The widespread use of mobile devices in the corporate setting creates network access problems but also opportunities, Kellet told Infosecurity. “You could either look at it as additional difficulties or further opportunities in terms of network access control products to protect all the devices that connect to the network, such as the new generation of mobile tablets and smartphones”, Kellet said.
“In most areas, the mobile marketplace and elements of protection that are being put in place to support it are pretty immature”, he said. “We are talking about devices that people have made a personal choice to purchase; the issue for business is that senior people see these as valuable for connecting to systems and networks.”
“When you look at it from the point of view of what devices NAC has to control, then everybody is recognizing the new generation of smart mobile devices that are being brought into the business. Some vendors will be a little further along than others” in providing products for this market, Kellet said.
John Kindervag, an analyst with Forrester, is not optimistic about the NAC market for personal mobile devices. “Frankly I don't see NAC working in mobile as the organization doesn't own the devices. Mobility may in fact kill traditional NAC”, he told Infosecurity in an email.
Bradford Networks is basing its NAC strategy on Kindervag being wrong about his prediction. The company recently launched a NAC application for iPads, iPhones, and other Apple mobile products. The application is a feature of Bradford’s latest Network Sentry, version 5.3, which can differentiate between corporate and personal assets and provision network access accordingly. The company plans to expand the app to include Android and Windows mobile devices in the coming months.
“It’s not really an option anymore for most organizations to hold fast to the policy of only connecting enterprise equipment to the network. There is a widespread demand for people bringing their personal devices to connect to the corporate network”, said John Sheedy, Bradford’s technical marketing manager.
“It is a different challenge when I have various types of devices coming on the network. They do not have a consistent platform or OS, and they are not a consistent device type or manufacturers. I don’t necessarily know what has been installed and running on those devices”, Sheedy told Infosecurity.
Bradford’s Network Sentry 5.3 has a mobile agent for Apple iOS, enabling organizations to gain visibility and control over Apple mobile devices and provide access for trusted devices that have downloaded the app from the Apple store, Sheedy explained. The Bradford app will identify the device, register it on the network, check the device’s applications, provide jailbreak detection, and block access, if required, he added.
Sarasota Memorial Healthcare is one of Bradford customers; the hospital system wants to provide timely network access for hospital-owned iPads used by clinicians and other staff, while allowing guest access only for personal iPads.
“We found in our penetration tests that there were open security holes where people potentially had the ability to come in and penetrate our networks, even though we had security measures in place at the perimeter….So Bradford gave us the ability to ensure that if a person came in and had an unauthorized or unregistered mobile device, they couldn’t just gain access to our network and be able to steal data”, John Bozer, director of information systems for Sarasota Memorial Healthcare, told Infosecurity. “We wanted to keep those devices completely separate from our production network”, he added.
Bozer said that the Bradford Network Sentry product’s ability to distinguish between corporate and personal devices and provision access accordingly helps the hospital comply with the Health Insurance Portability and Accountability Act (HIPPA) and the Health Information Technology for Economic and Clinical Health Act (HiTECH) regulations. “It helps to ensure that our data is only being accessed by devices that are authorized for that access”, he noted.