BYOD: 네트워크 도전 과제 대처 | enterprise.netscout.com
백서
| 백서 |

BYOD: MEETING THE
NETWORK CHALLENGE

Bring Your Own Device (BYOD) schemes tap into employees’ desire for freedom, flexibility, and remote working. They help to blur the once-clear distinctions between home and workplace, boosting productivity and enabling people to work smarter and better by integrating work with life outside of the office.

Organisations like and want BYOD and it saves them money if employees’ use of their own, preferred devices negates the need to constantly purchase or upgrade corporate desktops, for example. However, IT professionals have previously seen BYOD as a threat, not a leadership opportunity.

Now that BYOD is becoming more pervasive, it certainly brings its own challenges – which is precisely why it demands strong leadership. The data security challenges alone are complex, and yet many IT professionals find themselves reacting passively to BYOD, rather than actively leading it from the front, where driving the business advantage and agility presents a real opportunity.

Doing nothing is not an option, because the problems caused by any failure to lead and manage BYOD pose too big a risk. For example, BYOD can be a drain on network performance and resources if devices, access policies, and usage are not properly managed and monitored. More, the growth of ‘shadow IT’ – employees’ use of ad hoc, unsanctioned technologies – can lead to financial penalties in today’s highly regulated world if sensitive data is lost, stolen, or shared insecurely with unauthorised people.

Meanwhile, the risks of service disruption due to malicious activity are high: in 2016 in the UK alone, the BBC reported that two-thirds of big businesses have been targeted by cyber attacks. 1 Reacting passively to internal security issues, including those posed by BYOD, is not an option for IT professionals, especially when there is a risk of BYOD making cyber attacks on the organisation easier – an issue we will explore later in this paper.

Regulatory Change

Incoming data protection regulations, such as the US Privacy Shield and the EU’s General Data Protection Regulation (GDPR), make it essential to have systems in place to ensure that any risks to data security are minimised. Other regulations in this space include the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and AccountabilityAct (HIPAA), and the Sarbanes-Oxley Act.

Business is all about trust, but trust is about more than just policy and good management (essential though they are); it’s also about having the technology in place to ensure that data is secure. So what can IT professionals do to put themselves back in the driving seat of this userdriven digital transformation? And what technology do they need?

First, let’s look at the situation facing most organisations today.

The risks of service disruption due to malicious activity are high: in 2016 in the UK alone, the BBC reported that two-thirds of big businesses have been targeted by cyber attacks.

The Mobile Age

Consumer-owned mobile devices are no longer just a growing trend, but arguably the dominant technology platform worldwide. In the UK, for example, Ofcom statistics2 reveal that 93 percent of adults have mobiles, 66 percent have smartphones, 33 percent (the largest group) see their smartphones as the most important devices for going online, and 15 percent live in mobile-only households.

Meanwhile, research organisation Statista finds that 28 percent of adults have five or more devices apiece and reports that there will be 4.93 billion mobile devices in use worldwide by 2018. 3

First, let’s look at the situation facing most organisations today.

In 2016 one of the largest and most valuable companies in the world, Google/Alphabet, announced that it’s refocusing its entire global business on the mobile-first world. At the same time, many organisations say that mobile visits to their websites have overtaken access from desktops and laptops: the UK’s National Trust says that has been the case for over three years. 4

So with well over 90 percent of adults owning a mobile device, it stands to reason that the transformation will be no less dramatic within the workplace – and not just in those organisations that have official BYOD schemes.

Even if employees are only supposed to access corporate applications and data from work desktops, they may still use their own devices informally, which may cause an invisible drain on network performance – not to mention a security risk.

So IT professionals need to factor all of the above trends into their organisation’s IT management and data security strategies, or they’ll be left playing catch-up. In some cases, IT leaders will be the senior responsible owner (SRO) of the organisation’s data security policy, while in others they will still be held accountable if a data security breach puts the organisation at risk.

High-Speed Wi-fi

Mobile devices themselves are only part of the BYOD challenge facing IT professionals today. More and more workplaces only offer wi-fi access (as opposed to a traditional cable- and router-based networking). However, all wi-fi networks still end in a wire, but this last and least visible part of the network is, traditionally, the least well served by many network monitoring and management tools.

