BYOD Security: Going Beyond 802.1x

Today, businesses of all kinds are being forced to take a hard look at how they manage access to their network. Employees want to use the latest mobile device. Temporary workers and/or consultants need access to certain resources. Guests want to go online.

Leaving the door wide open for anyone, using any device, is a recipe for disaster.  In certain industries, such as retail, where credit card and identity theft are rampant, it can expose you to major losses and penalties. But every business, regardless of the industry they are in, risks loss of information and disruption on the network if they do not put network access controls in place.

Many businesses mistakenly think it’s enough to simply use the user name and password that are part of the IEEE 802.1x standard. The problem is that 802.1x wasn’t designed for the world of Bring Your Own Device (BYOD). In a BYOD environment, you need to identify characteristics about both the user and the device. Also, while most new devices are equipped for 802.1x, they may not be configured or configured properly. For all of these reasons, relying on 8021x is not enough.

That’s why more and more companies are implementing centralized network access control (NAC) solutions. These are available from a range of providers—for example the one from Avaya is called Identity Engines.

Using a NAC solution, you can pre-establish identities or roles for people and devices.  You can set up policies for guests, business partners, employees, the type of device being used, etc. Instead of manually checking the credentials and configuring each user or device one by one as they seek access to your network, the NAC does it for you.

For example, you might set a policy so that an employee in human resources with responsibility for sensitive personnel issues gets unrestricted access to any location on your network, but only if their laptop complies with the appropriate security policy.

Other non-HR employees may get broad access, except for personnel and finance records, but the requirement for security software on their device may be different.

Business partners may get a different level of access—for example only to specific projects.

You can set different policies to take effect based on where a person is working—outside or inside the enterprise

You can set the policy so that an employee using a device issued or managed by your enterprise can get access to your network directly.  However, if the employee is bringing in a new or unmanaged device (i.e., BYOD), they are redirected to a portal (much like the portal you often encounter when staying in a hotel). Their device gets vetted and a decision is made to allow or deny the connection.

Employees or business partners can also be presented with a dissolvable application. This is software that is accessed via a portal and automatically configures the device based on your rules. It then “dissolves”: it doesn’t remain on the client device.  This is a great way to easily configure a large number of devices, for example to bring all employee laptops in compliance with a new 802.1x security policy.

More and more NAC solutions are appearing on the market as the BYOD phenomenon keeps growing. When you pick one, make sure it can work with your existing network infrastructure (wired and wireless) and directories. Your goal is to combine flexibility and control: there are going to be lots of different people and devices seeking access to your network. You want to be able to easily accommodate the safe ones without driving yourself crazy trying to identify the problems. 


For more information, check out this Avaya whitepaper;

And this IT guide to BYOD

Why You Need to Take Tablets Seriously

Six months ago, Microsoft gave its imprimatur to the tablet craze by introducing Surface™  and making a rare foray into hardware manufacturing.  Does the endorsement of the enterprise software leader mean that tablets are here to stay as an enterprise tool?

Yes—but Microsoft’s entry just adds to the momentum.  Tablets for business use have taken off. The form factor, the easy swipe and flick interface plus the rise of more cloud-based services are all coming together to drive the tablet juggernaut.

Forrester predicts sales of 375 million tablets in 2016 with business users accounting for a third of all purchases. ( Already, according to Forrester, about 25% of computers used for work globally are tablets and smartphones, not PCs.  In December 2010, a survey by Citrix found that 13 percent of respondents already considered the iPad “mission critical” for their jobs, and an overwhelming majority said their organization grants them access to corporate resources on the device. The software company SAP AG has distributed about 14,000 tablets and plenty of other businesses are following suit.

Tablets are cannibalizing the PC’s domain. When the only option was a PC, you used a PC for everything. Tablets are simply better for some things:

  • Quickly accessing information
  • Entering very limited amounts of data (e.g., complete service orders )
  • Routing data
  • Delivering presentations
  • Working in groups—sharing information
  • Sharing information, such as with a colleague or a shopper on a storeroom floor
  • Conducting videoconferences and online meetings with remote workers and road warriors

Many enterprise vendors have begun to offer tablet versions of their software. Brand names like SAP, Oracle, and MicroStrategy are just a sampling of the vendors now openly offering iPad versions of their solutions.

