Cisco is running free 802.1X training courses to build partner knowledge of its BYOD (Bring Your Own Device) solutions for LAN customers.
Since the advent of smart phones and tablets workplace networks have faced increasing demand from employees to access data and network services from personal devices.
The problem many customers now face is what kind of access (if at all) to allow and how much.
John-Paul Sikking at Cisco is now running security sessions with NZ customers and partners explaining, “The heart of BYOD: get your authentication and authorisation right.”
He says, “When I talk to customers, I talk about a continuum that you find yourself on. We have the locked down traditional mechanism that the likes of Defence and those kind of guys play, they want a very locked down secure network, all the way through to very open organisations.
“If they’re going to get on the BYOD path they usually start small, with some wireless access, and maybe allowing iPhones on to the network all the way through to allowing any device where they then have the security embedded in that [network]. They take away all of the reliance on the device and develop trust.”
Sikking says BYOD is not just iPhones and iPads, it’s any device including laptops that could easily contain viruses.
“We need to be able to say any device that comes into the network we have a way of actually maintaining control of that when it enters the network. We used to call it triple AAA Authentication Authorisation and Audit, which is the standard security term. When we deal with BYOD we now talk about APPAA, we need to Authenticate the device, we need to Profile it, so we understand what it is, because that’s a factor we don’t understand anymore, so we need to know what device is connecting, we need to make a Posture assessment of that device if we can, in other words what is the version of IOS it’s running. We’ve just had a new release come out last Friday. Have they upgraded yet, etc ? Is there any other type of security device on that device and make sure that it’s running.”
Cisco will be running a free training programme in Sydney in early April aimed at network engineers which covers implementing 802.1X and the use of the Cisco ISE (Identity Services Engine) dashboard interface which can add the context of who and what and which kind of access or application is being used as part of a decision to bump an infected device off a network.
Resellers must pay for flights and accommodation. Resellers should contact firstname.lastname@example.org at Cisco for more details.