The trend towards wi-fi-only access can only grow, now that the 802.11ac high-speed networking standard offers multi-station connectivity at data transfer speeds of up to 1Gb per second and is gaining traction in the workplace.

But faster access and throughput also means the risk of faster and more extensive data breaches, if IT professionals and network engineers fail to consider the full security implications of unmonitored wi-fi access via BYOD.

New Work Cultures

Despite these risks, most organisations would be foolish to stand in the way of staff wanting to use their own devices for work, not least because of the incoming generation of young millennial employees, who may have little (or even no) experience of the desktop – and landline-based world. For example, a number of recent surveys have suggested that single-digit percentages of teenagers and young adults ever use a landline phone.

IT professionals need to support the business if they want to progress in their own careers, and capitalising on young people’s skills, knowledge, and commitment is far more important to the business than pushing them towards an increasingly outmoded desktop IT model – tablets, convertibles, and smartphones increasingly dominate. At the same time, constantly upgrading to the latest mobiles would place an intolerable burden on most organisations’ finances.

BYOD is the pragmatic solution in many cases – a viewpoint shared by some analysts, who have described BYOD as the IT strategy of the future – so IT professionals should recognise that and lead its IT management and data security aspects from the front. Failing to do so risks allowing a form of user-driven anarchy to take over technology choices within the organisation, forcing IT professionals onto the back foot, and making strategic decisions almost much more difficult.

However, as we explore below, this demands access to specialist network monitoring and management tools.

Management and Policy

It’s a simple fact that allowing employees to use their own devices for work still makes some IT professionals uncomfortable, because – psychologically – they feel less in control and less in charge of the organisation’s IT purchasing decisions. But they should recognise that in most organisations the role of IT leadership has already changed towards playing a more supportive and enabling role in the business: the IT function as business enabler, not technology purchaser.

In a world of collaborative tools and cloud-based platforms and services, the IT department’s focus is shifting towards policy, service management, compliance, and security – not just ‘keeping the lights on’ – all enabled by standards-driven technologies.

Standards are important, as in a device and platform-agnostic world, data needs to remain readable and accessible to authorised users, regardless of which device they use. In this light, therefore, IT professionals should see BYOD simply as an extension of digital transformation in the workplace.

While users’ focus is on the on-demand utility of the cloud, IT teams and network support staff have to deal with the practical – as well as policy – impacts of staff wanting to access corporate systems and data from their own devices.

Failure to address this problem is not an option without the aid of tools that minimise the impact of different devices on network performance, reliability, and safety, IT staff risk being in constant firefighting mode when they should be enablers of the organisation’s business aims instead.

So why are such tools so important?

In a world of collaborative tools and cloud-based platforms and services, the IT department’s focus is shifting towards policy, service management, compliance, and security.

Network Stresses

Network performance can be the most obvious impact of BYOD. In established organisations, legacy networks will have been planned around known assets and standards, and not for what some might see as a technological ‘Wild West’ of different devices, OSs, and apps.

The speed of change means that the device that an employee uses today may not be the device they use tomorrow, which means engineers hitting a moving target in terms of network performance. In that environment, taking a holistic, forward-looking view is the only realistic option.

After all, IT teams and network engineers need to maintain network performance, speed, reliability, and uptime for all, and not just for those employees who want to use their own devices. A slow, jittery, or unreliable network won’t just impede employees’ work from day to day, it may also erode their productivity and performance of the organisation as a whole.

But there are two problems.
    1. End users’ network experience is not determined solely by the performance of the wireless portion of the network. The underlying wired network connecting the APs also plays a part, as do the servers hosting cloud applications and data.
    2. Not only is there more competition for wireless channels and bandwidth, some devices may eat up more network resources than others, restricting or slowing access for everyone else. In this way, the IT teams’ culture of ‘making do today’ needs to be replaced with one of planning for tomorrow by stress-testing the network for the future demands of next-gen devices.

This is why intelligent performance-monitoring tools are vital. But IT professionals often find themselves with too many vendor-, app-, or device-specific tools, with most offering only a glimpse into a single silo, rather than an in-depth picture of the entire network. A single tool that offers end-to-end monitoring, and identifies and measures the entire signal path between service and user, is a much better option.

