BYOD challenges for large organizations

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

Alexander Hav?¤ng is the CTO at Procera Networks and in this interview explains enterprise challenges with BYOD.

BYOD is one of the biggest buzzwords in recent years. In reality, how big of a challenge is BYOD for large organizations?
The challenges are somewhat nuanced. Computing and communication are still fundamentally the same, but the typical IT department provides support based on a common build practice. Under the old paradigm, when a user called, the helpdesk knew what they were dealing with. Most large companies have standardized hardware and software platforms and that made troubleshooting pretty straightforward.

In a BYOD environment, this is not the case at all. Devices and the applications loaded on them are a complete yard sale, that is to say they are unpredictable in shape and texture. Customers that have navigated this properly, standardize and enforce the things that support the business, which ensures more predictability in terms of network behavior. Control the things you can control, because the rest of it is pretty messy and somewhat distracting. Standard endpoint protection or VPN software are some of the things you can dictate, and we have customers that use Procera to enforce policy on non-conforming devices by putting them in a “virtual penalty box” until the issue is addressed.

One other challenge is device registration. This was not always the case, but it is emerging as a requirement. Once the characteristics and behaviors of a device or class of devices are understood, organizations may find it desirable to apply policy to those devices. We have seen a renewed interest in registration portals and in binding identity to network behavior, which is something that we understand. At any rate, having this information is just good policy and recreating it in the future can be a daunting task. Microsoft Active Directory did this in the all-PC environment, but achieving the same in the BYOD landscape requires developing new muscle.

What devices and applications are most popular with those who bring their own devices to work? How do those pose a danger to the organization?
The most popular devices are the ones used in mobile networks, where we have traditionally played an important role and have a strong presence. The reigning kings of the smartphone space don’t need further introduction, but there is some variety once you get past the top few. We are seeing a big increase in tablet usage, but this should not be a news flash to anyone. This market is fragmenting further, as it becomes more competitive, and as other models challenge the leaders.

The applications are pretty diverse as one might expect. When the employee is off-site, they are using the things they normally use in their non-work life. Coming to work doesn’t change that, so there is a fair amount of “non-essential” traffic added to the corporate network as a result. This additional burden can be viewed as dangerous when viewed in the harshest light. The security implications of this “application stew” are emerging, suffice to say it will get messier before it gets neater.

Since many of these applications serve little or no corporate purpose other than the amusement of the employee, they are drawing some attention. Increasingly CIOs are asking hard questions about their obligation to support or fully enable that traffic. It’s a bit of a devil’s bargain though, they want the employee to use the device, but they want to prevent them from using it in their normal way. Most customers are moving toward some form of traffic management, but disabling popular non-essential applications will prove too draconian in some corporate cultures.

The most pressing danger though is the lack of any real baseline of network behavior. BYOD devices on the whole are Internet dependent and they bring with them a traffic burden, and corresponding connection addition, to the network. We see clear differences between devices and some bring bigger burdens than others, but understanding that and applying policies to keep that in check are increasingly important.

What advice would you give to a company trying to cope with an increasing number of private mobile devices on its network?
Be careful what you ask for. While there are clear benefits, there are less obvious hidden challenges. Again, not all devices have the same traffic profile and understanding and managing that traffic is an iterative process that requires tools that can provide visibility to the data and enable desired mitigation schemes. Policy enforcement solutions can assist on both of these fronts, but the network manager needs to come to understand the subtleties involved.

We have nearly ten years of experience in this realm and have learned many lessons the hard way. Our customers and prospects benefit from our advice. Just be aware that you are going from a network where you had all the answers based on common build practice to one that is a little bit out of your control. New applications are coming out by the second and your users are going to find them and expect to use them over the corporate network. Embrace it, because you can’t stop it.

Having granular visibility into network traffic patterns and behaviors is important. Understanding new applications and their traffic impact is equally critical. This is why we update our traffic signature recognition database weekly. The environment we operate in requires this velocity and time to value. Some IT people may find the speed with which change occurs a little harrowing—because it is—but that is the new normal. The vendors that have come to grips with this can be great resources, and corporate IT departments that accept this new reality will have better results trying to manage it. It may be daunting at times but it is not something that we control, so we run with it and so far, so good.