Bye-Bye BYOD … hello Secure Guest Access

By Toby Makepeace, Technical Director, Netutils

Views expressed in this post are original thoughts posted by Toby Makepeace. These views are his own and in no way do they represent the views of the company.

Ok, so we all know the term BYOD has been in the news for a good while now. And I’m still challenging my customers and contacts interested in deploying a BYOD strategy by asking them why? Why are you interested in a BYOD strategy for your organisation?

Personally, I think the concept of a secure network access control (NAC) policy is essential for any network, but when it is solely being linked to BYOD I have to ask the question ‘why?’

In my view the reasons behind a BYOD policy within organisations is normally driven by one of 3 things:

  • The staff are asking for it
  • The senior management team want to use their iPads (happens a lot, believe me!)
  • The organisation sees a business benefit to allowing users to access their own devices at work

If it is the latter, great and I’ll address that further on in this blog.

If the reasons for BYOD are driven by either of the first 2, my suggestion is that you consider (instead of a full-on BYOD strategy) simply deploying a guest network with internet access and ensure all the relevant monitoring and filtering is in place.

In addition make sure you use something to control the traffic usage, and don’t ever just put up an open network for staff to use; you do not want to actively monitor staff, but you do want to deter people from just using a company connection to the internet for personal use. You also need to ensure the company has relevant protection in place to comply with the legal obligations no business should ignore (such as data retention and the Digital Economy Act) to reduce the responsibilities of your IT team in terms of managing and reporting on the data used and accessed by guests using your network.

You’ll probably find that the primary applications your staff wish to access will be (surprise, surprise) Facebook and Twitter and to be honest in most cases my advice would be to allow that. Happy staff work better. What you don’t want to find is a load of BitTorrent data being downloaded, or uploaded over the network, so hence the need for a solid guest access solution. So in this case you are not deploying BYOD you are just being nice to staff by helping them reduce their mobile data costs! And, let’s face it, most of them will be accessing these applications during the day with or without a guest network.

So back to full blown BYOD, I suggest you ask yourself and your organisation the following questions.

  • Which applications do you need to support?
  • What types of devices are you happy to support?
  • Which employees are you happy granting access to?

Once you’ve answered these questions, I suggest you follow this simple process:

  1. Start with the resources
  2. Involve your staff
  3. Deploy a layered approach

Consider which resources you want staff to be able to access. Are you going to do things via Terminal server/Citrix sessions? Or are you going to allow users to actually use their devices to connect? Take each application and think of simple rules, for examples Outlook Web Access / Email are you happy with these being accessible on a personal device? Will the staff be more productive if they are? Ok, then consider do you require full Mobile Device Management or just a simple ActiveSync policy? (This will always come down to the volume of the data in peoples email).

Next, involve your staff. Let them know you are rolling out BYOD, but you are going to do it slowly and ask them to submit their suggestions as to what applications they seek to use and why. This way you can set priorities and assess the level of control you are going to need to be in place. You might find the Remote Access policy you have in place just needs to be tweaked, and a new wireless network that is very similar to the guest network gets created, that has a link through to certain resources like Lync/Citrix and other applications.

Deploy a layered approach. Allow staff to login to the BYOD network using their Active Directory credentials, this way they will be logged onto a secure network but separate from the corporate network. Then to get access to a resource like your CRM for example, you might consider using 2 factor authentication via an SSL portal, which is only available in the office, so you know who is accessing the network, the fact they are present in the building, and they know their 2 factor password.

I hope these tips give you food for thought and help you in your BYOD strategy planning. If you have any question then do feel free drop them to me via Twitter @tmakepeace. Thanks for reading and good luck!

Highlights from Juniper Networks & Netutils Innovation Day, Cabinet War Rooms, London

By Vanessa Cardwell, Marketing Manager, Netutils.

Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.

