Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

The importance of network access management in BYOD shops

Network access management helps keep your company out of hot water if BYOD users do anything illegal from your infrastructure.

Companies that allow employees to bring their own devices should use network access management techniques to stay out of legal trouble.

Some companies see allowing BYOD as an easy solution to device management headaches. But if your company allows BYOD, it means that users are connecting to the Internet and other corporate resources from their personal devices, using the company network that you are responsible for. If users do something bad from your company network -- such as hacking into systems or distributing or downloading illegal content -- your organization is responsible. It's important to have network access management measures in place for the portions of the network that you allow BYOD users to connect their devices to.

Make sure users [on your network] know their activity can be traced back to them.

At the very least, you should have users access a portal page before they connect to the Internet. On that portal page, you can set the terms and conditions of Internet usage. Your company's legal position is a lot better if the user has clicked an "I Agree" checkbox where he agrees not to be involved in illegal activity before connecting to the network.

But that isn't enough if you really want to prevent users from doing anything illegal. In addition to the portal page, consider other network access management methods: Ask yourself if you really want to allow just anyone to access your network, or if you would rather limit access to authenticated users only. The latter provides increased security. To make sure that only authenticated users access your infrastructure, it's a good idea to use an authentication page where users identify themselves. It would be even better to distribute an authentication code that expires after they have identified themselves. 

Also make sure users know their activity can be traced back to them. A user who is aware that you can observe his actions will think twice before getting involved in anything illegal while on your network. If you need to provide network access to temporary users, distribute temporary accounts. There's nothing wrong with handing out accounts that expire after one day.

Network access management tools

After granting access to the network, it's still a good idea to implement some security. If the portion of the network that you let BYOD users access is a public zone or guest network, the security measures don't have to be as elevated. Typically, users can't access corporate servers from the part of the network you allocate to BYOD users anyway, so there's no need to add additional protection to the servers. But use network monitoring to scan for abnormal activity. A simple tool that identifies the most active devices might be enough to help you find users that are trying to do malicious things from their devices.

If you're looking for more in-depth information, consider a tool that scans network usage patterns, such as an intrusion detection system. Make sure to configure this tool so that you can easily pick out abnormal patterns, which helps you see when and if anything goes wrong with the security on your network.

Dig Deeper on Enterprise mobility strategy and policy

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Very true and not just access control but need to make sure that infected personal devices will not get into the network and infect/affect/steal info form the corporate network as well as other personal devices connecting to the network. You need a thorough granular access control not just on servers / services it can connect but also what devices and what apps can do what will be powerful. Also today innovative technologies allow to discover, identify, monitor all BYODs in the network without touching them (agentless like i7 network's peregrine7). In reality a very good Secure mobile (byod) access gateway can be the first point to start and monitor, secure, & granular access control. Ofcourse MDMs to provide security to the data on the device and MAMs to provide security and control to enterprise apps.