Read Navigating the Flood of BYOD to find out what challenges to secure your network architecture. When Total Application and Network Visibility is implemented, BYOD helps employees to stay in touch with their personal lives while keeping their business lives separate, preserving the confidentiality and integrity of each—all on the same device. This adds up to productivity, security and morale.
Ensuring Technical Readiness For Copilot in Microsoft 365
Navigating the Flood of BYOD
1. Navigating the
Flood of BYOD
Challenges to a Secure Network Architecture
Bob Shaw, President and CEO, Net Optics, Inc.
Navigating the Flood of BYOD 1
2. About the Author
Bob Shaw, President and CEO, Net Optics, Inc.
As President and Chief Executive Officer of Net Optics since 2001, Bob Shaw is responsible
for conceiving and implementing corporate vision and strategy. He is instrumental
in positioning Net Optics as the leading provider of Total Application and Network
Visibility solutions in both the physical and virtual environments. Under Shaw’s guidance,
Net Optics has achieved consistent double-digit growth, launched more than 35 new
products, acquired more than 8000 customers, and expanded its global presence
in over 81 countries. The company was recently included in the Inc. 5000 elite list of
highest performing companies and won Best of FOSE honors. In addition, Net Optics
has earned the coveted Red Herring Top 100 North America and Top 100 Global Awards
for promise and innovation, the Best Deployment Scenario Award for Network Visibility
and many other accolades. Shaw’s leadership experience spans startups to Fortune 200
organizations, where he held Senior Vice Presidential executive positions. Shaw earned
both a Bachelor of Arts degree in Business and a Bachelor of Science degree in Economics
from Geneva College in Pennsylvania.
Net Optics is a registered trademark of Net Optics, Inc. Additional company and product
names may be trademarks or registered trademarks of the individual companies and are
respectfully acknowledged. Copyright 1996-2013 Net Optics, Inc. All rights reserved.
3. Navigating the Flood of BYOD
Challenges to a Secure Network Architecture
Today’s ever-growing Bring Your Own Device (BYOD) adoption rates are
inundating the network with security and performance issues. When
employees use their own devices at work, the risk of security breach or data
loss explodes. Unmanaged smart mobile devices and tablets invite mischief
with their “anywhere, anytime, any-device” access to corporate data and
infrastructure. With networks becoming more of a challenge to manage
every day, IT departments must know which devices are connecting to their
corporate networks. At the same time, authorized employees using personal
iPads and smartphones need convenient, secure access.
The arguments for enabling employees to use their own devices are
compelling. BYOD benefits include: improving employee satisfaction,
attracting and retaining staff, expanding the number of mobile users in the
workforce and cutting costs while allowing low-cost resources to be applied
everywhere.
Deploying an effective BYOD program means supporting a variety of devices
and their operating systems while maintaining expected levels of service,
securely onboarding new devices while keeping costs low, and quickly
identifying and resolving problems. In this eBook, we discuss the benefits
and considerations associated with BYOD, and how organizations can
effectively deploy BYOD programs using Net Optics solutions. We will address
some of the challenges posed by BYOD, including:
• Maintaining security and compliance in the workplace (p. 8)
• How Application-aware NPM can help you avoid BYOD dangers (p. 9),
• Tackling visibility and security monitoring with Net Optics
Network Packet Brokers (NPB) (p.11)
• Optimizing tool performance using Net Optics xBalancer TM (p. 12)
Navigating the Flood of BYOD 1
4. Always On, Always Around.
The ability to run any corporate workload from anywhere, at any time, and from a
device of one’s choice is now the gold standard for computing. This capability makes
workers of all kinds more productive, whatever social issues it raises about blurring the
line between work and home life. Wireless now reigns decisively over wired, making
employees increasingly responsive and productive on their devices running countless
services and applications. However, the wired environment also raises new availability,
granularity and security challenges.
An InformationWeek 2012 Consumerization of IT survey 2 of 400 business technology
professionals reveals that we are still in the early stages of hard work with regards to
BYOD. Right now, businesses are trying to envision the ideal combination of hardware,
network infrastructure and software in order to virtualize devices and applications,
connect optimally and flexibly, and govern security and policy. Each company
must now navigate its own unique route to a resilient and scalable enterprise BYOD
architecture.
