In the last year, the term bring-your-own-device (BYOD) has become increasing popular as a way to describe access control to corporate networks. Five years ago the term, network access control (NAC) was just as prominent. So where is the intersection between BYOD and NAC?
Juniper’s new policy approach
According to Juniper Networks, their new policy approach helps enterprises evolve NAC, (known in Juniper’s parlance as unified access control or UAC) to embrace the BYOD phenomenon.
“We’ve now completed the integration, from a policy perspective, between the Junos Pulse unified access control system and our wireless LAN Controllers, EX switches and SRX gateways, ” Alex Gray, senior vice president and general manager, Campus and Branch Business Unit at Juniper told
Those policy “verbs” can provide context into what device an end user has, what applications they are using and where they are located. The effort is an extension of the Simply Connected portfolio of switches that Juniper launched in September of 2011. The initial launch did not include support for the SRX security gateway, which is now being added as a key enforcement point.
“While the trend of BYOD is a concern that is being driven by the influx of mobile devices on the network, it’s not the only network concern,” said Tamir Hardof, director, Product Marketing, Campus and Branch Business Unit at Juniper. “BYOD is only one of the corporate network concerns along with traditional and guest access.”
Traditional and guest access are items that UAC and NAC solutions have been delivering for years. In Hardof’s view, UAC is an umbrella that could cover both corporate owned or employee owned devices in theory. There is however another key difference however between the NAC solutions that first showed up five years ago and the modern BYOD trend.
“Five or six years ago we were mostly dealing with Windows machines and things that weren’t mobile,” Grey said. “Now we’re dealing with multiple operating systems and mobility.”
There is now also a distinction across different types of devices when it comes to policy. In a BYOD network, there are corporate-owned, employee-owned and then guest access. As such, there needs to be a more granular policy based on device and the user role.
“You could argue that BYOD is UAC on steroids,” Grey said.
The other difference that Juniper is now providing is full application visibility, which is something that wasn’t present five or six year ago. Juniper’s networking equipment now includes a feature called AppSecure that provides next generation firewall (NGFW) capabilities. Those capabilities include the ability to have context based security that is aware of the applications that are being accessed.
Going a step further, Juniper has also embraced the Interface for Metadata Access Point (IF-MAP) standard for years to share secure information across compliant devices. As such, any compatible device, whether it’s from Juniper or not, could potentially be part of a fully secured UAC BYOD deployment.
SRX550/100 hardware lineup
In support of the broader BYOD approach, Juniper is also expanding its hardware lineup with new SRX security gateways. The SRX550 can support up to 40 Ethernet ports. At the other end of the spectrum is the SRX100, which is Juniper new entry level security gateway appliance that has an eight port configuration.
“The SRX series boxes are the Swiss-army knives of security and routing in branch and campus environments,” Grey said.