Thursday, 15 November 2012

Building BYOD part 4 - Choosing the right vendor

A Little History… 

2005 - Aruba and Cisco hit the market with "captive portal" technology that is prevalent in hotspots today.  Aruba's product was better.

2009 - iPhone arrives… Amigopod (soon to be acquired by Aruba) are the first company to market with a BYOD gateway with PKI integration, but it only supports iOS devices and requires SSID switching for client on-boarding.

2010 - Mobile Device Management solutions arrive offering alternative to WLAN vendor solutions for mobile devices.  Smooth profile delivery mechanisms. MobileIron, Airwatch, Good, Zenprise.

2011 - Cisco release Identity Services Engine, but are still behind Amigopod on development.  Other vendors introduce MDM through partnerships.  PPSK was been introduced as a better alternative to web login by Aerohive and Ruckus.

In 2009 vendors succumbed to the fact that there is a world beyond Windows.  The behaviour of mobile devices also made WLAN vendors realise they needed to find an alternative to web login… A raft of new MDM vendors also emerged.  The recent challenge has been to develop web-login portals that integrate with MDM agents to support multiple device types, operating systems and user databases.  The goal for all vendors it to be able to push EAP-TLS profiles and certificates to a wide range of OS - Windows, OS X, iOS, Android, Windows phone, etc.  But also to be able to support traditional web-login or PPSK solution for non-compliant devices and users.

BYOD portal technology is a logical progression from the basic web-login solutions of 2005.  The ideal BYOD portal product offers the following:
  • Single point of entry for all users
  • Highly customisable walled garden website
  • Traditional web-login for visitors
  • BYOD on-boarding options for employees
  • Client agents for profile delivery
  • Support for multiple OS
One thing I feel that is lacking in most vendor offerings is the ability to customise the portal for corporate branding and content delivery.  This is an important part of corporate identity that vendors haven't made enough effort to accommodate.  This may be explained by the aggressive recent development of BYOD.  In reality, vendors have struggled to develop their own BYOD solutions.  Several have partnered with BYOD solution vendors, or simply referred customers who want BYOD to MDM solutions.  

BYOD Vendor Options

Product maturity is the big question.  Not just in terms of the breadth of device OS support, but also through software development.  As you can see from the timeline, Aruba have a mature product with PKI integration.  Cisco have invested heavily in the ISE product and only in recent releases has the feature set and functionality become comparable to Amigopod.  

Both Aruba and Cisco offer BYOD focused security appliances with a multi-purpose captive portal with BYOD integration for IOS and Android.  Aerohive have also recently developed their own portal that offers MDM integration via the JAMF solution for Apple devices.  Meraki have stormed into the BYOD market with a multi-OS BYOD solution that offers an MDM/client app covering all major platforms (Win, OS X, iOS, Android).  This cloud-based "free MDM" approach is so easy to setup in comparison to all other vendors that the cost-savings are huge, not just in MDM costs.  My concern here is that traditionally WLAN vendors aren't focused on MDM.  Will they stay on top of development around bugs, security alerts, OS updates, etc?  Will their support teams be on-par with an MDM vendor?

A note on PPSK - Both Aerohive and Ruckus offer PPSK which is a big improvement over web-login.  This is going to be a great solution for most companies.  Though if tight security is a concern, I would be interested to know if they are able to tie a user to the client session for litigation against Internet misuse.

In Summary

For the last few years Aruba Amigopod and MDM have been the leading BYOD options.  There has also been an IOS exclusivity in the WLAN vendor space until recently.  Cisco have caught up somewhat with Aruba and other vendors are offering well-rounded solutions with less painful deployments. 

Finding the right solution for an organisation will be about taking all the info on board from this and previous blogs, putting it all together and cross referencing agains the vendor solutions.  Not an easy task... 

I do think that SME customers will quickly move away from vendors with appliance-heavy architecture.  Cisco and Aruba should be worried about innovative and agile vendors like Aerohive, Meraki and Ruckus coming in cheaper and winning customers.

No comments:

Post a Comment