The Way We Were
Four major factors had to come together to make BYOD a viable resource: technology,
business readiness, employee demand—and now security. Back in the 1980s, workers
faced a fairly narrow range of options for performing their jobs: Employees still worked
overwhelmingly on employer premises, and so most work product remained confined
to those premises. The majority of work was performed by full-time employees.
Costlier though they were, most companies preferred this type of workforce rather
than deal with the drawbacks of contractors and part-time workers, including tax
complexities, confidentiality, longevity, and loyalty.
Nevertheless, the winds of change—more accurately the global typhoons—were
already in motion, with the entire concept of work and employment set to evolve
radically. The emergence of LAN technology in the 1980s began lengthening the
cord that bound the worker to the workplace. Soon, employees could transport
information digitally. Although that made it vulnerable to intrusion and corruption,
this vulnerability itself spawned a whole industry engaged in protecting that data,
wherever it went. With the needs for mobility and security recognized, if not solved,
only one factor remained in order for BYOD to take off.
Employees Speak Out—and Sometimes Act Out
Technological progress was not the only pressure besieging the traditional workplace.
Increasing employee pressure for family time was building, and the nature of the
workforce itself was changing in the face of increased downsizing and outsourcing.
The contract and part-time workforces continued to grow steadily. A May 9, 2012
article in Knowledge@Wharton3 asserts a growing reality: that employees are
becoming “short-term resources.” The article might have added the other half of the
equation, namely that the employer itself may be a short term resource as well.
With lifetime employment increasingly a nostalgic memory, job security has become
a more fluid concept. But on the other hand, employees themselves now feel less
ironclad loyalty and more freedom to move around; a job is seen more as the building
block of a larger career strategy. The Internet, of course, feeds into and intensifies these
trends, creating a river of jobs flowing across industries and regions, at which both
employees and employers now drink.
2
5. BYOD: Inevitability and Reality
With change driving both workplace and workforce into cyberspace, and with
connectivity soaring, the BYOD juggernaut was set in motion and was soon
threatening to overwhelm corporate IT departments. According to a recent survey by
IDC4, IT groups typically underestimate by 50 percent the proportion of employees
using their own devices for company business.
The day will soon arrive when the majority of devices used to access business
applications will be consumer-owned.
50%
80%
50% of employees use
their own devices for
company business.
80% of professionals will use at
least two personal devices to
access corporate systems and data.
By 2014, according to Gartner, 80 percent of professionals will use at least two personal
devices to access corporate systems and data.5 So “…saying ‘no’ to business use of
smartphones, tablets and similar devices in the enterprise is no longer an option,”
according to John Pescatore, vice president at Gartner Research.
On the positive side, BYOD has the potential to raise employee productivity
significantly, streamline and increase collaboration, broaden information flow and
enable faster, more agile response to market opportunities. Organizations allowing
employees to choose their devices experienced a 200 percent increase in user
satisfaction and a 25 decrease in associated costs.6 The key is to give employees what
they need, according to device type, and to implement security at the same time to
safeguard the value of all this progress.
Not surprisingly, companies want BYOD programs that provision, secure and manage
any device an employee wants to use. Many people think that BYOD security refers
only to devices such as smartphones, iPads and Android-based tablets and laptop
computers. However, the concept of BYOD security must also apply to personal online
service accounts such as cloud storage used by employees in the workplace.
Navigating the Flood of BYOD 3
6. Taking the Reins of Network Access Control
Nowadays, employees are demanding—or simply seizing—the freedom to use mobile
devices of any type, anywhere, whether company- or employee-owned. Control of
network access is critical to supporting business demands and managing BYOD risk
over this growing range of devices and applications. BYOD has the potential to disrupt
IT significantly, so comprehensive security and governance of a company’s BYOD
program are critical.
New devices inundating the workplace bring a variety of new operating systems,
such as iOS and Android, along with multiple applications. This ubiquity challenges
IT to create a secure and effective BYOD strategy, not only to safeguard company
confidentiality and integrity, but to support employee morale, trust and productivity.
