Leonard Raphael, 10th October 2013


BYOD Momentum



Identifying the Risks with BYOD



Security as the Main Challenge



BOYD Creates Management Challe...








BYOD Expertise
Know Every Device
Know Ever User
Reduce Help Desk
Minimise Risk
Ensure Compliance

3
Embrace
Contain

Block
Disregard

Visibility

Automation
Archiving is much more difficult

Data on personally owned devices is more difficult to archive because some of it is sto...
Phishing
Email on
Device

Device
Compromised

Internal
Network
Scan

Data
Consolidation

Attack Surface is Multiplying Wit...
Configuration

Managed

Unmanaged

Devices

Consistent

Diverse

Applications

Corp Push

User Downloaded

Risk

Websites
...
Enable BYOD

60%

NAC is now one of the key
mechanisms for mitigating
the risks of consumerisation

Know The Devices

9%

...
Have Access to Campus
Networks, Systems, and Data
Download/Store/Forward
Sensitive Information

9
Unauthorized Network
Access

Network Risk

Malicious Applications

Application Risk

Vulnerable Devices

Device Risk
Mobile Device Mgmt
Hosted Virtual Desktop
Network Access Control

11




Implementing the right Technologies
Implement the right Network Policy
Providing the right Resources to meet the
ch...
Hybrid
Devices

Consumerization
BYOD

Guest
Device

Corp
Device

Guest
Networking

Endpoint
Compliance

Employee

Guest

H...
BYOD RISK
MITIGATION

NETWORK
SENTRY

BYOD RISK
ASSESSMENT
WHO

WHAT

WHERE

WHEN

TRUSTED
LOCATIONS
TRUSTED
USERS

TRUSTED
TIME

TRUSTED
DEVICES
Students
University
Staffs
Guest Users

g

g

g

Desktop

iPad

a a a
a

h

a a

h

g
g

Smart
Phone

g

h

Laptop

g

Res...
SECURITY

MOBILITY

NETWORK
ACCESS
CONTROL

WIRED & WIRELESS

SECURE
BYOD

EDGE
VISIBILITY

GUEST
MANAGEMENT

NETWORK
SENT...
3.0

Consumerization
BYOD

All
Devices

2.0
Guest
Networking

Guest
Device

Cloud

1.0

Corp
Device

Endpoint
Compliance

...
WHERE
LOCATION 1

Real-Time
Visibility

LOCATION 2

….

Single
Network Sentry
Appliance

LOCATION N

VPN

WHO

WHAT

WHEN
Assign
Network Access
Assess
Risk

Unrestricted
Access

Identify
Device

Identify
User

Restricted
Access
Guest
Access

No...
Single

Mgmt Appliance

Location HQ

Location 1

High Trust
Required VLAN

Med Trust
Required VLAN

Low Trust
Required VLA...
Single

Mgmt Appliance

Location 1

Remote Registration and Scanning
Location HQ

Welcome
To gain network access users are...
Enterprise Resources
Databases Apps
Email

Enterprise SSID
Full Access

Restricted Access

802.1x

Xirrus
Wireless AP/Arra...
Security
Rules
Job
Scheduler

WHO
Analytics
Engine

Network Sentry
Data Warehouse

Report
Server

COMPLIANCE
INVENTORY

WH...
Partial
Visibility
Remediation

Active
Directory
Devices
And Users
AD Registered
Devices & Users
Palo Alto
Networks
Agent
...
The challenges of BYOD for campus network by Leonard Raphael
The challenges of BYOD for campus network by Leonard Raphael
Upcoming SlideShare
Loading in …5
×

The challenges of BYOD for campus network by Leonard Raphael

638
-1

Published on

The challenges of BYOD for campus network by Leonard Raphael

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
638
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • KBExplain graphicsLet us look at different aspect of our joint solution that deliver the three key capabilities – first being optimzied access, next comprehensive security and lastly validated solution.
  • Bradford Networks’ Network Sentry maintains username information for all non-corporate device types. Because Network Sentry is “network aware”, it knows in real time when any device connects to the network. Network Sentry then immediately sends username and IP address information to the User-ID Palo Alto Agent, allowing the Palo Alto Networks firewall to apply policies based on the user information supplied by Network Sentry.
  • The challenges of BYOD for campus network by Leonard Raphael