On Wednesday 19th March 2014 we invited organisations to join us at The Cabinet War Photo4 Rooms in London to ‘Take a Closer Look’ at Juniper Networks. The aim of the event was to build relationships with organisations interested in having face to face time with Netutils and Juniper Networks’ technical experts and to learn about the latest innovations in datacentre and campus and branch networking & security from Juniper Networks.

The War Rooms lent itself extremely well to the event. Churchill’s bunker was the perfect place to take stock and work together to strategise and address some of the networking & security challenges we face in today’s constantly evolving enterprise.

APhoto2t the top of the day the ice was expertly broken by Major Wade & Mrs Hughes our 1940’s actors. Wade and Hughes welcomed our guests to the War Rooms and delivered a wonderfully entertaining introduction to the War Rooms complete with whistle blowing and bell ringing! Once our guests were reassured they were safe underground the event commenced.

David Silsby, Sales & Marketing Director introduced the details of the day to our guests and explained how Netutils’ goal as an organisation and Juniper Networks Elite Partner is to help make sure our customer’s technology does what it is supposed to. Supporting organisations to ensure their networks are fast, secure and available to the right person at the right time, making sure we give you access to technology when and where you need it.

Next up was Brett Ley, Director, Datacentre Sales EMEA. His presentation focused on Innovations in Datacentre Networking & Security. In a world of ever-changing apps, evolving virtualisation and the rapid adoption of cloud, mobility and big data technology, today’s network needs to be incredibly agile. Brett Introduced Juniper Networks’ MetaFabric Architecture—a simple, open and smart approach to network architecture. MetaFabric leverages Juniper Networks’ comprehensive portfolio of switching, routing, orchestration, SDN and security solutions.

  • Switches optimised for the data centre to support any switching fabric architecture for any application.
  • Routers that interconnect multiple data centre locations and clouds, across virtual, physical, and SDN workloads.
  • SDN solutions that automate and orchestrate creation of virtual networks.
  • Data centre security solutions that adapt to defend, detect, and respond to targeted threats.
  • Automation and orchestration management tools that provide network visualisation, analysis, and control.

The Benefits

The MetaFabric architecture solves the complexity of creating a network for today’s data centre landscape. It has three pillars:

Simple – Enables ease of deployment, operations and management of the network without service interruption.

Open – Maximises flexibility by integrating with any data centre environment, eliminating vendor lock-in.

Smart – Saves time and improves the performance of the network through data, analytics, and actionable insights.

The bottom line is that the MetaFabric architecture delivers the agile and efficient network foundation required for today’s dynamic data centres.

(Further reading: Juniper CIO Uses Cloud to Support ‘Consumerization of Data Center’)

Photo3Netutils Senior Technical Specialist, Malcolm Orekoya then delivered an overview & demo of Junos Space.

Exponential growth in network traffic, changes in mobile user behaviour, and the onslaught of new cloud services and applications are expanding the avenues available to malicious attackers. Managing enterprise security policy in these complex environments can become prone to error and overly time-consuming, especially if management solutions are slow, unintuitive, or restricted in their level of granularity and control. Poor policy management can also lead to security mis-configuration, making the enterprise vulnerable to sophisticated threats and regulatory noncompliance.

Junos Space is an open, secure, and scalable software platform that allows customers, partners, and developers to build and deploy simple, smart applications that manage and analyse network element data and optimise network infrastructure and operations management of infrastructure running the Junos operating system. Malcolm demonstrated the attributes of the Junos Space solution that allows customers to maximise their network value and scale solutions while reducing complexity.

Malcolm demonstrated two main applications of Junos Space – Network Director & Security Director. Security Director provides efficient and cost effective management of Juniper Networks SRX security platform and allows you to scale management reach across your security and network devices and ease administration and reduce configuration errors through a responsive Web interface. Network Director offers a unified wired and wireless network management application for Juniper Networks switching and wireless portfolio, featuring full life cycle management including pre and post deployment life cycle tools with single pane visibility to manage Network infrastructure, users and services.

