In my previous blog post I looked at the basics of putting a BYOD policy together for your network. It focused what to do when end-users bring their own devices into the workplace and request access to the corporate network. Since I published the post, I had a number of enquiries about what options exist for when users want to use their own devices to connect to the workplace from external or home networks.
There are two technologies that compete in this space: traditional VPN systems and newer MDM solutions. VPN solutions normally require you to host the equipment to manage the connections locally on your network, whereas the MDM solutions usually take care of this in the cloud.
VPN systems have been around for a long time. Most are used to allow remote sites to connect over ADSL connections or to allow laptops to connect in from external networks. Recently VPN vendors have been adding new functionality to their appliances, which can allow end-users to connect to the workplace from a remote location using their mobile devices. The end user is either provided with a preconfigured device or they install an app onto their personal device which allows them to securely connect. Some apps also include functionality to lock down the device so that the end user cannot install any unapproved applications. However, this can be a nightmare to implement especially when the device was paid for by the end user.
If you are looking at a VPN based solution you should consider following:
- Find out how many concurrent sessions it can support and see if that matches your requirements. They can get very expensive and may require a forklift upgrade to do so.
- Most solutions include support for iPhones and iPads but it may be worth checking if they plan to support Android or the new the Microsoft Surface tablet.
- If you have multiple offices that require remote access, check if you need to deploy an appliance at each site.
Mobile device management has resulted in the launch of a range of new technologies which are aimed at IT shops trying to cope with tablet mania. MDM solutions focus on providing mobile connectivity, user account administration and device management. Some of the more interesting innovation in this space has been with solutions which take away the hassle of hosting your own appliances. Users install an app on their device, get authenticated in the cloud and are then connected to your network. The IT manager can still control access but they don’t need to worry about hosting expensive appliances to do it. If you are going to look at something in the MDM space then you should consider the following:
- Does the solution use end-to-end encryption during transmission?
- Check if any of your data is stored in the cloud. Ideally your MDM vendor should provide you with communication channels and not store any of your data.
- Check what platforms are supported. Most will support iOS and Android
Some people have suggested to me that moving all applications to the cloud is another solution. With everything in the cloud you can use any mobile device to access the data. This may work for your own personal data; just make sure you use strong unique passwords for each service used. However, I have yet to come across any corporate network which is moving in this direction. People are still reluctant for a variety of reasons to move their sensitive data outside their networks.
Do you have any recommendations for allowing mobile devices to connect into a network? Comments welcome.