Bye-Bye BYOD … hello Secure Guest Access

By Toby Makepeace, Technical Director, Netutils

Views expressed in this post are original thoughts posted by Toby Makepeace. These views are his own and in no way do they represent the views of the company.

Ok, so we all know the term BYOD has been in the news for a good while now. And I’m still challenging my customers and contacts interested in deploying a BYOD strategy by asking them why? Why are you interested in a BYOD strategy for your organisation?

Personally, I think the concept of a secure network access control (NAC) policy is essential for any network, but when it is solely being linked to BYOD I have to ask the question ‘why?’

In my view the reasons behind a BYOD policy within organisations is normally driven by one of 3 things:

  • The staff are asking for it
  • The senior management team want to use their iPads (happens a lot, believe me!)
  • The organisation sees a business benefit to allowing users to access their own devices at work

If it is the latter, great and I’ll address that further on in this blog.

If the reasons for BYOD are driven by either of the first 2, my suggestion is that you consider (instead of a full-on BYOD strategy) simply deploying a guest network with internet access and ensure all the relevant monitoring and filtering is in place.

In addition make sure you use something to control the traffic usage, and don’t ever just put up an open network for staff to use; you do not want to actively monitor staff, but you do want to deter people from just using a company connection to the internet for personal use. You also need to ensure the company has relevant protection in place to comply with the legal obligations no business should ignore (such as data retention and the Digital Economy Act) to reduce the responsibilities of your IT team in terms of managing and reporting on the data used and accessed by guests using your network.

You’ll probably find that the primary applications your staff wish to access will be (surprise, surprise) Facebook and Twitter and to be honest in most cases my advice would be to allow that. Happy staff work better. What you don’t want to find is a load of BitTorrent data being downloaded, or uploaded over the network, so hence the need for a solid guest access solution. So in this case you are not deploying BYOD you are just being nice to staff by helping them reduce their mobile data costs! And, let’s face it, most of them will be accessing these applications during the day with or without a guest network.

So back to full blown BYOD, I suggest you ask yourself and your organisation the following questions.

  • Which applications do you need to support?
  • What types of devices are you happy to support?
  • Which employees are you happy granting access to?

Once you’ve answered these questions, I suggest you follow this simple process:

  1. Start with the resources
  2. Involve your staff
  3. Deploy a layered approach

Consider which resources you want staff to be able to access. Are you going to do things via Terminal server/Citrix sessions? Or are you going to allow users to actually use their devices to connect? Take each application and think of simple rules, for examples Outlook Web Access / Email are you happy with these being accessible on a personal device? Will the staff be more productive if they are? Ok, then consider do you require full Mobile Device Management or just a simple ActiveSync policy? (This will always come down to the volume of the data in peoples email).

Next, involve your staff. Let them know you are rolling out BYOD, but you are going to do it slowly and ask them to submit their suggestions as to what applications they seek to use and why. This way you can set priorities and assess the level of control you are going to need to be in place. You might find the Remote Access policy you have in place just needs to be tweaked, and a new wireless network that is very similar to the guest network gets created, that has a link through to certain resources like Lync/Citrix and other applications.

Deploy a layered approach. Allow staff to login to the BYOD network using their Active Directory credentials, this way they will be logged onto a secure network but separate from the corporate network. Then to get access to a resource like your CRM for example, you might consider using 2 factor authentication via an SSL portal, which is only available in the office, so you know who is accessing the network, the fact they are present in the building, and they know their 2 factor password.

I hope these tips give you food for thought and help you in your BYOD strategy planning. If you have any question then do feel free drop them to me via Twitter @tmakepeace. Thanks for reading and good luck!

Highlights from Juniper Networks & Netutils Innovation Day, Cabinet War Rooms, London

By Vanessa Cardwell, Marketing Manager, Netutils.

Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.

On Wednesday 19th March 2014 we invited organisations to join us at The Cabinet War Photo4 Rooms in London to ‘Take a Closer Look’ at Juniper Networks. The aim of the event was to build relationships with organisations interested in having face to face time with Netutils and Juniper Networks’ technical experts and to learn about the latest innovations in datacentre and campus and branch networking & security from Juniper Networks.

The War Rooms lent itself extremely well to the event. Churchill’s bunker was the perfect place to take stock and work together to strategise and address some of the networking & security challenges we face in today’s constantly evolving enterprise.

APhoto2t the top of the day the ice was expertly broken by Major Wade & Mrs Hughes our 1940’s actors. Wade and Hughes welcomed our guests to the War Rooms and delivered a wonderfully entertaining introduction to the War Rooms complete with whistle blowing and bell ringing! Once our guests were reassured they were safe underground the event commenced.

David Silsby, Sales & Marketing Director introduced the details of the day to our guests and explained how Netutils’ goal as an organisation and Juniper Networks Elite Partner is to help make sure our customer’s technology does what it is supposed to. Supporting organisations to ensure their networks are fast, secure and available to the right person at the right time, making sure we give you access to technology when and where you need it.