Jonas Gyllenhammar, Pulse Architect, EMEA concluded the session with his presentation on Innovations in campus & branch networking and security.

The ability to access anything from anywhere is the new norm in today’s world of communication. This creates a lot of concerns when it comes to corporate data being accessed securely.

It is not only the challenge of the mixture of managed and un-managed devices and their security state but also the protection of actual valuable data that needs protection.

This requires a new echo system involving secure access and intelligent firewalling to bring together security intelligence and deception techniques from multiple sources.

What was really engaging about Jonas’ session was his point that the phenomenon of BYOD is not simply about bringing your own device, its more than that; it’s about a robust access management policy solution for your organisation and this requires a dynamic policy driven security enforcement solution. A bit of a mouthful perhaps but Juniper Networks’ end-to-end Pulse solution makes this straightforward. In short, it’s simply about 2 things:

The User – are they known or unknown?

   The Device – corporately owned? BYOD, staff member with an unknown device? Or Guest with an unknown device?

Junos Pulse allows you to combine different users and devices. An end-to-end solution which covers all use cases delivering network wide policy orchestration.

Jonas spent some time detailing the different attributes of the Pulse solution – profiling, on-boarding, authentication, device / user authentication, role based access and network wide automatic threat mitigation. The Pulse solution keeps BYOD simple. It supports the requirement that users need BYOD in different flavours – light and full access. As well as providing full network access to known users and devices, it’s vital to have a simple identity based guest access solution for Wi-Fi access, keeping you compliant and secure. In short, Pulse allows you to deliver the right policies for the right use cases, making the access and on-boarding experience seamless for the user.

Jonas also introduced our audience to Junos WebApp Secure (JWas) Jonas demonstrated how easy it is to detect, identify, track and stop hackers in their tracks. The simple, clean interface of the solution allows for easy monitoring. Junos Web App Secure looks at two areas – Certainty and Specificity. This ensures that you are blocking the right activity without impacting your business, and identifying malicious behaviour that other solutions can’t even start to think about finding.

The demonstration of Junos WebApp Secure illustrates how the Juniper Networks’ security ecosystem adapts at the speed of risk, where allowing easy access is balanced with stopping attackers from getting what they want.

FoPhoto1r further information on innovations in datacentre and campus & branch networking and security please do get in touch. Keep checking our blog for regular updates and videos from our events.

We made a video of the event. You can check it out on our blog here.

Seamless Wi-Fi Guest Access at Grade II Listed Building Cockington Court

By Vanessa Cardwell, Marketing Manager, Netutils

Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.

A big thank you to Norma Paynton, Programme Manager at Torbay Development Agency CockingtonCourtwho talked to us about how using our Managed Guest Access Solution allowed Torbay Development Agency to boost the Wi-Fi service at Cockington Court for the benefit of the tenants and the many tourists and day visitors to the craft centre.

We are really very pleased with the solution and tailored service Netutils have provided. The interface was quick to set up, straightforward and easy to use. The fact that we can now promote the Wi-Fi service to potential visitors is an added benefit and really brings Cockington Court up to date.

Read the full case study here.

If you have responsibility for Guest Wi-Fi Services at your organisation than please get in touch with a solutions experts from our team for more on our Managed Guest Access Solution. You can also join our webinar at 11am on Wednesday 5th March 2014 for an overview. Register Here: Webinar: Wi-Fi Guest Access Made Easy

What our customers say


We made a short video with a handful of our valued customers. We hope you enjoy it. Take a peek to find out why our customers come back again and again. A big thank you to everyone who took part for their time and their positive words.

Wi-fi Access on the Move

Our fully managed guest access solution allows users to self provision wi-fi access. Take a look at how Sprint Communications are using the solution for passenger wi-fi for public service vehicles. A great example of the flexibility of the service.