In light of this urgency, it is alarming to learn that many IT departments remain
unaware that employees are even using their personal devices on the corporate
network. An important first step of any security program is to conduct an inventory to
find and classify all devices on the network and then establish network access policies
based on the risk potential of each device. Secure, convenient access for authorized
devices is a first priority, while unauthorized devices will need their own controlled
and limited access program.
All BYOD users want the speed and performance they are accustomed to on their local
desktops. For this to happen, proper planning for sufficient capacity is key. Servicelevel agreements must be defined for the BYOD infrastructure. Encryption and login
procedures for all endpoint devices (wired, wireless, physical and virtual) must be
clearly documented. Related audit procedures must be set forth. Also, centralized
management of the BYOD infrastructure, including device, state/session and profile
management, must be in place.
The BYOD Security Architecture: Necessity Replaces “Nice-to-Have”
According to a new Gartner study, 90 percent of enterprises have deployed mobile
devices; 86 percent of enterprises surveyed plan to deploy media tablets this year.
This momentum also creates new security concerns—namely, “use of privately owned
devices” and “deployment of new enterprise mobile platforms.”
90%
90% of enterprises have
deployed mobile devices.
86%
86% of enterprises surveyed plan
to deploy media tablets this year.
To ensure BYOD security and support, Gartner suggests that enterprises leveraging
increased mobility should develop a strategy that incorporates mobile data protection
(MDP), network access control (NAC), and mobile device management (MDM) tools.
4
7. BYOD has opened up a rich field for mischief of all types. Threats are evolving so
quickly that networks need far more than an incident-by-incident, product-based
response. Rather, they need a transparent, nondisruptive, integrated management and
security architecture. The focus of security should no longer be solely on the perimeter,
because threats are well-distributed within the perimeter as well. Lack of an integrated
approach means security holes—tunnels, really, in light of the sophistication of these
threats.
Ideally, a BYOD architecture should enable access to such functions as email and
Internet for the privately owned devices, but deny these applications access to the
corporate network anywhere sensitive business-critical information resides. If an
employee brings in a tablet, for example, then IT should be able to detect and classify
it as an “intruder” and limit its access to a guest network.
But identifying devices on the network is only the beginning. The real challenges
are ongoing management and integrated security. As network technology evolves
and security needs climb, IT must seek out best-of-breed technologies, find the right
vendor, and deploy solutions that fit its business needs.
Network equipment such as switches, routers, wireless controllers, and firewalls are
the first line of defense and should enable the most unequivocal security. Intrusion
detection and prevention, deep packet inspection (DPI) and monitoring tools
and analysis systems are absolutely vital to providing that high security. While the
traditional security approach of blocking the villains and locking everything down
to stay in control of outside threats will always be relevant, this approach can be
overwhelmed and inundated by the number and diversity of personal and corporate
mobile devices. It is not a panacea.
Security must be continuously analyzed and upgraded. A coherent and effective
security policy must break down silos to leverage and integrate security across every
device, geography and solution. Furthermore, this architecture should not demand a
forklift upgrade, major redesign or massive investment in new capital. It should take
advantage of current infrastructure wherever possible and optimize network security
investment.
Making the Network Both More Accessible and More Secure
After performing a baseline inventory of employee devices, a BYOD program should
be ready to provision access to both corporate-owned and personal devices. Flexible
provisioning can accommodate personal mobile devices. Once a company has an
infrastructure in place, no new devices should be able to connect undetected. Instead,
the appropriate policies should be automatically applied and launched whenever a
device connects to the network, whether a corporate or personal device, an iPhone or
an Android tablet. This both ensures consistent security and saves the time that would
be spent battling each new security incident manually. Understanding which devices
are on the network also saves costly rip-and-replace upgrades. Keeping a hawk’s eye
on network trends and behaviors will also help a company understand the various
devices to watch for and enable improved decision-making.
