Page 27 - Cyber Warnings
P. 27
Migrating to Policy Management from Basic AAA
Since Active Directory or LDAP are still used to administer security policies for most internal
users and devices, IT departments aren't able to perform enforcement using real-time
contextual data. Context like user roles, device types, ownership, location, and app usage – are
all essential to enforcing policies as users move through their day and work with multiple
devices. With this model, laptops can be given more rights than smartphones based on device
type, for example. Policy management takes all those factors into account and dynamically
enforces which resources can be accessed.
In addition, today’s policy management systems let users configure their own devices for secure
Wi-Fi or wired connectivity. Workflows that include MDM/EMM data makes it easy to detect if a
device is company issued or BYOD.
This sort of security management transition can't be done in a firehose fashion; security
professionals agree that a phased approach is the smartest way to move from legacy AAA to
centralized policy management. IT departments can then ensure that highly mobile workers get
seamless access to the apps, printers and network services they’re authorized to use, no matter
where they are or what device they're using.
Managing in the BYOD Era
IT professionals have been sorely tested by the BYOD trend with both internal users and
network guests. Managing the onboarding process of everyone's personal devices can strain IT
and helpdesk resources, and if not properly handled, can also create security problems. Robust
management platforms allow for any Windows, Mac OS X, iOS, Android, Chromebook and
Ubuntu devices to be automatically onboarded via a user-driven, self-guided portal. Required
SSIDs, 802.1X settings and necessary device certificates are then automatically configured on
authorized devices.
By working with unique device certificates, users then don't need to enter login credentials
repeatedly throughout the day – or worry as much about password theft when connected to
guest networks. Menu-driven capabilities ensure the rapid revocation and deletion of certificates
for specific mobile devices if a user leaves an organization or if the device is lost or stolen.
How to Treat Guests
The BYOD challenges don't apply just to internal users. Any visitor – guest, customer, partner or
other external third-party – will arrive with at least one device that requires network access –
wired or wireless. Good security management requires a simple model that automates and
simplifies the provisioning of network access for guests, but also provides expansive security
features that keep data, computing resources and other users safe.
27 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
