Talk to anyone in IT today about anything and it’s hard not to transition to a discussion on BYOD. Almost every IT leader I speak to is struggling with the pressure of having to allow workers to use personal devices in the workplace while still maintaining security. This is one of the reasons the mobile device management (MDM) market has been growing.
However, it’s been my belief that MDM alone isn’t enough to establish a BYOD strategy. Most MDM solutions are based on client software being deployed and maintained on the device. But devices change so frequently in the workplace that trying to manage security by managing the device does not scale. What’s needed is a solution that’s delivered from the network so devices can be brought onto the corporate network and then used to access information without putting the organization at risk.
Today, Aruba announced a new component to its BYOD solution, ClearPass, called Aruba WorkSpace. WorkSpace adds the following features to ClearPass:
- Isolation of corporate applications. WorkSpace provisions a separate, encrypted partition on the mobile device for business applications and content. This gives IT control over the company-owned information without having access to the personal data. Juxtapose this with a traditional MDM solution where IT needs to control the whole device so it can wipe all personal and business information if a device is lost. With WorkSpace, IT could “kill” just the corporate partition, leaving the personal information intact.
- Application fluent networks. WorkSpace does some basic packet inspection, which allows it to automatically assign higher network priorities to business applications to follow pre-defined policies. This means organizations can allow workers to use their own devices, but business applications will always receive a higher priority than things like YouTube and Netflix.
- Automated security. I’m a big proponent of automating as many IT tasks as possible. If an employee’s device connects on an untrusted network, WorkSpace automatically establishes an app-specific VPN. WorkSpace can also limit network access if a jail-broken device or unapproved applications are being used.
- Improved user controls. Aruba WorkSpace comes with client software that enables workers to perform BYOD-related functions without having to lean on IT. Through the client, workers can provision guest access or give access to AirPrint and AirPlay devices.
Aruba's WorkSpace announcement is filled with new features, but the most impactful one will be the isolation of corporate applications. I’ve interviewed many corporate workers who have admitted that they would be hesitant to report a lost or missing device to IT in fear of losing all of their personal contacts, pictures, apps and other information on the device. Aruba WorkSpace gives IT the control it needs without having to touch the personal information.
One CTO I interviewed recently stated he felt like success for him was based on how fast he was willing to give up control of the IT environment. BYOD isn’t about giving up control; it’s about shifting control away from the device, and ClearPass with WorkSpace can put that control in the network, where IT needs it most.