Navigating the Flood of BYOD 5
8. BYOD and the EEOC
The U.S. government is implementing pilot BYOD programs in key agencies,
including the U.S. Equal Opportunity Commission (EEOC) where the pilot
program has been very successful. Employees are now able to use their
smartphones with third-party software installed. The agency gains the ability
to manage device security settings and also to remotely wipe the device
clean of confidential information if it is lost or stolen. The agency has realized
a cost reduction of 15 percent while reducing software maintenance costs.
The two most important elements in its success were that the agency
leveraged its size and prominence to obtain the most advantageous rates
(a tactic that a business should also employ); and establishment of a pilot
program before rollout. The pilot program gave the agency a chance to work
out eligible devices, cloud provider, configuration and technical support.
BYOD Brings New Compliance and Growth Challenges
An effective BYOD architecture must also take compliance into consideration. The
ability to automate discovery and profiling of devices on the network and to securely
provision network access is essential to sustainable compliance as well as to security.
With automated reporting procedures, IT staff will be able to smoothly incorporate
a new BYOD program into current compliance procedures and respond promptly to
audit requests.
As consumer devices grow more sophisticated and portable, corporate IT departments
that look the other way or cling to their pre-BYOD architecture put their companies at
a disadvantage—and all to achieve some fairly short-term benefits. Now is the time
to implement a long-term, scalable BYOD architecture for security and manageability,
timeliness, productivity and business advantage.
Gaining a Progressive BYOD Program While Preserving Current Investment
There is no question that BYOD is winning the workplace race. Acknowledging
this reality, many companies are adopting a hybrid model in which the corporate
workforce combines company-owned and employee-owned devices. Either way,
security must be paramount.
In the enterprise environment, thousands of devices and applications must be able
to seamlessly access network resources simultaneously while supporting the highest
availability, SLAs, and QoS; enabling companies to gain the full benefit of their
monitoring tool investments and protect the business capabilities that make BYOD so
popular and successful.
6
9. Best Practices for Maintaining a Safe and Efficient BYOD Environment
With BYOD, a company wants to streamline management, optimize cost-effectiveness,
minimize IT overhead and maintain unbreachable security—all while ensuring
that BYOD services and applications perform reliably whether on or off premises.
Applications such as social media, blogs, and P2P networking, as well as core business
applications need constant vigilance. The ability to monitor web-based applications
demands total, end-to-end visibility, including the ability to search traffic using Deep
Packet Inspection (DPI) and real-time, session-based analytics, is crucial to a BYOD
program.
With major resources a company has at stake in its network, the ability to see and
monitor the network, applications availability, and network performance is critical. In
order to handle the flood of BYOD traffic and ensure network security, a company may
need to invest in more tools. In addition, users will demand better quality for portal
services; as more video is consumed, network latency and application performance
become an issue.
Visibility and Security Monitoring Are Vital to Avoid the BYOD “Danger Zone”
An AA-NPM solution like Net Optics Spyke™ is an important BYOD resource, offering
critical insights into the network and the impact that employee devices are having
in terms of both security and performance. Spyke delivers a rich set of capabilities to
monitor and review the network, seeing through its layers for total visibility. This realtime visibility supports constant network intelligence; it ensures that applications are
safe and performing up to par and can find, diagnose and resolve issues before they
become crises. With Spyke, IT can monitor and optimize for provisioning, security and
high application performance cost-effectively without any disruption.
Application Aware
Network Performance
Monitoring (AA-NPM)
VoIP
Monitoring
Top Talkers
Badwidth
Usage
Spyke™
Application-specific intelligence
is critical to timely root cause
analysis for BYOD security.
Email
Attachments
Navigating the Flood of BYOD 7
10. By uniting Performance Management with Intelligent Access, Spyke forges the total
network monitoring and access architecture needed by BYOD, extending visibility
and control to the critical application layer. Spyke as a BYOD resource can be used in
tandem with existing performance and availability solutions to plug visibility holes in
the monitoring infrastructure.
