A mobile device security strategy that puts users first

With the right strategy, mobile device security doesn't have to be a compromise between user demands and network risks.

This article can also be found in the Premium Editorial Download: Network Evolution: Network security in a world of mobile workers:

Mitch Davis knew the writing was on the wall -- or rather, the paper -- when he saw this headline in Bowdoin College's campus newspaper last year: "I don't do wired, I do wireless." As CIO at the Brunswick, Maine, college, he got the message: Its students operate in a wireless world. His concern, however, was about striking a balance between student demand for anytime, anywhere access and the need for mobile device security.

The students get to live in their wireless world rather than having to live in our wired world.

The college had a fiber optic network in place and Wi-Fi hotspots all over campus, but that setup wasn't enough. Bowdoin has a well-known museum and library and popular sporting events that attract thousands of visitors. 

Like the 1,750 students who attend the college, those visitors wanted wireless access on campus. A stadium full of soccer fans simultaneously trying to gain wireless access on campus made it clear that the Wi-Fi in place couldn't handle thousands of mobile users.

To meet the rising demand for wireless access and ensure mobile device security, Davis ended up building a guest wireless network for visitors, separate from a new wireless network for students, faculty and administration.

The mobile device creep

Even before students made clear their desire for better wireless access, Davis was watching the steady creep of wireless access. "A year ago, we had about 750 to 1,000 people using wireless. Within six months it grew to 1,500, to 1,750. After Christmas, I knew we were going to get buried."

As of February 2012, Davis has installed 430 wireless access points. The wireless network was built using Cisco Aironet's 3600 series with CleanAir technology, which monitors traffic and identifies security threats, such as malicious Wi-Fi devices. The college's internal wireless network now can handle more than 3,000 users, and "the students get to live in their wireless world rather than having to live in our wired world," he said. The guest network, which gives visitors an eight-hour pass to a separate network, is "less robust" but easily supports visitor traffic, he added. Performance is no longer degraded during heavily attended events because the CleanAir technology detects potential logjams and moves wireless traffic from access point to access point as needed, he said.

As for security, Davis said he has yet to have a virus overtake either network. He does shut down access points showing signs of a security threat -- by suddenly spiking in traffic, for example -- but that doesn't happen very often, he added.

Mobile device security: The cost of accommodation

Bowdoin's guest and private wireless networks give users access from Mac, Android and iPad devices -- and in some cases, gaming consoles, but many enterprises don't have the resources to accommodate such a varied mobile user base, analyst Jack Gold says. Nor do enterprises always have the funds to build a separate network, which is why many are partitioning mobile devices through virtualization.

"It essentially puts a vault on the device, and if you're not connecting from that vault, you can't get on the network," said Gold, president and principal analyst at IT strategy consulting firm J. Gold Associates LLC in Northborough, Mass.

Building a separate network for mobile users "happens a lot," said Chenxi Wang, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc. "That way they don't have to worry about what happens on that network, and they give users flexibility."

Wang agreed that some CIOs who are strapped for resources are solving the usage and mobile device security problem by connecting their company's virtual private network to a set of secure servers. Those servers provide external-facing applications and data, and segregate the rest of the corporate network from mobile users, she said.

Davis recommends that whether they work for a college or for a global enterprise, CIOs should form a user advisory board to guide their wireless IT strategy and the direction of IT in general. He surveys students and has a student advisory board with whom he meets regularly. "Never create a solution that doesn't suit their life. You may choose your own path to cut costs down, but you end up disenfranchising a whole bunch of people."

Let us know what you think about the story; email Christina Torode, News Director.

Dig deeper on Enterprise information security management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close