Network Surges

Of course, there are stresses and strains on all networks at peak times of the day and throughout the business cycle – and sometimes when something else is going on during office hours, such as a major sporting event or news item, which may put an unwanted drag on network performance.

If IT professionals can monitor the network for surges – for example, in the middle of the night, which might suggest a hacking attack – then security and performance can be properly managed and maintained, whatever the load on the network.

Security is a further dimension, and the same specialist tools can help here as well.

The Internal Security Challenge

There are two sides to the on-premise security challenge for network engineers.

The first is what happens when the IT team helps visitors to log on to the network as guests. This means ensuring that they’re logged out again afterwards, without access credentials being stored on their devices.

Meanwhile, open guest access via a second insecure WLAN may mean that data flowing to and from the user’s device can be intercepted – something that network administrators may never spot without a network monitoring tool.

The second scenario is just as commonplace: data leakage when authorised users take sensitive data – such as reports, correspondence, spreadsheets, or corporate IP – out of the office on a mobile device, portable drive, or data stick. Again, specialist monitoring tools can alert IT professionals that data has been copied and removed.

Bring Your Own Cloud (BYOC)

A related threat is the ad hoc use of public cloud storage and collaboration platforms, such as Box and Dropbox – particularly when users are mixing and matching their own cloud solutions. Some companies outlaw the use of personal iCloud and Dropbox accounts for this reason, but it would still require policing to ensure this is complied with.

Bad Actors

Mobile devices are often lost or stolen, too, and employees will often move on to other jobs. In either case, there is a real risk that sensitive data may still be lurking on devices or in personal cloud accounts. Sometimes this is deliberate: a recent survey revealed that as many as 75 percent of employees admit to copying some corporate data when leaving their jobs!

At such times, therefore, it’s essential that a mechanism exists for revoking access privileges, while some devices also offer a remote-erase facility for deleting any sensitive corporate data that has been stored locally – whether on a particular device, or in the cloud.

But however important this level of insight is for hardworking IT professionals, the most important thing is being able to manage the network actively, and not just reactively when it is already too late!

Device-Level Management

Highly distributed organisations want to standardise their IT – along with the experience of using it – across all of their local branches. On a day-to-day practical level, however, most companies can ill afford to put skilled WLAN specialists in every branch or office, which makes remote network monitoring and management all the more important, as well as remote management of the devices themselves.

75 per cent of employees admit to copying some corporate data when leaving their jobs.
This is especially challenging in the case of BYOD, since most consumer devices lack proper diagnostic interfaces. This is another reason for IT professionals to invest in a network monitoring and management system that sits above any proprietary tools that are offered by vendors, and can guarantee insight into the entire network, even when discrete or devicespecific applications are not available.

Inventory Management

Inventory poses yet another management problem: IT departments are responsible for making sure that all corporate software is properly licensed and up to date.

In the cloud-enabled world, rolling updates take care of more of this process than in the recent past. However, it’s a lot more difficult in the BYOD environment, due to the lack of homogeneity in users’ operating systems and apps – especially when corporate applications have been installed on employees’ own devices.

But none of this should stop BYOD schemes being seen as an asset to the organisation. After all – as we’ve seen – BYOD offers many advantages to IT departments. So how can IT teams and network managers and engineers, successfully manage and integrate BYOD? There are a number of key, practical steps that will keep IT professionals in the driving seats of their departments.

Plan, Predict, and Design

No IT professional should assume that setting up the corporate wi-fi is as simple as plugging in a domestic router. Upfront planning and design are essential for successfully integrating BYOD with the corporate WLAN, which demands a thorough understanding of wi-fi capacity and coverage.

Understanding device types is another consideration. For example, most mobiles are optimised for low power consumption and for their small physical size. This may place constraints on RF performance and antenna gain. IT pros should also pay attention to the underlying wired network infrastructure and other potential trouble spots – such as microwaves, which can interfere with wi-fi signals.