Spyke’s real-time monitoring addresses critical business needs at gigabit speeds and
provides insights and analysis on a sub-minute level. Application-specific intelligence
is critical to timely root cause analysis for BYOD security—including identification
of actual user names, individual VoIP calls, and deep visibility of email traffic. With
a near real-time and historical view of key performance indicators (KPIs) such as
traffic volume, top talkers, application and network latency, top conversations and
application distribution, the IT department can monitor bandwidth usage and acquire
needed information to quickly resolve issues for application performance. IT can also
perform capacity planning and trend analysis to see how the BYOD program affects
the baseline of network resources.
Spyke automatically discovers applications using Deep Packet Inspection (DPI). This
allows for detection of which applications and clients use the network and how they
use it: when users/applications go through a non-standard port number, IT can then
distinguish legitimate from illegitimate traffic. Continuous and ad-hoc packet capture
and analysis and VoIP monitoring with Jitter analysis and MOS score address issues
of user satisfaction. All of this can be done through a single pane of glass with easyto-use interface for a low cost way to reduce MTTR and quickly, accurately resolve
network and application issues. There is less reliance on costly network engineers,
better business continuity and a more satisfactory user experience.
Network Packet Brokers (NPBs) and BYOD: Key Security Resources
An NPB such as the Net Optics Director™ Family is another major resource for enabling
successful BYOD security. Director forwards relevant network traffic from multiple
links to multiple monitoring tools for centralized monitoring and analysis. Its flexible,
high-performance features give customers the ability to view more traffic with fewer
monitoring tools as well as prevent oversubscription.
Network Packet Brokers
(NPB)
Performance
Audit and Privacy
Layer 7
Filtering
Low Latency
Aggregation
& Regeneration
TapFlow™
Filtering
Security
Director™
Director forwards relevant network
traffic from multiple links to multiple
monitoring tools for centralized
monitoring and analysis.
8
Forensics
11. Director also makes it simple for users to connect additional tools for reinforced
security. Using Director as part of the BYOD security architecture makes the program
more cost-effective and scalable by leveraging existing monitoring tools to maximize
performance while increasing security, compliance and scalability.
This access switch provides intelligent, flexible centralized control and monitoring
of all traffic streams in the network operations center. It heightens security and
compliance, providing advanced filtering options based on packet headers and
protocols (layer 4 filtering) as well as packet payload (layer 7 filtering); filtering by
VLAN tags and MPLS labels as well as pattern matching anywhere within a packet (e.g.,
HTTP headers). Director performs forwarding, aggregation and regeneration of traffic
received in-line or out of band. Low-latency, hardware-based TapFlow™ filtering makes
sure that only traffic relevant to each tool is forwarded. Director increases performance
and scalability through its ability to share tools and data access among groups without
contention. A BYOD program becomes more efficient and cost-effective by maximizing
utilization of existing monitoring tools
Director can aggregate traffic from multiple links and load balance the traffic
to multiple tools—ensuring that all monitoring tools are utilized efficiently and
maximizing the monitoring capacity of the entire network. Without investing heavily
in additional tools or risking oversubscription, a company can achieve peak network
performance. With its ability to support Network intelligence statistics such as volume,
oversubscription and protocol distribution, Director keeps traffic flowing even in the
event of a power loss using its Zero Delay technology—helping a BYOD program to
please users.
Network Packet Brokers
(NPB)
10G
1G
Audit and Privacy
Dynamic
Load Balancing
10G
Performance
Packet
Slicing
Aggregation
& Regeneration
TapFlow™
Filtering
1G
xBalancer™
Scalable load-balancing that
supports virtually any scenario.
Security
Forensics
1G
Load Balancing and BYOD: Cost-Effective Assurance That Tools Perform Optimally
As the BYOD phenomenon expands and networks grow under the influx of everincreasing traffic, the need for a cost-effective way to protect and optimize tool
performance rises accordingly. Load balancing has become a key element of
maintaining tool performance within a BYOD security architecture. By providing a
cost-effective way to prevent overburdening and consequent loss of tool function,
a solution like the Net Optics xBalancer can help companies achieve and maintain
Navigating the Flood of BYOD 9
12. peak performance and security in their 10G networks. Even better, this can be
done without requiring heavy investment in additional 10G tools or risking
oversubscription. xBalancer distributes the traffic load to multiple monitoring
tools; its 24 SFP+ ports and integrated data rate conversion make it ideal for
load balancing traffic from 10G links to multiple 1G tools, leveraging legacy
investment. This versatile solution also enables two or more appliances to be
deployed in parallel, either in-line or out-of-band.
