Let's face it, without visibility into your network, you don't know what you have, what data it accesses or whether it poses a threat. It's really that simple.
At GameStop, we were reminded of network visibility's importance when we began managing some additional office space with our existing Aruba ClearPass deployment. The ClearPass profiling feature automatically discovered and fingerprinted all IP-enabled managed, unmanaged and IoT devices in that facility.
With all devices classified, we immediately uncovered 48 unauthorized devices connected to our corporate network. Out of 1500 headquarters employees, each of whom can register up to 3 personal devices as well as their corporate device, this wasn't many. But, it only takes one compromised device to wreak havoc.
While some of the devices proved legitimate, ClearPass had flagged them because they were in violation of company policies for various reasons. Regardless, the visibility enabled us to resolve all issues successfully.
Given the scale of our business, which includes 7,000 locations spread across 14 countries with over 40,000 total employees, this incident illustrates why we rely on ClearPass as our authenticator of choice. It's intuitive, easy to use application that enables centralizing access control for our multi-vendor 802.1x-based wired and wireless networks.
Visibility to over 300,000 mobile and IoT devices (so far)
Using ClearPass, we've automated classification of over 300,000 total devices – to date – that have connected to our network. This includes over 4,000 corporate-issued computers, about 150,000 smart devices, and nearly 140,000 unmanaged devices and approximately 12,000 tablets at our retail stores.
Like many businesses, we not only expect mobile device counts to rise but also an escalation in IoT demand. We regularly see new IoT devices connecting to our network as people identify needs and solutions to match. Currently, some of our IoT devices include IP cameras, gatekeepers to count customer traffic and environmental sensors that can detect various conditions, such as wetness on floors.
This mobility and IoT trends make scalability essential, as our executive team wants infrastructure capable of swiftly and easily connecting to new mobile and IoT devices. Using ClearPass to profile devices and assign access rights – based on policies we set – ensures we can do just that.
Improved performance and experiences end-to-end
While you might be tempted to rely on your controllers for Wi-Fi visibility, it's just inadequate for modern, scalable and secure networking. Adopting ClearPass goes beyond controller management by providing us with powerful, policy-based security tools that unify our wired and wireless environments. Plus, we can conduct data mining for support and planning purposes across our entire network landscape.
For example, we can show our management and security teams how many devices have been denied access and the reasons for each denial. Using this information, our teams discuss whether our connectivity policies are appropriate, how they should be adjusted and what changes should be made.
From a network engineering perspective, the visibility enables us to troubleshoot connectivity challenges end-to-end. We know where a user attempted to enter the network and what protocols they used, as well as other information that gives us the needed insights to resolve issues quickly.
ClearPass is especially potent when deployed in tandem with Aruba's AirWave, which we also rely on extensively. After ClearPass supplies a device's thumbprint, AirWave shows the route the device used, along with associated statistics, all from a single pane of glass.
The combination of ClearPass and AirWave also enables us to tune our network. Among other benefits, this has significantly improved the performance and audio quality of our VoIP telephony system.
Adding Wave 2 APs and 2540 Series switches
Moving forward, we're continuing a multi-phase refresh of our wired and wireless infrastructure throughout our corporate offices, warehouses and storefronts to support greater device densities, IoT and other initiatives. This includes plans to upgrade our access points to Aruba's Wave 2 802.11ac APs and complete our evaluation of Aruba's 3810 layer 3 switches.
We're also currently testing the Aruba's new 2540 Series layer 2 switches for retail stores, which are attractive for their affordability, zero-touch provisioning and flexibility. Easy to manage via the cloud, we could simplify remote deployments by shipping switches directly to the stores, where the gear would be plug and play.
As a global organization, we're looking closely at standardizing on Aruba's Wi-Fi and edge switches to take advantage of multi-gigabit capabilities over our existing cabling. Because they integrate seamlessly with ClearPass, the combination would provide an even more powerful and secure system.
Most importantly, Aruba's solutions are based on IEEE standards rather than being propriety. This helps us future-proof our infrastructure so that we can continue operating a multi-vendor architecture.
Empowering employees to meet company objectives and goals
Once we've completed our refresh, our next step is enabling BYOT to support an increasingly mobile and collaborative environment. We want to empower employees to use whatever device they're most comfortable with, ensuring each person can choose the most effective options for their needs and work style.
We're also adopting cloud applications, such as Microsoft Office 360, and continuing to expand the role of Skype for Business. Essentially, we're removing obstacles so that our employees can work smoothly and seamlessly anytime, anywhere.
As for IoT, it's just the tip of the iceberg. We expect to continue improving operational experiences by adding lighting, badge readers and other IoT solutions to our network. And we'll leverage ClearPass to classify and secure them.
As you ramp up your mobility and IoT capacities, remember it all begins with knowing what's on your network and keeping it secure. Getting tools appropriate for the task will enable you to support your company's mobile-first goals while simultaneously simplifying and streamlining the network landscape you need to manage.
Scott Brown is Advanced Network Engineer at the Fortune 500 company GameStop, a global family of specialty retail brands based in Grapevine, Texas. GameStop makes the most popular technologies affordable and simple, with over 40,600 employees in more than 7,000 stores across 14 countries and revenues topping $9 billion.
