MOBILE IAM THE BYOD Done Right SOLUTION FROM ENTERASYS
MOBILE IAM - BYOD DONE RIGHT Mobile IAM Addressing the true scope of mobility imperatives Bottom-line Benefits Embrace the BYOD opportunity and device cost savings Increase workforce productivity and morale, engage young new-hires Monitor and manage risk end-to-end Gain control without adding IT staff, keep OpEX under control Guarantee application delivery to mobile devices Employees in your enterprise are expecting to access the corporate network from their personal tablets and smartphones. Higher education long ago conceded to students demand to use their own devices on campus networks. Health care institutions have adapted to employee owned devices to achieve gains in workforce effectiveness and they still ensure network security, performance and compliance. Why are you hesitating to fully embrace BYOD? Without doubt the sheer numbers of the types and quantities of the devices are staggering. Industry data count 2 billion devices in use by 2015 with 75% of them used for both business and personal use. Already 75% of all trouble tickets are generated by mobile users. Management isn t talking about opening reqs for help desk staff. Nor do you want to be distracted from the critical strategic business initiatives requiring IT support. What are the costs of deploying a BYOD program and how can they be controlled once this Pandora s box is opened? In addition, like other IT professionals, your worries probably include maintaining the security of your network, controlling unauthorized access and managing more risk from new threats and vulnerabilities. However a conservative response, avoid embracing BYOD and simply contain non-corporate owned devices, means the enterprise is squandering opportunities for significant competitive benefits. Using their own devices, staff has choice, flexibility and can more easily collaborate. Workforce productivity and morale increase. IT reduces costs by saving the expenses of procuring and maintaining corporate owned devices for every staff person. The only answer is to implement a comprehensive BYOD solution - one that addresses all your requirements: network security, seamless user experience, end-to-end visibility and control, leverage existing staff and predictable costs over the short and long term. Enterasys Mobile IAM is BYOD Done Right. It is a comprehensive solution for all classes of users, on any consumer or corporate mobile device. It delivers the highest user experience and security by controlling access to the right set of connections and resources at the right times.
Solution The Enterasys system is so easy to use for students that this is something we do not have to worry about trouble shooting, said McHugh. The faculty is taking advantage of the wireless network, and the students, with their own devices, are enjoying having more accessibility to the network.
BYOD BYOD DONE RIGHT Total security, IT simplicity with total control, seamless user experience Bring your own device (BYOD) has become an industry mega trend. However, typical BYOD solutions are seriously incomplete. They only focus on devices and the management of non-corporate owned devices. But, devices are just one part of the control problem. The most effective solution encompasses devices, types and identity, and adds attributes associated with users, locations and applications. Addressing Today s Challenges Enable employee choice and flexibility Deliver predictive user experience Prohibit unauthorized access Manage threats and vulnerabilities Ensure network availability and performance Predictive costs Enterasys BYOD Done Right means total security, IT simplicity with full control and a predictable network experience for users. It provides the complete set of capabilities and features that meet the market s real need for a secure and comprehensive solution. Enterasys Mobile IAM, BYOD Done Right, is comprised of seven core capabilities: auto-discovery, multi-level device profiling, flexible onboarding, advanced context-based policy management, guest access, virtual desktop infrastructure (VDI) and mobile device management integration (MDM). The solution is enabled by OneFabric Security, a distinctive security framework. OneFabric Security treats the infrastructure as a whole and is purpose-built to ensure that every security component is integrated and communicates with every other component. This cohesive approach provides visibility, threat detection, automated response and enforcement end-to-end. Purpose built for campuses and enterprises, Enterasys Mobile IAM is simple: one BYOD solution appliance and choice from a set of Enterasys service offerings. Your BYOD program success is assured with the engagement of Enterasys service professionals, seasoned experts who have successfully done hundreds of these implementations. Done Right means visibility and policy enforcement, end-to-end, simply and flexibly, without an army of new IT staff.
Done Right T H E E NTE RASY S DIFF ERE NCE Unified Management, Automatic Policy, Service Guarantee Mobile IAM provides important unique advantages which translate into greater IT control and a better user experience. It provides granular wireless-wired network bandwidth allocation, and specific quality of service priorities for devices by device, user, location and application. This means, for example, that in a lecture or presentation setting the teacher can have the highest priority quality of service (QoS), higher bandwidth may be allotted for essential applications and only limited bandwidth allocated for irrelevant applications. Mobile IAM enforces policies at the entry point into the infrastructure eliminating resource wastage and optimizing wireless and wired network bandwidth. Enforcing policy at the entry point also frees up network resources for increased device scalability without having to add or overprovision network resources. Mobile IAM simplifies IT operations with its intelligent automated provisioning and policy enforcement. In contrast, alternative BYOD solutions are a complex array of separately priced products and product sub-components for a more expensive solution that is not integrated to this sophisticated level of unified wired/wireless visibility and control. The value of Enterasys Mobile IAM, BYOD Done Right is the ability to embrace BYOD with the knowledge that your solution is secure, scalable and delivers a demonstrably superior user experience. Users experience simple one-step onboarding, predictable application delivery and the flexibility to use any device. No flood of tickets to the help desk. Enterasys BYOD Done Right does not require any additional IT resources to manage it. It scales easily to grow as devices increase. No matter what device they bring, the enterprise infrastructure is secure with Enterasys industry leading capabilities: discovery, profiling and authentication; advanced context-based policy enforcement; and predictive threat management.
