One of the biggest challenges faced by the enterprise world today is how to overcome the security issues faced in many of the enterprise organizations. The early adopters of the BYOD strategies have learnt their lessons the hard way – a plethora of mobile devices in the enterprise result in huge demand for authentication and authorization framework caused by the sheer volume of devices and each device’s varied authentication interface.
Network access solutions require user friendly and easily deployable secure authentication mechanisms. These demands highlight the need for strong authentication protocols that enable the use of multiple client credentials. Furthermore, with large network deployments it’s typical to have many authentication servers, which could be sidestepped if the authentication server’s per client state requirements are minimized. Likewise, most of the mobile devices in the BYOD deployment are limited with their computational power and resources. Invariably, computationally light but highly secure and flexible authentication protocols are vital to the success of any organization adopting the BYOD strategy.
According to a recent Forrester research, 78% of enterprises in North America and Europe cite updating their security technologies and processes to support mobile interactions as a high priority. Moreover, with BYOD programs gaining momentum, 68% of organizations believe that it’s imperative to support a wide variety of mobile devices and platforms. Gartner predicts that by 2017, more than 50% of enterprises will choose cloud-based services as the delivery option for new or refreshed authentication implementations and that more than 30% of enterprises will use contextual authentication for workforce remote-access. Unquestionably, the need to support varied mobile devices and effectively manage their security and authentication is key for any enterprise organization.
Conjuring some of the failure scenario’s lacking a flexible authentication mechanism is definitely not for the weak-minded. What if some of the traditional authentication servers fail? How many smartphones or tablets would such a failure render incapable to connect to the network? What if there is a new application which comes up with a brand new authentication mechanism and some of the clients require support for this new application? What if some of the clients use weak username or passwords, thereby making them easy targets for man in the middle attacks or other malicious malware? What if there is a company merger or acquisition and now the organization has to support double the mobile devices?
Flexible authentication which allows multiple authentication mechanisms using single client credentials is definitely a means to the end. With growing network complexity and evolving needs for authentication, authorization and accounting, flexible authentication schemes provide low administrative overhead, easily deployable, user-friendly, efficient and secure means for enterprise network authentication.
Brocade’s flexible authentication mechanism supports three different authentication mechanisms namely, IEEE 802.1X authentication, MAC authentication or web based authentication mechanisms. While MAC authentication and 802.1X can coexist on the same port or act individually, web based authentication is over HTTP/HTTPS and acts as a fallback mechanism for 802.1X or MAC authentication. The flowchart shown below captures a high level view of the seamless interaction of these multiple authentication mechanisms providing a single successful flexible authentication mechanism for any enterprise organization.
For more details on flexible authentication mechanisms in Brocade’s campus products, please refer to the FastIron Security configuration Guide.