Next up was Brett Ley, Director, Datacentre Sales EMEA. His presentation focused on Innovations in Datacentre Networking & Security. In a world of ever-changing apps, evolving virtualisation and the rapid adoption of cloud, mobility and big data technology, today’s network needs to be incredibly agile. Brett Introduced Juniper Networks’ MetaFabric Architecture—a simple, open and smart approach to network architecture. MetaFabric leverages Juniper Networks’ comprehensive portfolio of switching, routing, orchestration, SDN and security solutions.

  • Switches optimised for the data centre to support any switching fabric architecture for any application.
  • Routers that interconnect multiple data centre locations and clouds, across virtual, physical, and SDN workloads.
  • SDN solutions that automate and orchestrate creation of virtual networks.
  • Data centre security solutions that adapt to defend, detect, and respond to targeted threats.
  • Automation and orchestration management tools that provide network visualisation, analysis, and control.

The Benefits

The MetaFabric architecture solves the complexity of creating a network for today’s data centre landscape. It has three pillars:

Simple – Enables ease of deployment, operations and management of the network without service interruption.

Open – Maximises flexibility by integrating with any data centre environment, eliminating vendor lock-in.

Smart – Saves time and improves the performance of the network through data, analytics, and actionable insights.

The bottom line is that the MetaFabric architecture delivers the agile and efficient network foundation required for today’s dynamic data centres.

(Further reading: Juniper CIO Uses Cloud to Support ‘Consumerization of Data Center’)

Photo3Netutils Senior Technical Specialist, Malcolm Orekoya then delivered an overview & demo of Junos Space.

Exponential growth in network traffic, changes in mobile user behaviour, and the onslaught of new cloud services and applications are expanding the avenues available to malicious attackers. Managing enterprise security policy in these complex environments can become prone to error and overly time-consuming, especially if management solutions are slow, unintuitive, or restricted in their level of granularity and control. Poor policy management can also lead to security mis-configuration, making the enterprise vulnerable to sophisticated threats and regulatory noncompliance.

Junos Space is an open, secure, and scalable software platform that allows customers, partners, and developers to build and deploy simple, smart applications that manage and analyse network element data and optimise network infrastructure and operations management of infrastructure running the Junos operating system. Malcolm demonstrated the attributes of the Junos Space solution that allows customers to maximise their network value and scale solutions while reducing complexity.

Malcolm demonstrated two main applications of Junos Space – Network Director & Security Director. Security Director provides efficient and cost effective management of Juniper Networks SRX security platform and allows you to scale management reach across your security and network devices and ease administration and reduce configuration errors through a responsive Web interface. Network Director offers a unified wired and wireless network management application for Juniper Networks switching and wireless portfolio, featuring full life cycle management including pre and post deployment life cycle tools with single pane visibility to manage Network infrastructure, users and services.

Jonas Gyllenhammar, Pulse Architect, EMEA concluded the session with his presentation on Innovations in campus & branch networking and security.

The ability to access anything from anywhere is the new norm in today’s world of communication. This creates a lot of concerns when it comes to corporate data being accessed securely.

It is not only the challenge of the mixture of managed and un-managed devices and their security state but also the protection of actual valuable data that needs protection.

This requires a new echo system involving secure access and intelligent firewalling to bring together security intelligence and deception techniques from multiple sources.

What was really engaging about Jonas’ session was his point that the phenomenon of BYOD is not simply about bringing your own device, its more than that; it’s about a robust access management policy solution for your organisation and this requires a dynamic policy driven security enforcement solution. A bit of a mouthful perhaps but Juniper Networks’ end-to-end Pulse solution makes this straightforward. In short, it’s simply about 2 things:

The User – are they known or unknown?

   The Device – corporately owned? BYOD, staff member with an unknown device? Or Guest with an unknown device?

Junos Pulse allows you to combine different users and devices. An end-to-end solution which covers all use cases delivering network wide policy orchestration.

Jonas spent some time detailing the different attributes of the Pulse solution – profiling, on-boarding, authentication, device / user authentication, role based access and network wide automatic threat mitigation. The Pulse solution keeps BYOD simple. It supports the requirement that users need BYOD in different flavours – light and full access. As well as providing full network access to known users and devices, it’s vital to have a simple identity based guest access solution for Wi-Fi access, keeping you compliant and secure. In short, Pulse allows you to deliver the right policies for the right use cases, making the access and on-boarding experience seamless for the user.

Jonas also introduced our audience to Junos WebApp Secure (JWas) Jonas demonstrated how easy it is to detect, identify, track and stop hackers in their tracks. The simple, clean interface of the solution allows for easy monitoring. Junos Web App Secure looks at two areas – Certainty and Specificity. This ensures that you are blocking the right activity without impacting your business, and identifying malicious behaviour that other solutions can’t even start to think about finding.

The demonstration of Junos WebApp Secure illustrates how the Juniper Networks’ security ecosystem adapts at the speed of risk, where allowing easy access is balanced with stopping attackers from getting what they want.