Video: IPEXPO 2013 – A Spotlight on Your Network & Cloud Security


If you were unable to join us at this year’s IP EXPO then please do take a few minutes to view our video from the event and find out how Netutils along with Juniper Networks can support your security challenges now and in the future.

Don’t ignore the hype: IT trends deliver security with access

By Malcolm Orekoya, Technical Specialist, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.

How do we enhance security but allow users access to the data and resources they need seamlessly and improve enterprise productivity, while still keeping up with the trends in mobility, consumerisation and cloud? The answer is by following those trends.

Look beyond the technology and look at the people that use the technology. This tells us two things: users do not prioritise security, and your enterprise productivity is directly related to the ability of your users to perform their tasks efficiently. So companies cannot adopt a “lock everything down” mentality. It is effectively a denial of service attack against yourself, because you are essentially denying access to the essential services needed by your users. So security, and enforcement of it, is solely the responsibility of the enterprise. It may sound harsh, but it is the reality; employees are accountable for the procedures, guidelines and policies to which they are required to adhere to.

The only viable way to build a secure network that moves with CoIT is to use existing corporate user identity systems (such as Active Directory, LDAP, SQL) to integrate with evolving ideas to automatically provision context-aware applications and resources.

So how to secure data and the network while still allowing seamless access and speedy resource allocation? Don’t ignore the trends in the IT industry. Cloud and hosted applications are continually increasing in adoption because they guarantee a certain level of security of access, ease of access, flexibility, automated provisioning, ease of upgrades, cross platform compatibility and reduced CAPEX, while maintaining compliance and security standards. The providers of these solutions are themselves heavily regulated and required to adhere to high standards of data and network security.

If you prefer to retain in-house control of applications, then virtual desktop infrastructure (VDI) means you benefit from reduced costs over time of purchasing user endpoint machines by moving to thin clients. But also these VDI platforms allow control of what applications employees have access to, and provide much more granular control on what tasks users can perform. Because a lot of the VDI platforms allow “hot-desking”, as user profiles are maintained on centralised servers, they provide access flexibility and remote access, which fit with CoIT needs.

Zero-Day protection is also another useful trend; the means by which an enterprise can protect its data and resources from threats and vulnerabilities that are currently unknown, so consequently do not have a fix. Zero-Day application exploits, targeted attacks, advanced information stealing malware and Advanced Persistent Threats (APTs) all pose a serious security threat to enterprises, but as these threats evolve, so does the approach to effective and manageable protection. Active defence, which discourages attacks by focusing on raising costs and risks to attackers, is slowly creeping into enterprise strategy. Proactive protection – including advanced Web Application Firewalls (WAF), counterstrike and intrusion deception techniques – are all protection methods that have seen a revival. For example, in 2012 Juniper Networks acquired Mykonos Software’s intrusion deception software (Junos WebApp Secure) to enhance its web application security portfolio. It places deception points along the way. When an attacker trips one of those tripwires, we are alerted to the fact they are there and can watch them.

The reality is that vulnerabilities and threats exist, and come from inside as well as outside the network. The biggest insider threats are the employees, but we can only educate staff on how to handle sensitive corporate data and how to use corporate resources. For outsider threats, innovation brings assistance.

Video Blog: IP EXPO 2013 : Putting A Spotlight on Your Network and Cloud Security


Juniper Networks’ security solutions span the entire networking & security spectrum, including web, BYOD, wired and wireless, data centre, cloud and content protection. Join us on stand E68 at IPEXPO, 16th & 17th October 2013, Earls Court 2, London and talk to us about your security challenges. This video blog will give you a taster of the demos available on our stand. Register for free on our landing page:

Webinar Recording: Wi-Fi Guest Access Always On, Always Connected


The rise of user expectations for anytime, anywhere wireless access places increasing pressures on the IT team. To meet this demand today’s organisations are required to offer guest Wi-Fi services throughout the communal areas of their head and branch offices for visitors, contractors and staff. View our webinar recording here on our Cloudutils Guest Access solution.