MOBILE IAM APPLIANCE Purpose built Purpose built solution for a secure campus and enterprise Enterasys Mobile IAM addresses IT challenges being driven by today s enterprise and campus mobility imperatives providing end-to-end visibility and control over individual users, devices and applications, in multi-vendor infrastructures. It provides complete software for: identity, access and inventory management, context-based policy enforcement, end-to-end management from a single, easy-to-use management application, auditing and reporting. Policy management is the most granular in the industry including per port, per device layer 2-4 access control, QoS/priority, rate limit/shape and more. Real time tracking and unique state change notification for over 50 attributes per device and user give IT maximum visibility into all network activity. It offers an open architecture for assessment (MDM integration) and threat response (Next Generation Firewall (NGFW), Security Information and Event Management (SIEM), Intrusion Prevention System (IPS)). Mobile IAM can scale up to 100,000 devices, depending on the configuration, for the flexibility to meet current and future needs without having to buy components that are excessive at the start. The Mobile IAM Appliance is available as a physical or virtual appliance to best meet your deployment needs.
Advanced Context-Based Policy Management Mobile IAM s advanced context-based policy engine is the most flexible in the industry. The attributes available for policy rule definition include authentication type, device type, user, role, location, time, and assessment status. Within each attribute, specific classifications enable the most fine-grained discriminations. It integrates with authentication services and provides unified wired, wireless and VPN enforcement. Auto Discovery Auto Discovery automatically detects end systems and users and creates a hardware inventory for all attached end systems. The multiple methods provided for user detection include network authentication using 802.1X, Kerberos and RADIUS snooping, portal-based registration and authentication and external user-ip mapping technologies. Multiple methods are used for device detection with MAC authentication followed by IP resolution and reverse DNS lookup and multilevel device profiling. Auto discovery can discover and track 50 attributes per end system and user pair a level of detail that is unmatched in the industry. Multi-Level Device Profiling Mobile IAM provides a comprehensive set of profiling capabilities and API s for integrations to extend these capabilities even further. Features include OUI based profiling, DHCP option fingerprinting with the ability to customize, captive portal, user agent profiling and networkbased and agent-based assessment. With MDM integration granular device type and capability information is identified. With the Mobile IAM Fusion API information from external profilers that are behavior based can be incorporated. Zero Effort and Secure Onboarding and Authentication With Mobile IAM, end users experience Zero Effort onboarding. Not even portal registration is required with the transparent web cache/proxy redirect functionality. For flexibility portal based and automated onboarding are two additional approaches that are provided. Portal based registration with back end integration into LDAP and RADIUS means zero effort for IT. With automated onboarding Web Services are used to allow external systems, such as student management, dorm management, registration and enrollment portals to provision access. Managed Guest Access Control with Sponsorship Guess access management provides accountability, tracking and control. It is fully integrated with Mobile IAM. There are no additional software modules to purchase and maintain. Guest access is through a voucher, pre-registration, authenticated or sponsored access. It is highly automated, including, for example, web-based guest registration with automatic workflow for a sponsor s validation and approval. No matter which vendors populate the infrastructure, Mobile IAM automated guest services provide unified wired/wireless access control for all non-employees. Partners, contractors, visitors or conference attendees are productive while critical business systems and resources are protected from misuse or compromise.
MOBILE IAM SERVICES Quickest time Quickest time to value Enterasys is confident of the value we deliver. Take advantage of Enterasys award-winning services by choosing from four implementation options. This portfolio enables you to choose the service that best fits your needs and priorities. The benefit for you is the ability to utilize expert resources to deploy your optimal solution most efficiently. Mobile IAM Professional Services include everything needed to effectively implement the solution including: auto discovery of existing infrastructure; integration with existing wired and wireless LAN; access policy definition and deployment; and as built documentation. The Fusion MDM Connect Service enables enterprises to extend the value and simplicity of Mobile IAM by integrating the MDM functions of a mobile device management product. Gain simplified management with one interface and enhance Mobile IAM s capabilities with the additional devicespecific attributes and health status information available from the MDM.
