How an NAC System Can Help to Secure Your BYOD Policy

BYOD policies can be very beneficial for businesses, in that it increases worker flexibility and productivity. However, it can also be a bit of a headache if your IT department is not properly equipped to handle the risks associated with it. Allowing employees the ability to use their own personal devices to access and interact with corporate data, exposes the company to a number of threats both within and outside the company. When implementing a BYOD policy at your business its important to inform yourself with all of the ways that you can protect your data.

This brings me to one of the pillars for establishing a successful BYOD system: Network Access Control (NAC). Essentially, NAC solutions are designed to unify endpoint security technology, system authentication, and network security enforcement. These solutions have been around for years but were never really used by many IT managers since most of their machines were Windows domain machines that they owned and were able to controlled themselves.

Older NAC technology focused mainly on endpoint security, with an emphasis on updating device configuration to meet corporate security policies. Because it had a limited interoperability between NAC and networking gear, it was difficult to manage and and operate. Eventually, over time, NAC solutions began to have greater focus on safeguarding networks from unmanaged devices, using a mixture of policy management, profiling, and access control.

You may be wondering why you’ll need an NAC system to begin with and why you’re MDM system by its self won’t do the trick. While MDM systems are excellent at secure your mobile devices, they only do a portion of what’s needed to keep your data safe. While these systems protect your devices, NAC protects your network. Many IT experts often see these two platforms as complimentary, with both being necessary to fully safeguard your BYOD system.

In today’s climate, with a massive influx of user-owned devices that are nearly all wireless, it’s no wonder NAC is becoming increasingly popular. Today NAC increasingly applies an approach in which they create a guest network where non-corporate devices are separated from the main network. After the devices are on this limited access network, the NAC solution is able to assess them based on configuration and whether or not they comply security policies.

What should I expect of my NAC solution today and for the future? 

1. NAC solutions should be vendor agnostic with the ability to support all wired and wireless connectivity sources across the entire network.
2. With so many new devices coming out on the market every year, your NAC solution should be able to support a wide range of mobile devices.
3. IT security professionals are already stretched thin in most organizations today. You should employ an NAC solution that features a number of automated functions. An NAC solution must be able to support user self-provisioning so that very little intervention is needed in order to give someone the network access that they need. The automated features should also include basic remediation measures in case a device is not up to standards.
4. The NAC solution should be able to specify different permissions. For example, you may want to employ restrictions based on time, location, and a number of other conditions.

According to SecurEdge Networks , when looking to secure your BYOD policy with an NAC solution, you should keep these features in mind:

1. Centralized Policy Management – This means no more managing multiple systems to manage different types of users. You now only need to head over to one spot to see what the different members of your network are allowed to access.
2. Self Registration – In corporate environments, most users have on average 2.5 devices. Device Registration for BYOD allows users to provision their own devices.
3. Remote Registration – This feature allows users to provision their device with your permission before arriving on location. This can save a ton of time during the hectic first day for an employee.
4. Secure Guest Registration – You can no longer just hand out one guest pass and expect it to stay with that guest. You need to provide secure guest access that allows the guest user to register with a captive portal and that the password provided will not be able to be shared around the office. NAC solutions also allow you to establish multiple levels of guest user access. This means that some users can be kept in an area with varying levels of network access.
5. Dashboard Device Profile Views – You should be able to view a number of statistics regarding the access to your network. This includes who, how, from where, and what sort of devices are being used. NAC solutions also have the ability to gather Active Directory, LDAP, and SQL information as well.
6. Threat Management – There are some NAC technologies that act almost like a unified threat management device using a variation of features. These features can include port disable, VLAN control, VPN disconnect, and access control list to block or quarantine network devices until remediation takes place.
7. Integration with Intrusion Prevention Systems –  Many NAC solutions integrate with IPS technology in order to allow the NAC to authenticate and grant access based on the security mandates used by the more recent system.

NAC is a powerful tool that allow your BYOD system to function safely. An NAC solution can provide customizable access for different users depending on the authority that you assign them. Now that you’ve taken a look at some of the features you should be aware of when using NAC to secure your BYOD system, you should take a look at some possible vendors. Keep in mind, that each BYOD situation is unique and requires a specialized NAC solution, so remember to do you research!