FoPhoto1r further information on innovations in datacentre and campus & branch networking and security please do get in touch. Keep checking our blog for regular updates and videos from our events.

We made a video of the event. You can check it out on our blog here.

Seamless Wi-Fi Guest Access at Grade II Listed Building Cockington Court

By Vanessa Cardwell, Marketing Manager, Netutils

Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.

A big thank you to Norma Paynton, Programme Manager at Torbay Development Agency CockingtonCourtwho talked to us about how using our Managed Guest Access Solution allowed Torbay Development Agency to boost the Wi-Fi service at Cockington Court for the benefit of the tenants and the many tourists and day visitors to the craft centre.

We are really very pleased with the solution and tailored service Netutils have provided. The interface was quick to set up, straightforward and easy to use. The fact that we can now promote the Wi-Fi service to potential visitors is an added benefit and really brings Cockington Court up to date.

Read the full case study here.

If you have responsibility for Guest Wi-Fi Services at your organisation than please get in touch with a solutions experts from our team for more on our Managed Guest Access Solution. You can also join our webinar at 11am on Wednesday 5th March 2014 for an overview. Register Here: Webinar: Wi-Fi Guest Access Made Easy

What our customers say

[vimeo vimeo.com/http://vimeo.com/85264748]

We made a short video with a handful of our valued customers. We hope you enjoy it. Take a peek to find out why our customers come back again and again. A big thank you to everyone who took part for their time and their positive words.

Wi-fi Access on the Move

Our fully managed guest access solution allows users to self provision wi-fi access. Take a look at how Sprint Communications are using the solution for passenger wi-fi for public service vehicles. A great example of the flexibility of the service.

Video: IPEXPO 2013 – A Spotlight on Your Network & Cloud Security

[vimeo vimeo.com/http://vimeo.com/79764967]

If you were unable to join us at this year’s IP EXPO then please do take a few minutes to view our video from the event and find out how Netutils along with Juniper Networks can support your security challenges now and in the future.

Don’t ignore the hype: IT trends deliver security with access

By Malcolm Orekoya, Technical Specialist, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.

How do we enhance security but allow users access to the data and resources they need seamlessly and improve enterprise productivity, while still keeping up with the trends in mobility, consumerisation and cloud? The answer is by following those trends.

Look beyond the technology and look at the people that use the technology. This tells us two things: users do not prioritise security, and your enterprise productivity is directly related to the ability of your users to perform their tasks efficiently. So companies cannot adopt a “lock everything down” mentality. It is effectively a denial of service attack against yourself, because you are essentially denying access to the essential services needed by your users. So security, and enforcement of it, is solely the responsibility of the enterprise. It may sound harsh, but it is the reality; employees are accountable for the procedures, guidelines and policies to which they are required to adhere to.

The only viable way to build a secure network that moves with CoIT is to use existing corporate user identity systems (such as Active Directory, LDAP, SQL) to integrate with evolving ideas to automatically provision context-aware applications and resources.

So how to secure data and the network while still allowing seamless access and speedy resource allocation? Don’t ignore the trends in the IT industry. Cloud and hosted applications are continually increasing in adoption because they guarantee a certain level of security of access, ease of access, flexibility, automated provisioning, ease of upgrades, cross platform compatibility and reduced CAPEX, while maintaining compliance and security standards. The providers of these solutions are themselves heavily regulated and required to adhere to high standards of data and network security.

If you prefer to retain in-house control of applications, then virtual desktop infrastructure (VDI) means you benefit from reduced costs over time of purchasing user endpoint machines by moving to thin clients. But also these VDI platforms allow control of what applications employees have access to, and provide much more granular control on what tasks users can perform. Because a lot of the VDI platforms allow “hot-desking”, as user profiles are maintained on centralised servers, they provide access flexibility and remote access, which fit with CoIT needs.

Zero-Day protection is also another useful trend; the means by which an enterprise can protect its data and resources from threats and vulnerabilities that are currently unknown, so consequently do not have a fix. Zero-Day application exploits, targeted attacks, advanced information stealing malware and Advanced Persistent Threats (APTs) all pose a serious security threat to enterprises, but as these threats evolve, so does the approach to effective and manageable protection. Active defence, which discourages attacks by focusing on raising costs and risks to attackers, is slowly creeping into enterprise strategy. Proactive protection – including advanced Web Application Firewalls (WAF), counterstrike and intrusion deception techniques – are all protection methods that have seen a revival. For example, in 2012 Juniper Networks acquired Mykonos Software’s intrusion deception software (Junos WebApp Secure) to enhance its web application security portfolio. It places deception points along the way. When an attacker trips one of those tripwires, we are alerted to the fact they are there and can watch them.

The reality is that vulnerabilities and threats exist, and come from inside as well as outside the network. The biggest insider threats are the employees, but we can only educate staff on how to handle sensitive corporate data and how to use corporate resources. For outsider threats, innovation brings assistance.