BYOD, or bring your own device, is a concept that is becoming very common, whether you are a small office or a large enterprise. The fact that there are so many outside devices trying to gain access to your network is something most, if not all, network administrators are concerned with daily. It used to be that administrators were only concerned with intruders, but that is changing now with this new age of technology with so many connected devices. From tablets to smartphones to laptops, most people have some sort of connected device on their person whenever they are on the go. Simply denying access to these devices is no longer a valid solution. That being the case, these devices can pose a risk to the network and mitigating that risk is the challenge.
(Photo by mikecogh/Flickr)
Common Uses of BYOD in the Healthcare Workspace
Due to patient information, billing information, and other private data, healthcare workspaces need high amounts of security and segregation when it comes to different networks within their building. It used to be easy in the past to say, “authorized devices only” were allowed on the network, but now that is not the case. Some common examples of why this is not the case anymore are:
- Patients and visitors
- Vendors
- Employees with personal devices
Patients and their visitors spend a lot of time in hospitals and with the dependency people have now regarding their connected devices, denying network access to them is a quick way to decrease patient satisfaction. Making sure these visitors have connectivity is important to keeping them happy and occupied whether they are a patient that is admitted or a visitor simply waiting for an appointment. These devices need network or web access while ensuring they are not able to access critical hospital systems.
Vendors are similar as well. Say you have a vendor providing support on their storage solution. When onsite, their engineers need network access to be able to diagnose and resolve any issues that arise. That doesn’t mean they need wide open network access though. You, as the network administrator, need to provide access only to the things these types of vendors specifically need.
Employees are another perfect example. They have their own valid network logins and may know the business wireless SSID for instance. They may want to watch Netflix on their lunch break. Without regulation and profiling, their personal tablet could not be on the same wireless network as hospital controlled devices handling patient data. Not secure nor something we as administrators would want to happen.
The Answer: Device Profiling
Aruba has a product called ClearPass, which is an access management system that assists with BYOD devices such as the examples I listed above. In terms of guest users without a login, custom portals can allow users to get connected after agreeing to your specified terms and conditions. This would all happen while keeping them segregated on a dedicated guest network.
The real benefits though come when you have a user with a valid network login such as an employee or vendor. With Aruba ClearPass QuickConnect, users can walk themselves through getting their BYOD device connected, whether it is wireless or wired, without any needed intervention needed from the IT staff. From there, any policies that you, the administrator, have configured will be applied to the device. If there are any changes that are required before the user can connect, such as critical security updates, the user will be walked through those as well. The overall goal here is self-provisioning of BYOD by the users while still maintaining ultimate control as the administrator.
The Future of BYOD
Today, network administrators are making great strides to provide connectivity to all devices while maintaining security. Looking at the progression from the past into today, it is clear this task will only become more important. The future will provide the challenge of scalability though. With more and more devices coming on the grid each day, the time to focus on network security in the BYOD space is now. The longer we as network administrators wait, the more devices we will need to contend with.
