Head of Product Richard Beeston looks at IT challenges within the financial services sector.
Working environments have changed. The days of desktop PCs hardwired into dedicated network ports are moving away from many workplaces. More and more people and employers are moving towards mobile devices and flexible working locations. While this can often greatly increase employee satisfaction and productivity, it can open up new challenges for a company’s IT and security teams – especially in regulated industries such as the financial services sector.
Wireless networking has long been the enabler for the move to mobility. Many years ago it was often the privilege of the exec team to have WiFi devices, but now these devices are ubiquitous and expected. Visitors to offices also expect connectivity so they can conduct meetings, send emails and do business while they are there. This simple-use case kicks off the conversation about the network and its security. From an IT perspective, would we really want guest/visitors devices on the same network as our staff, our devices, our printers and servers? No of course not, we don’t know the visitors’ device, whether it’s safe, what it’s going to do and how it’s going to do it. So we need to separate them.
Firstly, we need to think about network design and probably give guests a separate network to join when they connect to WiFi. Next, we need to think about how these devices connect. We could have a shared key that’s given out by reception when the guests arrive. If that’s a shared key though, that won’t allow us to track individuals. Giving each guest a key is feasible but puts a burden on staff to create and hand out keys.
Introducing Aruba ClearPass
The logical answer is to use a self-service guest portal such as the one that can be created with Aruba ClearPass. With this tool, guests can be enrolled onto a network via a registration/login process, their traffic can be encrypted and policies can be enforced to make sure they can only do what they are supposed to do. All this activity is fully-auditable for compliance purposes and can be set up well in advance of an actual guest joining the network.
The same methods can be applied to employee devices as well. ClearPass can be used to identify specific device types on your network and apply policies to them. This can be used for guest, employee and IoT devices alike. In the case of employee devices, ClearPass can be used to authenticate the users’ device on the network and based on the users’ privileges give the user and their devices access to specific resources.
For instance, all authenticated employees may be granted access to printers, however, only finance employees are given access to the finance system. This allows for a much greater level of reporting and segmentation on the network. Other functions can also be performed on a device that really lends themselves to regulated environments.
For example, we may deploy a policy that states devices that don’t have encrypted storage won’t be allowed on the network, USB storage can be disabled automatically and patches and fixes enforced. Devices can undergo automatic remediation or quarantine based on your security posture to ensure your compliance policies are enforced across the network.
It’s often the case that organisations believe that wired connections are more secure than wireless connections. This is not the case though. There are often very limited security policies on wired networks and it’s very easy for unwanted devices to be plugged into the network. These devices may result in a compromise to network security. By employing ClearPass and its OnConnect feature, wired devices can easily be categorised and dealt with against specific policies.
For example, an unknown device can automatically be quarantined on the network, while a known device can be authenticated against its device profile. The ClearPass solution along with the Aruba Introspect technology fingerprints network activity allowing for a much more detailed description of what’s happening on the network. This can help quickly identify any security issues and provide a further audit trail which is important in a regulated environment.
Aruba ClearPass supports industry standards and works in multi-vendor architectures, meaning that you don’t have to replace everything and start again.
Written by Richard Beeston – Head of Product at Daisy Corporate Services.