Managing personal iPads on a corporate wireless LAN
iOS devices like the iPad and iPhone can cause headaches because of their ability to gain WLAN authentication.
A white paper from Aruba Networks points out the precarious situation corporate-network managers are in when employees bring their personal iPads into the office and connect to a corporate wireless LAN. The paper entitled "Bring Your Own iPad to Work," is made up mostly of product-specific information on Aruba Networks' answer to the dilemma. Nonetheless, the paper does raise the issues that can challenge network managers in these situations.
Part of the paper's introduction states, "Most IT groups configure their WLAN to implement WPA2-enterprise authentication, based on the corporate RADIUS server, and this is very secure. But users are discovering that the same user ID/password combination they enter on their PC will also get their Apple iOS devices authenticated to the corporate WLAN. While useful for the employee, this creates difficulties for IT, as employee-owned devices may have security vulnerabilities that do not apply to IT-supplied PCs with locked-down configurations."
The paper also names and details four challenges for IT under these circumstances.
- User behavior and expectations. IT either ends up providing tech support for the personal devices of employees who are not techically adept, or on the other hand, finds it difficult or impossible to identify whether the savvy employee's authenticated device is the corporate-issued PC or the personally owned iOS device.
- Different security measures. Unless specially configured, Aruba points out, mobile devices are live. No password is required for access to the device. And there is no way to be sure Employee X is actually the one using Employee X's authenticated iPad at any given time.
- Unbearable network management costs. These costs are driven by the aforementioned lack of visibility into these devices.
- Using resources that affect corporate traffic. FaceTime, streaming TV and other non-corporate uses of the network on a personal device can consume considerable bandwidth, affecting other users and the network as a whole.
In its conclusion, Aruba notes, "While some analysts were suggesting, little more than a year ago, that the solution was for IT to supply and standardize on a single, corporate-configured smartphone for mobile employees, the IT group can no longer resist the bring-your-own-personal-mobile-device model. CIOs are right to be concerned about this trend."
The paper can be downloaded directly from Aruba Networks' website. Download the paper here.