BYOD: Understanding and Planning Equals Success

By Malcolm Orekoya, Network & Security Specialist, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Network & Security Specialist, Netutils. These views are his own

We are now all too aware of the proliferation of mobile devices, such as smartphones and tablets in enterprises today and employers supporting a bring-your-own-device (BYOD) environment in order to support the growing number of employees who want to use their devices to work at home, at the office and while on the move is definitely on the rise. But what is the right approach to a successful BYOD implementation? Why at such an early stage of the BYOD popularity are so many enterprises struggling to correctly implement a BYOD environment?

Similar to starting up a new business, there has to be a good understanding of what one is trying to achieve (like having a business plan complete with forecasts and your bottom line), a good knowledge of all the variables involved (like knowing your market and competitors) and there needs to be a solid foundation from which to start (like having financial support through savings, investors or your bank). Today a lot of enterprise BYOD implementations start with the end user (usually a few high level executives) wanting to use their personally owned devices to access corporate resources while in the office and out of the office. As a result, IT departments begin their BYOD planning by starting with a small group of users, then their devices, then the resources they want to access, followed by how to implement control and then finally, a BYOD policy is formulated and rolled out to the larger employee population. In my opinion this is the wrong approach and sets the enterprise up for running into numerous problems down the line.

Irrespective of how the BYOD conversation starts within any enterprise, once the decision has been made to adopt BYOD across the network (i.e. it has gained the organisations support), a rethink needs to take place which properly considers the users, devices, resources, control and enterprise wide BYOD policy that would apply to everyone. The sequence of considering these variables when planning a BYOD environment should look something like shown below and not the other way around.

BYOD Policy → Resources →Control → Devices → Users

Each one of these considerations affects and ties in with the next one. The BYOD policy should stipulate that which  the enterprise requires its employees to agree (this policy should be signed by employees) and this will be influenced by the type of resource access required by the employees as well as the control utilised. For example, if an employee wants to bring in their own device to gain full access to corporate resources (say similar to what he or she has on their desktop computer,) the BYOD policy might state that the employee is required to allow IT to install a piece of software on their device that will allow IT to control and validate the posture of the users device (for instance check the Anti-Virus is up to date and possibly wipe the device if it’s lost or stolen.) If, however, the employee would rather not give this level of control over his or her device to IT, then they may only be granted limited access to corporate resources (for instance use of the internet and maybe web email.) Furthermore, the control required by the enterprise would determine the devices that it supports, which in turn could determine what devices users end up purchasing, although the popularity of some devices, such as Apple and Android devices, could quite possibly dictate both.

Enterprises need to start thinking about their BYOD implementation planning before actually implementing BYOD across their network. Considering the variables in the right order avoids putting the cart before the horse and would help avoid problems in the future. Having said that, it is worth mentioning that although planning for BYOD should start from the left to right of the variables mentioned  earlier, actually implementing BYOD should be considered from right to left; I’ll explain. Implementing BYOD starts by considering the level of trust attributed to a user and/or device, which is usually determined by users and/or devices successfully authenticating or validating their identity to a trusted entity, followed by the authorisation (access control) subsequently given to corporate resources, where the level of trust determines the level of access granted. All of which must ultimately comply with the organisation’s BYOD policy.

User Trust→Device Trust → Access Control/Authorisation →Resources→BYOD Policy

Again, each variable ties in with the other variables next to it, but it is important that enterprises do not make the mistake of starting to write their BYOD policy by first considering the trust attributed to their users.

In conclusion, as I mentioned at the beginning, starting a business almost always involves an understanding of the market, competitors and a business plan before anything begins. The same should be the case with BYOD in the context of the variables mentioned above, only then will your enterprise minimise problems and increase its probability of a successful and worthwhile BYOD environment.