BYOD: Understanding and Planning Equals Success

By Malcolm Orekoya, Network & Security Specialist, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Network & Security Specialist, Netutils. These views are his own

We are now all too aware of the proliferation of mobile devices, such as smartphones and tablets in enterprises today and employers supporting a bring-your-own-device (BYOD) environment in order to support the growing number of employees who want to use their devices to work at home, at the office and while on the move is definitely on the rise. But what is the right approach to a successful BYOD implementation? Why at such an early stage of the BYOD popularity are so many enterprises struggling to correctly implement a BYOD environment?

Similar to starting up a new business, there has to be a good understanding of what one is trying to achieve (like having a business plan complete with forecasts and your bottom line), a good knowledge of all the variables involved (like knowing your market and competitors) and there needs to be a solid foundation from which to start (like having financial support through savings, investors or your bank). Today a lot of enterprise BYOD implementations start with the end user (usually a few high level executives) wanting to use their personally owned devices to access corporate resources while in the office and out of the office. As a result, IT departments begin their BYOD planning by starting with a small group of users, then their devices, then the resources they want to access, followed by how to implement control and then finally, a BYOD policy is formulated and rolled out to the larger employee population. In my opinion this is the wrong approach and sets the enterprise up for running into numerous problems down the line.

Irrespective of how the BYOD conversation starts within any enterprise, once the decision has been made to adopt BYOD across the network (i.e. it has gained the organisations support), a rethink needs to take place which properly considers the users, devices, resources, control and enterprise wide BYOD policy that would apply to everyone. The sequence of considering these variables when planning a BYOD environment should look something like shown below and not the other way around.

BYOD Policy → Resources →Control → Devices → Users

Each one of these considerations affects and ties in with the next one. The BYOD policy should stipulate that which  the enterprise requires its employees to agree (this policy should be signed by employees) and this will be influenced by the type of resource access required by the employees as well as the control utilised. For example, if an employee wants to bring in their own device to gain full access to corporate resources (say similar to what he or she has on their desktop computer,) the BYOD policy might state that the employee is required to allow IT to install a piece of software on their device that will allow IT to control and validate the posture of the users device (for instance check the Anti-Virus is up to date and possibly wipe the device if it’s lost or stolen.) If, however, the employee would rather not give this level of control over his or her device to IT, then they may only be granted limited access to corporate resources (for instance use of the internet and maybe web email.) Furthermore, the control required by the enterprise would determine the devices that it supports, which in turn could determine what devices users end up purchasing, although the popularity of some devices, such as Apple and Android devices, could quite possibly dictate both.

Enterprises need to start thinking about their BYOD implementation planning before actually implementing BYOD across their network. Considering the variables in the right order avoids putting the cart before the horse and would help avoid problems in the future. Having said that, it is worth mentioning that although planning for BYOD should start from the left to right of the variables mentioned  earlier, actually implementing BYOD should be considered from right to left; I’ll explain. Implementing BYOD starts by considering the level of trust attributed to a user and/or device, which is usually determined by users and/or devices successfully authenticating or validating their identity to a trusted entity, followed by the authorisation (access control) subsequently given to corporate resources, where the level of trust determines the level of access granted. All of which must ultimately comply with the organisation’s BYOD policy.

User Trust→Device Trust → Access Control/Authorisation →Resources→BYOD Policy

Again, each variable ties in with the other variables next to it, but it is important that enterprises do not make the mistake of starting to write their BYOD policy by first considering the trust attributed to their users.

In conclusion, as I mentioned at the beginning, starting a business almost always involves an understanding of the market, competitors and a business plan before anything begins. The same should be the case with BYOD in the context of the variables mentioned above, only then will your enterprise minimise problems and increase its probability of a successful and worthwhile BYOD environment.


Considerations for Service Providers – Delivering a Seamless Wi-Fi Off-Load Experience to Subscribers

Part 2:  Options for Authentication by Toby Makepeace, Technical Director, Netutils

This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.

Leading on from Part 1, Mobile Operators V Fixed Line Operators – who will win Wi-Fi Off-load Race?, we now need to look and consider how operator’s effectively manage subscribers and deliver a seamless Wi-Fi experience. What are the different options for authentication that operator’s should be considering?  WISPr , EAP-TTLS, EAP-SIM/AKA?

The answer is all of the above, because it all boils down to the device support.

For example, if we take the case that a user might have 3 devices that support Wi-Fi, but only one of these devices is provided by the mobile operator, do we want to limit authentication to only EAP-SIM based devices whereby a user will be limited to the device provided by the operator over 3G or Wi-Fi? Or do we want to offer a mixture of authentication methods to suit the devices a user may wish to use to connect to the internet?

Given my earlier point in part 1, that mobile users expect to consume and access more & more rich media content faster, from any location, at any time, from multiple devices an operator that only invests in one authentication method will limit either the devices they support or the user experience itself. This will inevitably lead to a user looking for another provider to meet their consumption needs, rather than their current mobile operator.

