Breadcrumb
- Home
- Wireless Networking Articles
- Wireless Networking Blog
- Ruckus Wireless - How to BYOD Ruckus Wireless Style
Sure, some organizations also want to directly manage devices and apps, provide NAC (and anti-x) inspection, quarantine, and remediation, and then filter, control, and steer their users with highly customized policies based on seventeen unique criteria including (but not limited to) user, device, location, time, access method, user mood, moon phase, ambient outdoor temperature, tide levels, and pant size.
Understandably, some organizations (such as those with strict compliance requirements) need highly customized security policies in place. Where IT staff expertise and budgets are sufficient, we wholeheartedly recommend it.
But despite the BYOD hype claiming that everyone needs all the customization and then some, we're hearing a different story from the middle of the enterprise market.
And when it comes to BYOD, very few companies really want to implement every bell and whistle because (a) they don't have time, (b) they don't have the skilled staff, (c) they don't have the budget, (d) they don't see the need, or more likely, (e) all of the above. But more important, organizations already have the right network components to address their BYOD basics without having to purchase more network equipment:
Role-based access is often the biggest hurdle, but for those that have group policies wrapped up with a pretty bow, the new question that needs answering is whether all users and devices are the same. Users with personal devices are forcing the question. Thus, the basic problem surrounding BYOD is that users are known but devices aren't.
IT needs to know what devices are on the network at any time and who owns them. But, network access has already been restricted by network security and segmentation (and any other overlay solutions in place, such as NAC and content filters). This raises some important questions:
There are a few easy-to-use features that have been around before the BYOD bell started ringing that will help most organizations overcome the BYOD blues.
Dynamic Pre-Shared Keys (DPSKs) are a unique Ruckus feature for organizations that aren't ready to wade into the deep end with 802.1X. A DPSK is a 62-byte key generated by the ZoneDirector. Each key is paired with a specific device, allowing the key/device/user combination to be managed and monitored individually. It's a bit like Goldilocks. 802.1X/EAP is confusing and/or difficult to implement. PSKs have security weaknesses and management problems. DPSKs are just right. They offer the best of both worlds:
Zero-IT Activation is another unique feature from Ruckus that is often wed with DPSKs-or may be used with 802.1X. Zero-IT is a secure onboarding tool that allows users to self-provision devices without IT intervention.
Users connect to a provisioning network, securely login with their domain credential (or against a Ruckus user database), and Zero-IT auto-configures their device with the appropriate network profile and its associated privileges. The device re-connects to the proper network and the user receives access, based on the role-based policies in place. IT stays out of the onboarding loop and yet they retain full control over the user/device access. They also have visibility to see who registered the device, what type of device it is, and plenty more.
For enterprises that want additional device-specific flexibility, ZoneFlex software includes client OS fingerprinting capabilities as well. When joined with user, role, and time-based policies, IT staff will have even more granularity, if they need the extra layers of control.
Full article can be found at - http://www.theruckusroom.net/2012/07/byod-the-y2k-for-networking.html