Applications are important too. Unified communications and collaboration (UC&C) systems are increasingly important to many organisations, so bandwidth priority will need to be given to real-time applications, such as VoIP and conferencing, and these will require careful Quality of Service (QoS) allocation.

Another challenge is the increased network complexity needed in order to provide end-to-end QoS in UC&C, so that real-time apps can be merged with data applications: a tough call in an era of multiple wide-area carriers and peering agreements.

Simply providing more bandwidth may not address these problems – in the same way that adding another lane to a highway doesn’t remove the causes of congestion. But the good news is that there are tools that can identify the real causes of problems and help IT professionals to plan for BYOD and wi-fi coverage – while also checking for dark spots, performance problems, and left-behind rogue access points (such as can be found in recently modernised premises, for example).

Upfront planning and design are essential for successfully integrating BYOD with the corporate WLAN.
Network design tools have revolutionised the way that IT professionals can deploy wireless systems. Using information about site and building layouts, the existing network infrastructure, the radio frequency (RF) environment, the device population, and usage, these tools can predict WLAN coverage and performance accurately.

However, it’s important to verify all of these findings with real-world, on-the-ground surveys.

Using the theoretical design as a baseline, placing access points (APs), conducting walk tests and verifying data rates will all allow the design to be iteratively improved until final locations can be confirmed. Once all these factors are finalised, APs can be located and fixed.

Detect and Eliminate Interference

New sources of interference tend to arise as wireless systems evolve. Effective software tools can continuously monitor this and alert network engineers. In the case of interference from other wi-fi devices, this is most easily eliminated by changing channels on one or more devices in the vicinity.

However, BYOD can be a real problem in this context. Most devices will have both Bluetooth and wi-fi enabled, effectively saturating the 2.4 GHz band in their vicinity. This applies even when there is no BYOD scheme sanctioned, since these devices may still be repeatedly polling and attempting to connect.

Put simply: whether or not employees are using their own devices for work, they will still be in their pockets and, in most cases, switched on. Microwaves can also disrupt wi-fi signals.

In each of these cases, policy and good management are the keys, supported by specialist tools.

Maintain Security

A key part of any BYOD strategy should be maintaining the security of the whole wireless environment. While hardware vendors may offer rudimentary security tools, only a dedicated wireless intrusion prevention system (WIPS) can achieve this automatically across multiple sites.

A WIPS works in two ways. It monitors the radio spectrum for any unauthorised wireless devices (detection) and automatically stops those devices accessing the WLAN (prevention).

Large organisations are particularly susceptible to threats from bogus access points that could expose the entire network to anyone within wireless range. The WIPS will detect these using MAC address filtering and, to guard against MAC spoofing, device fingerprinting (which identifies each device). The WIPS will also detect and flag any attempted use of wireless attack tools.

With the proliferation of BYOD and wireless, and the consequent rise in vulnerabilities and threats, another key security element is regular updates as new threats – and patches – are discovered. A dedicated WIPS can centrally manage updates across the organisation, without requiring specialist local (on-site) intervention.

A key part of any BYOD strategy should be maintaining the security of the whole wireless environment.

결론

Legacy network management systems just don’t cut it in the world of BYOD, and neither do the plethora of vendor-specific tools that may come with some enterprise applications. Instead, IT teams should refocus on the user, on management, and on implementing policy.

A holistic, future-proofed approach is the only thing that works in this new environment, backed with specialist network monitoring and management tools.

The answer is end-to-end visibility across the entire physical and virtual infrastructure. That level of proactive management enables individual network events to be captured and analysed to see where and why problems are appearing, however transient they may be.

Coupled with continuous wireless testing to reveal points of congestion, high error rates, degraded data rates and other problems, and the network administrator has everything he or she needs to be proactive.

It’s all about identifying problems proactively: being able to pinpoint where the problem is quickly solves a lot of problems in the ‘war room’ and reduced the finger-pointing.

For IT leaders and their teams, this level of visibility and transparency is essential, but that demands having access to dedicated tools and a fast, robust network. Rather than chase down problems once they have occurred, it should be possible to prevent them happening in the first place.

In this way, BYOD can truly be an asset to the organisation, not a brake on network performance and security – and it will be one less headache for the IT professional!

 
 
Powered By OneLink