What we have seen is early adoption of WISPr based authentications in the market but the uptake to date has been slow; the process is cumbersome and non-secure. WISPr relies on the user taking responsibility so this clearly impacts on the all-important user experience.  Operators need to consider how to remove the responsibility from the user, and where possible make both the transaction and networks more secure.

The first secure method being considered for adoption by mobile operator’s is EAP-SIM, and this sees the number of subscribers using the service massively increase, however it is restricted by using the subscriber device’s SIM as the authentication parameter, validated by the HLR, and so only supports certain SIM based devices.

This limits those legacy devices that do not support the EAP-SIM protocol, for example a large number of Android devices. Any operator that ignores this will not achieve the required level of off-load they need. So protocols like EAP-TTLS or EAP-TLS come to the table.

Service Providers will quickly see the value of completely seamless Wi-Fi off-load to their end users in terms of increased loyalty with the improved user experience on Wi-Fi & the compelling business case of minimising the impact on the existing 3G network as data traffic increases. This will continue to be of major importance as 4G networks commence to roll out.

Top Considerations for Service Providers in Providing a Seamless Wi-Fi Off-Load Experience to Subscribers

  • Secure or Un-secure? Is this important to your subscriber base? Airwaves are open but can be secured.
  • Authentication protocols supported, the choice of SIM based or user interaction based.
  • Device support/target. Are you considering all Wi-Fi enabled devices or just phones for true off-load?
  • Consider how you are going to sell and manage usage, volume based or time based tracking, or just open?
  • Are you going to offer subscribers 3GB or Wi-Fi with the 1GB data plan they are on?
    • If so how are you going to manage it?
    • Are you going to sell subscribers a Wi-Fi data plan that is more attractive than the 3G data plan? Will you invest in educational campaigns to subscribers to use Wi-Fi rather than 3G?
    • Are you investigating in build or buy model?
      Build a wholesale network?
      Buy from a wholesale provider?
      Build a private network?

Read Part 1, Mobile Operators V Fixed Line Operators – Who will win the Wi-Fi Offload Race?

About Toby
Toby is currently working on a number of Service Provider projects focusing on Identity Management. These range from Mobile Operator Wi-Fi off-load projects, broadband authentication encompassing quota and service management for P2P and video traffic control, and integrated M2M projects over 3G.

Toby has over 15 years progressive experience designing complex RADIUS platforms to meet the demands of the most multi-faceted businesses.

In addition Toby has spent a number of years observing and implementing solutions for the enterprise space in the BYOD and NAC market. ‘It’s a keen area of interest for me as it combines the whole concept of identity management and business needs together. It also provides me with a good knowledge of what the enterprise customer are looking to their carriers services to provide.’

Considerations for Service Providers – Delivering a Seamless Wi-Fi Off-Load Experience to Subscribers

Part 1: Mobile Operators V Fixed Line Operators – who will win the Wi-Fi Off-load Race? by Toby Makepeace, Technical Director, Netutils

This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.

In 2011, global mobile handset shipments reached 1.6 billion and tablet shipments reached 66.9 million. According to Juniper Networks’ survey, ‘mobile users worldwide own an average of three Internet-connected devices – from smartphones and tablets to eReaders and portable video game systems. Nearly one in five people (18 percent) own five or more devices. And today, people depend on these devices for everything from financial transactions and business operations to personal connections. ‘

Mobile subscribers expect to consume and access more & more rich media content faster, from any location, at any time, from multiple devices and all this at a competitive cost.  This increase in mobile traffic inevitably places enormous demands on bandwidth and increases pressure on service providers to a) deliver this bandwidth seamlessly & cost effectively to users b) maintain and grow ARPU and c) avoid customer churn.

As the digital society boundaries blur and subscriber demands for a seamless always on services accelerates, the demand on the network operators (mobile & fixed ) to respond to this challenge whilst managing costs could be seen as a race that is not winnable. Even with the introduction of LTE around the corner, the demand, availability and expectation placed on the mobile operators to deliver true, seamless, useable on demand bandwidth will diminish if the expected LTE take up again exceeds the capacity of the systems to deliver.

These substantial increases in costs (along with the backhaul requirement to meet the changing digital society needs), is driving mobile operators to consider Wi-Fi off-load/on-load. Wi-Fi offload also opens up opportunities to the fixed line operators by capitalising on and sharing infrastructure costs with mobile operators, the backhaul infrastructure they own can be utilised to deliver and deploy the fast backhaul network the mobile operators require.

In practice the infrastructure deployed to provide Wi-Fi off-load is often a wholesale service offered by either the fixed line operators to the mobile operators or a self-build network with a high operations cost. To my mind the infrastructure solution is likely to be a shared service offering that multi-operators can buy into.

So, in my view the answer to who will win the Wi-Fi Off-load race will be:

  1. The mobile operators that invest in the infrastructure early to provide efficient authentication to simplify the user experience.
  2. And the fixed line operators who manage to get the largest footprint on the ground offering true layer 2 connectivity for the mobile operators’ backhaul.

Read Part 2 – Options for Authentication