How To Protect Your Network In A BYOD World

How To Protect Your Network In A BYOD World

If your business is pursuing a bring-your-own-device (BYOD) strategy, effective network management and security becomes critical. How can you ensure resources are accessible to staff who need them but not vulnerable to attack? The answer could lie in an often-maligned technology: network access control (NAC).

Image courtesy of Shutterstock

As Gartner analyst Lawrence Orans pointed out during a recent presentation in Sydney, NAC first found favour around 2003 as a potential means of dealing with worm-based network attacks. While relatively few businesses adopted it for that reason, it does have potential as a means of securing business apps and content in a non-device dependent fashion.

How To Protect Your Network In A BYOD World

Want even more advice on working smarter and advancing your career? Grab Lifehacker’s new ebook Working Smarter: The Technology & Tactics You Need To Get Ahead In Business. You can download the entire ebook for free here.

“We can use the network to get some control over this BYOD environment,” Oran said. Some sort of strategy is needed: “We are losing control. For $500 you can buy a very nice tablet; for $300 you can buy a very nice smartphone. People bring them to the office, and we’re at a loss how to manage this scenario.”

“BYOD makes a lot of us very nervous. It makes network managers nervous because they like to know what’s on the network. That’s directly related to network stability. Rogue devices disrupt network stability.”

Oran notes there are three potential solutions for BYOD management: mobile device management via agents, using hosted virtual desktops and VDI, or implementing network access control to ensure only patched and secure devices are allowed to connect. Those aren’t mutually exclusive options; many businesses will implement all three, though this will often be piecemeal. For instance, data loss prevention software for tablets is still rarer, Oran noted.

The fact the NAC is also less common in part reflects the fact that initial implementations aimed at protecting against worm attacks weren’t effective. “NAC was much more complicated and expensive to implement than we anticipated,” Oran said. “NAC languished, and the threat landscape changed.”

“NAC in many years has received a black eye through the years. NAC is all about policies .What has changed over time is that the policies have changed.”

A related issue is that ‘traditional’ NAC vendors haven’t necessarily responded to the BYOD opportunity. “In the pre-BYOD era, endpoint protection platform vendors had a good angle for NAC. Now that people are bringing in tablets and smartphones, those vendors don’t call the shots the way that they used to.” An unpredictable range of devices also means varying support for standards: “Now that it’s not an all-Windows worlds, standards have taken a step back.”

Using a NAC allows the creation of a Limited Access Zone (LAZ), which sits halfway between a traditional network and an IP-only guest network (used for Wi-Fi access for visitors). With an LAZ, connections require credentials, but don’t offer access to full management features. Gartner predicts that 60 per cent of large enterprises will use some form of LAZ by 2016.

It’s not a simple approach; Oran cited one company that spent $130,000 and took 18 months to implement an NAC system. But in larger environments where a strict policy needs to be in place, it can be an effective solution.

Evolve is a weekly column at Lifehacker looking at trends and technologies IT workers need to know about to stay employed and improve their careers.


  • At work we use virtual desktops — VMWare to be precise. And we have set up a dedicated wireless network for devices that use it. Any network activity gets “funelled” into the VD servers where it gets checked for malicious activity and then moved along accordingly. Sure VD is an expensive way to go, but it lets us BYOD without much concern.

Show more comments

Log in to comment on this story!