    1. 1. Leonard Raphael, 10th October 2013
    2. 2.  BYOD Momentum  Identifying the Risks with BYOD  Security as the Main Challenge  BOYD Creates Management Challenges & Role of Network Access Control  Mitigating Risk
    3. 3.       BYOD Expertise Know Every Device Know Ever User Reduce Help Desk Minimise Risk Ensure Compliance 3
    4. 4. Embrace Contain Block Disregard Visibility Automation
    5. 5. Archiving is much more difficult  Data on personally owned devices is more difficult to archive because some of it is stored on the mobile devices themselves, not necessarily on the backend servers that are operated by IT. Monitoring content is more difficult  Monitoring content sent from and received by mobile devices is much more difficult than it is from a conventional desktop infrastructure. This means that legal and regulatory violations are easier to commit, which can lead to adverse legal judgments and regulatory sanctions. Users are more autonomous  Mobile users tend to be more independent from IT’s control because they are outside of the office and so IT cannot control how devices are used. Compliance is more difficult  According to an Osterman Research survey, nearly two in five organisations find managing policies for e-discovery or regulatory compliance to be difficult or very difficult, while 35% find managing other types of policies to be this difficult. Managing mobile policies for issues like ediscovery and regulatory compliance is slightly more difficult than managing other types of policies. The environment is more diverse  The normal desktop infrastructure consists of mostly Windows machines and possibly some Macs and maybe a few Linux machines. The typical BYOD environment, on the other hand, is much more diverse, typically consisting of iPhones, Android smartphones, iPads, Windows phones, BlackBerry devices, and other platforms. Further complicating the management of this environment is that there are multiple versions of the operating systems in use, each of which can provide users with slightly different capabilities.
    6. 6. Phishing Email on Device Device Compromised Internal Network Scan Data Consolidation Attack Surface is Multiplying With Every New Device Data Exfiltration
    7. 7. Configuration Managed Unmanaged Devices Consistent Diverse Applications Corp Push User Downloaded Risk Websites Endpoint Protection Contained Mature Open Emerging
    8. 8. Enable BYOD 60% NAC is now one of the key mechanisms for mitigating the risks of consumerisation Know The Devices 9% (BYOD) Gartner Strategic Road Map for Network Access Control Published: 11 October 2011 ID:G00219087
    9. 9. Have Access to Campus Networks, Systems, and Data Download/Store/Forward Sensitive Information 9
    10. 10. Unauthorized Network Access Network Risk Malicious Applications Application Risk Vulnerable Devices Device Risk
    11. 11. Mobile Device Mgmt Hosted Virtual Desktop Network Access Control 11
    12. 12.    Implementing the right Technologies Implement the right Network Policy Providing the right Resources to meet the challenges.
    13. 13. Hybrid Devices Consumerization BYOD Guest Device Corp Device Guest Networking Endpoint Compliance Employee Guest Hybrid Users
    14. 14. BYOD RISK MITIGATION NETWORK SENTRY BYOD RISK ASSESSMENT
    15. 15. WHO WHAT WHERE WHEN TRUSTED LOCATIONS TRUSTED USERS TRUSTED TIME TRUSTED DEVICES
    16. 16. Students University Staffs Guest Users g g g Desktop iPad a a a a h a a h g g Smart Phone g h Laptop g Researchers hh hh hh Road g Devices Branch Office g Telemarketer IP Academic Staffs PII Profiles Office Locations Guest Access Information a a a 16
    17. 17. SECURITY MOBILITY NETWORK ACCESS CONTROL WIRED & WIRELESS SECURE BYOD EDGE VISIBILITY GUEST MANAGEMENT NETWORK SENTRY NETWORK ANALYTICS EASY 802.1X ONBOARDING ENDPOINT COMPLIANCE WHEN WHERE REGULATORY COMPLIANCE WHAT WHO
    18. 18. 3.0 Consumerization BYOD All Devices 2.0 Guest Networking Guest Device Cloud 1.0 Corp Device Endpoint Compliance Virtual Server Appliance Appliance Employee Guest Virtual Server Appliance All Users
    19. 19. WHERE LOCATION 1 Real-Time Visibility LOCATION 2 …. Single Network Sentry Appliance LOCATION N VPN WHO WHAT WHEN
    20. 20. Assign Network Access Assess Risk Unrestricted Access Identify Device Identify User Restricted Access Guest Access No Access
    21. 21. Single Mgmt Appliance Location HQ Location 1 High Trust Required VLAN Med Trust Required VLAN Low Trust Required VLAN No Trust Required VLAN Faculty Data Students Data Guest Access Captive Portal Faculty Registered Device Compliance Student Registered Device Compliance Any User Any Device Not Jailbroken Any User Any Device
    22. 22. Single Mgmt Appliance Location 1 Remote Registration and Scanning Location HQ Welcome To gain network access users are required to adhere to our established registration policies. Please select one of the following options:  Authorized Users Delegated & Automated User Device Compliance Guest Access Captive Portal  Pre-Authorized Guest With An Account  Device Registration  Self-Service Guest Registration In need of assistance, please call the Help Desk.
    23. 23. Enterprise Resources Databases Apps Email Enterprise SSID Full Access Restricted Access 802.1x Xirrus Wireless AP/Array MDM Guest SSID Internet Only AAA AD/LDAP Open or PSK XMS Blocked Devices Captive Portal Classify User/Device/Location Enforce Policies Network Sentry Internet Mobility Device Management • • • • Visibility Policy Manager Automation / Control Compliance
    24. 24. Security Rules Job Scheduler WHO Analytics Engine Network Sentry Data Warehouse Report Server COMPLIANCE INVENTORY WHAT WHERE HTTPS HTTPS ANOMALIES EXCEPTIONS WHEN Network Sentry Appliance Network Sentry/Analytics
    25. 25. Partial Visibility Remediation Active Directory Devices And Users AD Registered Devices & Users Palo Alto Networks Agent Palo Alto Networks Firewall 100% Devices & Users Non-Active Directory Devices and Users 100% Visibility Remediation Guests, Contractors, Students
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×