Why is Policy Enabled AAA critical for BYOD deployments – Part 1

By Cameron Esdaile, Blog Contributor
Share Post

What defines a successful BYOD rollout?  Happier employees, now that IT supports their choice of mobile device. Increased productivity, as employees gain the freedom to work outside of structured workspaces and business hours. Maybe even some real costs savings, as telecom expenses are reduced through handset consolidation and re-imbursement plans that focus on incremental business use, rather than incurring the cost of the full voice & data plan.

A critical measure of BYOD success that many organizations don't think about until it's to late is user adoption.  Without adoption, none of the other benefits can follow. If you make BYOD overly complicated and difficult to use, your employees will likely find ways around the tools you've put in place and the BYOD problem will remain unsolved.

What your employees love the most about their own smartphones and tablets is familiarity, ease of use and instant gratification. At home they were able to rip open the packaging of their new device, turn it on, easily connect to home WiFi network with a basic shared key ("123456789") to access the Internet and never think about that process of onboarding again. It just works and this mentality comes to the office along with the BYO device.

Unfortunately, many solutions today deliver a more complex and disruptive experience at work by 'encouraging' employees to enroll their personal devices into corporate management. Typically this process is initiated by the IT administrator sending an email or SMS invitation to the user to enroll their device for BYOD access. This is often accompanied by a hefty legal agreement discussing corporate policies, compliance, and the rights the organization has to wipe the entire device and monitor everything on that device, including location, use and installed apps.

As you can imagine, this doesn't bode well for adoption. Your security policy is reliant on the employee deciding they want to enroll this device along with all of its scary legal jargon instead of just taking the least path of resistance – connect anyway.

I think it's safe to say that most enterprise WiFi deployments actually make it too easy for consumer devices to circumvent enterprise security policies. The process of joining an 802.1x network is nearly as easy as a home network. The user opens the WiFi settings on their device and sees the corporate network being advertised. Lets say the corporate SSID is called 'employee-secure'.

The user taps on 'employee-secure' and is immediately prompted for their user name and password. The same user name and password they use to access email, connect to network shares or content servers like Sharepoint. Depending on how IT have deployed the 802.1x environment they might get prompted with a certificate warning but we all know what our users do with that when they're eager to get on the internet.

[Click here to read part 2]