Close

HPE Aruba Networking Blogs

Adaptive Trust Defense – A Foundation for Secure Mobility (Installment 1)

If you're reading this, I'm probably beating a dead horse regarding the security implications of BYOD. Clearly, BYOD has changed the relationship between the enterprise and its employees.  Employees are now virtually "on" 24/7, putting enterprise networks at risk more than ever as the majority of highly publicized security breaches have occurred due to unsecured user behavior and personal devices.

The new face of security threats from a mobile workforce has evolved from the traditional fixed perimeter with traditional IT issued laptops or desktops, to a nebulous perimeter with no restrictions on location, device, or user. Real-time context like user roles, device profiles, and policies are needed to fill this new security void in order to adapt to today's mobility requirements. In fact, an environment that has the ability to map to user behavior as well as business and IT requirements is a must. An Adaptive Trust Defense is our model for helping customers understand how to use Aruba ClearPass and leverage existing MDM, firewalls, IPS and SIEM solutions for secure mobility.

First, as no two user groups are identical, contextual data ensures that policies can be easily built to help differentiate access by role, device ownership, or location. Policies should allow or deny users or devices access to enterprise assets based on predefined rules that stretch from the device type to the types of assets that will be accessed. Further, to leverage the potential of existing network security point solutions, contextual data must be exchanged to enforce policy and security profiles.

Some high level items to be addressed (and discussion points for other installments) are:

  • Onboarding – automated workflows to configure BYOD settings based on IT policy for a cleaner and more secure user experience.
  • Secure guest access – automated workflows for guest or visitor access without IT or receptionist involvement, whether on the wireless or wired network.
  • Device health – continuous or one-time monitoring of A/V, A/S, firewall status, among other things helps to maintain a clean network environment and comply with regulations.
  • 3rd party integration – it's one thing to have a policy engine collecting user and device profiles, but to fully use this data, communication with existing security point solutions like firewalls, MDM, SIEM, and other security tools is necessary as each plays a separate role when used independently.

ClearPass Policy Manager acts as a focal point of the #GenMobile BYOD network to not only provide context to existing security point solutions, but because of a built-in high performance policy engine, it is better able to handle the large number of authentications required by smart devices taxing legacy networks and the user experience.  By communicating with existing security solutions, contextual information gathered from ClearPass can deliver better visibility, actionable enforcement, and automated remediation to keep the network protected.

Stay tuned for more installments on each of these components and what ClearPass can do to solve the #GenMobile security void.

In the meantime, take a look at the Adaptive Trust Defense Executive Overview for more info on how NAC is evolving.