FINAL WORD
Guest policy management must also
include the ability to set bandwidth
limitations on guest sessions to maintain
service-level agreements and robust
throughput for all users.
Network access management systems
that integrate with next-generation,
application-aware firewalls for additional
protection against non-http traffic and
content filtering that prevents access to
inappropriate or offensive websites is also
recommended.
NETWORK ACCESS
MANAGEMENT SYSTEMS
THAT INTEGRATE WITH
NEXT-GENERATION,
APPLICATION-
AWARE FIREWALLS
FOR ADDITIONAL
PROTECTION AGAINST
NON-HTTP TRAFFIC AND
CONTENT FILTERING
THAT PREVENTS ACCESS
TO INAPPROPRIATE OR
OFFENSIVE WEBSITES IS
ALSO RECOMMENDED
SSIDs, 802.1X settings and necessary
device certificates are then automatically
configured on authorized devices.
By working with unique device certificates,
users then don’t need to enter login
credentials repeatedly throughout the
day – or worry as much about password
theft when connected to guest networks.
Menu-driven capabilities ensure the rapid
revocation and deletion of certificates for
specific mobile devices if a user leaves an
organization or if the device is lost or stolen.
How to treat guests
The BYOD challenges don’t apply just
to internal users. Any visitor – guest,
customer, partner or other external third-
party – will arrive with at least one device
that requires network access – wired or
wireless. Good security management
requires a simple model that automates
and simplifies the provisioning of network
access for guests, but also provides
expansive security features that keep
data, computing resources and other
users safe.
Self-registration lets guests create
their own log-in credentials, which are
delivered via printed badges, SMS text
or email. Credentials can be stored
for specific periods of time and set to
expire automatically. Guest traffic on the
network should also be configured to run
separately from enterprise traffic.
Today’s most robust security
management platforms allow guest
portals to be customised with options like
advertising and local language support.
88
INTELLIGENTCIO
Regular checkups of device
health
Prevention is especially good medicine
for the security of enterprises and their
datacenters. IT must have the means to
perform endpoint health checks to ensure
that laptops are fully compliant with
internal requirements which check for the
latest patches and updates before they’re
allowed to connect.
C
M
In addition to system-wide, per-session
NAC protection, enterprises should be
able to specify whether to allow or deny
capabilities like peer-to-peer applications
or USB storage devices. Administrator
dashboards make it easy to identify non-
compliant devices, users, and the reasons
for non-compliance. Access can be denied
if storage is not encrypted; this also gives
IT leverage with users to ensure that
offending laptops get updated as needed.
Endpoints that aren’t in compliance
can be automatically remediated or
quarantined with today’s security
management platforms.
These sorts of security functions are no
longer just nice to have – they’re essential
to today’s most competitive businesses.
And with the advent of cloud computing
and an explosion of IoT devices, robust
security management is essential for
enterprises. End-users – accustomed to
high levels of performance, easy access
and self-service – expect the same of
business networks.
Security platforms that integrate policy
management with authentication,
authorisation and accounting will lay the
groundwork for more robust computing
and IT-fuelled productivity. And they’ll
keep networks, devices, data and users
safe in the process.
www.intelligentcio.com
Y
CM
MY
CY
CMY
K