The stresses on network tools caused by multiple threats and exploding data
volume from countless devices used by BYOD employees make xBalancer a
smart component of BYOD strategy. xBalancer preserves the vital role played
by security tools even as the BYOD phenomenon grows, ensuring business
continuity. xBalancer also offers high availability (HA) modes that include
heartbeat packets, redundancy and link-state awareness.
Scalability that supports nearly any scenario, plus ultra low latency thanks to its
cut-through architecture further make xBalancer an economical and high-value
investment for a BYOD security infrastructure. Its TapFlow™ filtering and packet
slicing mean that only relevant traffic is forwarded to tools. With its network
intelligence supporting many statistics including volume, over-subscription and
protocol distribution, and the latest load balancing capabilities based on MPLS
labels, xBalancer adds the state-of-the-art network security protection that BYOD
demands.
Holding Back the BYOD Tide Is Neither Cost-Effective nor Possible
The sooner the better is the ideal timeframe for a company to focus its resources
on helping more employees make BYOD part of their jobs. An integrated BYOD
architecture ensures that IT operations, application support teams and network
engineers can always detect and fix network problems before service delivery
is degraded or security compromised. Whether an SMB, a distributed office or
an enterprise data center, this architecture enables the network intelligence,
visibility, security, availability and quick troubleshooting capabilities that make
for BYOD success. Properly implemented, BYOD helps employees to stay in touch
with their personal lives while keeping their business lives separate, preserving
the confidentiality and integrity of each—all on the same device. This adds up to
productivity, security and morale.
Footnotes:
v2. Information Week Reports, February 2012
http://reports.informationweek.com/abstract/83/8838/it-business-strategy/research2012-consumerization-of-it-survey.html
3. Knowledge@Wharton on Forbes http://www.forbes.com/sites/knowledgewharton/2012/05/10/182012/
4. “Bring Your Own Device (BYOD) Unleashed in the Age of IT Consumerization”
http://resources.idgenterprise.com/original/AST-0055442_BradfordWP0103_2_.pdf
5. Hamilton, Robert, “RSAC Panel Insights: Can Data Breaches Be Stopped, Really?”
March 29, 2012, In Defense of Data http://www.indefenseofdata.com/page/2/
6. McLaughlin, Kevin, “Cisco Security GM: Embracing Consumerization Is Smarter than Fighting It.”
September 28, 2011, CRN http://www.crn.com/news/security/231602340/cisco-security-gm-embracingconsumerization-is-smarter-than-fighting-it.htm
7. Bring Your Own Device: New Opportunities, New Challenges http://www.gartner.com/id=2125515
10
13. BYOD Essentials: Where to Start
Here are a few simple steps that an organization can take to ready
itself for a BYOD program.
Choose consistent basic features and security measures
Make sure that you and your employees have consistency across
the company in terms of threat protection, such as security
settings, and policies.
Obtain appropriate legal guidance and advice
You should know where you stand with regards to yours and
employees’ rights. Ensure that your company policies are valid and
enforceable.
Inform and socialize BYOD fundamentals throughout the
company
Simplify and explain BYOD concepts to the workforce; set up
meetings so that everyone is on the same page, including
which expenses you will defray and which are the employees’
responsibility, and reimbursement policy.
Create an internal advisory group
An internal advisory group can do the legwork to identify and
compare providers for mobile device management, security risks
and privacy concerns, Rules of Behavior, and creation of an internal
web site.
Establish a pilot program
You can explore such issues as rate-plan optimization, software,
device access to email, contacts and tasks, costs and budgeting.
Navigating the Flood of BYOD 11
14. Net Optics, Inc.
5303 Betsy Ross Drive
Santa Clara, CA 95054
(408) 737-7777
twitter.com/netoptics
www.netoptics.com
12