractors, partners, suppliers, BYOD, IT and more in a consistent, secure and effective manner.
  • Days of one device per person are over. Most knowledge workers now have 4-5 Wi-Fi devices. 
  • Have a strategy for granting privileges. Begin with least-privilege access and build upward. The highest volume of devices will need least-privilege, typically just Internet-only secure Wi-Fi access. Moving up the privilege ladder means ensuring the value of the additional privileges is greater than the associated costs (IT overhead, risk, user perception, etc.). 
  • Tread lightly on personal devices.  The trick is to do so while maintaining security appropriate for the device’s use. Infrastructure-based control helps maintain consistency across the fragmenting device landscape. Standards and existing protocols are preferable to proprietary agents and apps. 
  • Plan beyond the network.  Wi-Fi is the starting point for services, but devices commonly need access to other services, such as VPNs, web proxies, email and websites (single sign-on or two-factor). Environments should ensure that each device is automatically enabled with the appropriate services and capabilities to match both IT policies and the device’s intended use. 

“We are transitioning out of a period where BYOD was seen as risk to be restricted and into a period where BYOD is seen as an opportunity for value creation. The opportunity today is to capture that value,” said Koster. “Automated Device Enablement recognizes that value resides in varying amounts in a wide array of devices. ADE provides the right mechanism to unlock that value with better usability, manageability and security than previously possible.”

It should be noted that the enhanced certificate management part is non-trivial.  It is a core part of the equation of not just making onboarding of devices and the people who own them simpler but also increases the security.  IT professionals after all are accountable for who, what, where, why and when, and are responsible of monitoring all of this so they can be not just reactive but proactive in managing risks.   XpressConnect ES’s certificate management capabilities, combined with combined with ease of onboarding  provides as Cloudpath notes, “A plug-and-play system that overcomes the limitations of Wi-Fi onboarding and traditional burdens of PKI.”

Given the growing reliance on personal devices which has led many to characterize emerging workplaces as “mobile enterprises”, facilitating access of devices to enterprise resources while enabling IT to have both the visibility and control they need to keep the enterprise and its employees and even guest users safe from cyber threats is complicate.  However, Cloudpath by automating onboarding for devices with enhanced visibility and control, as noted above has focused in on a critical area for helping IT make BYOD friend and not foe by leveraging Wi-Fi connectivity and the value it can enable. 

Edited by Cassandra Tucker

FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter