BYOD isn’t an option; It’s a necessity
The ubiquitous nature of mobile devices can throw a fork in the road for IT admins, especially those managing larger networks. Segmentation of your WLAN with the proper authentication protocols can be manageable for smaller networks, but what about if your network has hundreds or even thousands of users concurrenly logging on and off?
The benefits of implementing a BYOD policy are already widely known, but solutions can vary based on an organization’s industry, technical requirements, and underlying network infrastructure.
For larger networks (those with at least a few hundred users), however, we’ve found one solution to shine above the rest.
Enter, Cisco Identity Services Engine
Cisco Identity Services Engine (ISE) is BYOD management solution that allows IT admins to create highly secure access control policies in a centralized place. These policies can be applied to wired, wireless, or VPN networks.
Cisco ISE enables tight control over who is accessing your network through its accurate device identification, profiling, and posturing. With Cisco ISE’s device identification technologies, IT admins can not only create policies based on device types but also more granular variables like firmware versions, thus helping you keep your network secure.
Finally, Cisco ISE allows for simple guest onboarding so that network “outsiders” don’t need a Network Engineering degree just to get WiFi.
Why Cisco ISE Is Perfect For The Enterprise
The general benefits of Cisco ISE become much more worthwhile when it comes to enterprise applications. Cisco ISE really shines in industries like healthcare or finance where granular access policies are needed just to maintain compliance in critical day-to-day business operations.
Regarding enterprise applications specifically, here are the three reasons why Cisco ISE is perfect for IT admins of larger networks:
Benefit #1: 802.1X Authentication Compatibility
802.1X compatibility is a popular reason why enterprise clients choose Cisco ISE as their choice solution. 802.1x WiFi authentication allows IT pros to keep their networks safe from rogue APs playing the “man in the middle” attacks. Also, client-side authentication is needed to access the network, which is done by delegating a username and password for each user that needs access.
This is where Cisco ISE takes things a step further for 802.1x authentication; It allows for higher level policies not only based on login credentials on the client-side, but also through unique device identifiers.
Overall, Cisco Identity Services Engine acts as an endpoint-level access control solution to help keep networks using 802.1X authentication safe.
Benefit #2: RADIUS and TACACS+ authentication
Many IT admins we work with utilize Cisco ISE as a RADIUS server and TACACS+ server. TACACS+ is now supported in Cisco ISE 2.0 and later, which gives enterprise organizations more granular control around their authentication procedures. This is a plus for network infrastructures that may have varying requirements for authentication and is a very commonly used feature of Cisco ISE.
Benefit #3: Ability to Scale & Ease of Use
While Cisco ISE may not make sense for smaller organizations (especially those using TACACS+), for larger organizations, we have seen Cisco ISE easily handle tens of thousands of devices in an hour with minimal management overhead. Once everything is configured and put into place, everything runs on its own, making the life of IT admins much easier.
Although the degree of ISE’s configuration can vary based on your unique requirements, on the user’s’ end, things are relatively simple. Guest portals are easily configured, and we’ve seen organizations execute SMS confirmations to take things a step further. This makes ISE extremely popular for wireless implementations that require both guest access and internal wireless authentication.
Is Cisco ISE Right For Your Organization?
Cisco ISE’s network access control platform is perfect for organizations that need to build very granular BYOD policies. The out-of-the-box features of Cisco ISE make it flexible for organizations of all sizes, but from what we’ve seen, larger organizations can take advantage of Cisco ISE to a greater degree, primarily due to cost.
If you need help evaluating Cisco Identity Services Engine as a potential BYOD management solution for your enterprise network, give us a call here at CTC Technologies. Our team of experienced Cisco ISE engineers routinely travel across the United States to help organizations such as Fortune 500 companies successfully design, configure, and deploy Cisco ISE into their existing network infrastructures.