Fusion SDN Connect Integration Service provides integration with a variety of IT systems such as Palo Alto NG-FW, IF-MAP, student onboarding systems, SEN OpenScape, Polycom and others. The integration automates context-based policy provisioning of network services for user, device and application for enhanced IT efficiency. IT also gains additional visibility into all devices, users and applications enabling more control. Some enterprises in highly regulated industries turn to virtual desktop infrastructure (VDI) as a method to securely deliver applications for BYOD or other mobile devices. There is no data on the device in a VDI implementation eliminating the problem of lost sensitive data if a device is lost or stolen. But, there are important challenges with a VDI approach. How do you automatically provision the correct access roles for each user in the data center? How can you visualize and track who is using your VDI instances at any point in time and with which access roles? Enterasys VDI Data Center Integration Service provides a solution in a single architecture for the edge and data center.
MOBILE IAM VERTICAL MARKETS Education + Mobile IAM for K-12 Education Pressure for Bring-Your-Own-Device has been especially strong among K-12 schools. Cost pressures, parent and student demand, new styles of teaching, and on-line testing have all had an important role in driving this need. At the same time, insuring compliance with Acceptible Use Policy (AUP) and the Children s Internet Protection Act (CIPA), as well as maintaining security and preventing inequities without taxing the school s limited IT resources, present major challenges in implementing BYOD for K-12 schools. Enterasys Mobile IAM controls access based on user, device, location, application in fact, it can take into account up to 50 different considerations. So a teacher using video for classroom instruction can get high bandwidth, while students in the cafeteria may be limited in their YouTube viewing. High bandwidth can also be provided for VDI use by the staff, while entertainment devices such PlayStation Portable may be barred from the network entirely. All this is easily managed by the IT staff without additional resources. Mobile IAM provides a single pane of glass for network management including BYOD device management. Teachers and students can be automatically provisioned when they first bring their devices to school. Network usage is simply monitored by user, device, location, and application to insure full compliance with AUP and CIPA.
Healthcare Mobile IAM for Higher Education Higher Education has some of the highest demand for Bring Your Own Device, but also faces the greatest risks and challenges in implementing it. Faculty, staff, students, and parents all demand permission to bring and use personal wireless devices on campus. The typical college student today has between two and five personal devices, including smartphone, music player, pc, tablet, and portable game console. In the face of this device invasion, the valuable campus network resources and data must be protected from unauthorized and malicious use. Enterasys Mobile IAM enables BYOD with complete security for the campus network and data. The context-based policy engine controls network usage based on up to 50 factors including user, device, location, and application. So high bandwidth can be provided to staff and students using VDI. High bandwidth can also be allocated to video for instructional use. Global classrooms on remote campuses as well as distance learning in general are fully supported. But administrative information is fully protected. Enterasys guarantees the Mobile IAM implementation; it is smooth to install and won t require any additional staffing to the already-stretched higher education IT department. The network and all devices are managed with a single pane of glass. Devices can be automatically provisioned based on the pre-determined policy.
Mobile IAM for Healthcare The integration of wireless into the clinical workflow has brought an avalanche of new devices to hospitals tablets, biomedical devices, workstations on wheels, smart phones, VoIP wireless handsets putting the burden on IT to successfully manage patient care and staff-owned voice, video and data devices. Along with these devices comes the demand for anytime, anywhere patient and clinician access. Reliable and scalable mobile solutions are of paramount importance to hospitals, both large and small. Success will be based on their ability to deliver a consistent user experience. Today 80% of physicians own tablets and are seeking to use them in the workplace. Unrestricted usage could jeopardize private patient information as well as place an unacceptable burden on the network. Similarly, both patients and guests request to use their personal wireless devices while they are in the hospital. All of these devices potentially share a network environment with critical hospital wireless devices including location tracking systems, telemetry, and biomed devices; each with their independent needs for security, quality of service, data access, and bandwidth. With Enterasys Mobile IAM network resources are allocated based on up to 50 different considerations, including user, device type, location, and application. This means that a doctor can get high bandwidth to his ipad for VDI and video. He ll be able to securely check on patient data. Biomed devices will get high priority and the bandwidth that they need. Guests can easily log on to the network, but their bandwidth will be controlled and they will get no access to hospital data and devices. And all of these capabilities are simply managed with a single pane of glass, without putting additional demands on the hospital s limited IT resources. Enterasys Mobile IAM dynamically maintains a list of authorized users, devices, and locations to provide zero-effort onboarding and predictable, secure application delivery. WANT TO LEARN MORE? Enterasys BYOD Done Right is the maximum solution with the minimum risk. For additional product and services details please see the Enterasys Mobile IAM datasheet. To learn more and arrange a demo, contact your local Enterasys sales representative, an authorized Enterasys partner or visit www.onefabric.net. 2012 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information. 04/12