Brought to you by SolarWinds
Allowing employees to use personal devices for work often creates chaos for IT departments.
Apart from enforcing security and compliance standards, IT managers also need to grapple with increased use of IT resources through personal devices.
Yet, the Bring Your Own Device (BYOD) trend is here to stay. According to a VMware survey, over 50 per cent of workers in Singapore already use their personal devices for work, whether their employers have a BYOD policy or not.
Most problems associated with BYOD stem from a lack of tools that allow IT managers to track personal devices, manage IP addresses and enforce security policies.
At the same time, survey respondents reported that greater use of personal devices has generated more help desk requests, higher network traffic and security issues.
That said, BYOD need not be a nightmare with these pointers from SolarWinds:
Implement a security policy: Employees are using their personal devices for a wide range of things – accessing e-mail, corporate applications, taking pictures of whiteboard drawings. But what enterprises don’t realise is that security encompasses more than e-mail access.
Some companies have adopted the same techniques that they used with desktop devices for mobile devices – VPNs, login requirements – but only a few are managing devices using dedicated tools.
Enterprises should have a policy that balances the needs of their business with security and productivity woven into the mix. Personal mobile devices don’t need access to everything, so figure out what those are.
This may include allowing only certain types of personal mobile devices on the network or creating a segment of the network to put these devices. SolarWinds, for example, has a guest network that personal devices can connect to.
Also, decide how you will enforce your security policy – through separate networks, management software or with login requirements. Tweak your policies as you learn how users are using the network.
But no matter which approach you choose, you need the right tools to manage your network and personal devices.
So, if you run a separate wireless network for personal devices, how do you monitor that network? What IP address space do you allocate to those devices? How much bandwidth do you allocate to that network? Can you find devices that are affecting network performance?
Determining a support policy: Will you help staff get connected to e-mail? Corporate apps? Will you support the use of those apps when they have questions? For many IT departments the answer today seems to be “it depends”.
Managing more IP addresses: If the number of devices on your network doubles, IT professionals need to ensure they have enough IP addresses to support the increase.
Also, do you have the tools to manage your IP infrastructure and accommodate new devices? IPAM tools such as SolarWinds IP Address Manager provide a simple way to manage the address space, as well as DHCP and DNS servers on the network.
Managing switch ports: With more devices on your network, there will be additional burden on switches and wireless access points. As such, you need to understand the status, performance and capacity of network switches and their ports.
The first step in proactively monitoring switch ports is to map your current switches. By mapping your switches, you can see exactly which ports are in use on any given switch.
Once the ports are mapped, begin monitoring them, preferably in real-time. Monitoring switches and ports will let you see key performance indicators such as ports used, CPU load, memory used and more so you can identify potential problems before they arise.
Tracking personal devices: To search for a rogue device on your network you will need to telnet to your switch or router, look at the ARP table if searching by IP address, or the CAM table if searching for MAC addresses. Of course, this presumes you know the switch or router that the device is connected to.
But if you don’t know the specific switch or router, you need to connect to each switch until you find the device you are looking for. Note though, that this approach only works for devices that have a current connection. If the device has been disconnected from the network, you will lose any connection history.
Automated tools like SolarWinds User Device Tracker allow you to search for a device by user name, MAC address, IP address or hostname. Once the device has been located, you can determine the switch, port, and VLAN the device is connected to.
With this information, you can isolate or shut down the port that a rogue device is on. As the number of devices on your network increases, this process becomes time consuming and tedious.
Some automated tools can proactively keep an eye on specific devices by creating a watch list. They can automatically scan your network for “watched” devices, and generate alerts when any device on the list connects to the network.
You may also want to track configuration details and historical data pertaining to each port including port names, port numbers and VLAN, along with a complete history of devices that have been attached to the port. This lets you track the last known location of a device if it is no longer connected to the network.