Vertical markets are also playing a large role is embracing tablets.  Adobe Digital Marketing Insights found that tablet users spend over 50 percent more for each transaction at an online retailer compared to smartphone users and 20 percent more than traditional computer users.  (

Health care is another example. In the highly mobile hospital environment, information is shared faster and people stay in touch more easily. Practitioners with an application on their tablets can more easily and quickly handle alerts, test result notifications and stat requests. They can instantly see who is available at any time and contact them.

Finally, demographic changes are behind the shift to tablets. For digital natives – just now entering the workforce – using a tablet for many tasks just makes sense.

Analyses of early adopters of iPads in business show a shift in usage patterns. For example, according to Gartner (, a large sales force that deployed iPads discovered that people were spending 20% more computing time total per day when they used a tablet, a smartphone and a laptop than if they were using a smartphone and laptop alone. Laptops were relegated to less-frequent (but longer) sessions, and users were reaching for tablets frequently throughout the day.

The transition to tablets in the enterprise is not without its speed bumps. Security is an issue. Apple’s iOS still isn’t as tight as the fated BlackBerry. iTunes does not make widescale corporate deployments easy. In Here Come Tablets, Here Come Problems ( The Wall Street Journal recounted some of the problems businesses have encountered, including:

  • Tablets not being rugged enough for some situations
  • Traditional computer programs that won’t work on tablets
  • Documents sent from a computer to a tablet ends up losing some key characteristics

These and other challenges have to be overcome. But the widespread nature of these problems—coming so soon after tablets have hit the market—are themselves evidence of how pervasive and critical tablets already are in business.

For more about how today’s mobile devices are helping to drive a new wave of innovation, see the Forrester whitepaper–Mobile Solutions Connect Information Workers To Collaboration And Innovation Processes at

For a good example of the kind of mobile app that’s helping to support new levels of mobile collaboration, see this brief demo of the Avaya Mobile Collaboration Solution for Small and Midsize businesses:

What is SIP and Why It’s a Big Part of Your Future

You may have already heard of SIP. And if you haven’t, the chances are good you will very soon.

SIP is a communications protocol that is becoming extremely popular. How popular? Consider this: Infonetics ( reports that in 2011, telco companies saw their revenues from SIP-based services jump 128%. So, even if you are not yet thinking about how to use SIP in your business, the chances are good that one of your competitors is ahead of you.

Very simply, SIP—the initials stand for Session Initiation Protocol—radically simplifies communication between people, places, devices, applications and services. Just about anything that can be tagged with an IP address can be connected via SIP. It simplifies how quickly people can connect and collaborate. And it eliminates the need for a lot of phone lines and extra hardware. In fact, many Avaya customers have reported a return on investment (ROI) of 6–12 months by investing in SIP-based solutions. To get a quick sense of the savings you can gain by moving existing voice circuits to SIP, try the Avaya Flip to SIP calculator at

But what makes SIP so revolutionary is not simply its ability to save money. SIP changes how you think about using communications in your business. Here are six SIP scenarios. See if any apply to you:

You have multiple business locations. Each one must have a local phone number. But you want calls to those locations to get routed to a central service center where they can be more efficiently handled by people with the time and training. In the past, to get this kind of capability you might have had to rent 800 numbers and/or extra lines that sat unused most of the time. SIP gives you the best of both worlds: local presence and the cost efficiencies of centralization.
You have a mobile phone, several e-mail addresses, a bunch of landlines and a slew of IM contact names. You are tired of giving out all your contact information. With SIP you won’t have to: SIP establishes an “address of record”—an AOR—that provides a single, unifying identifier as your “public address.” People can reach you without having to know each of your unique device addresses or phone numbers.
You find it annoying to keep letting people know about your availability, i.e., “for the rest of the day, call me on my mobile.” Let SIP do this for you. SIP can make call-routing decisions for you by checking your calendar or seeing when you last checked your e-mail or used your mobile phone.
You are handling a conference call from your hotel room, but have to check out and want to keep the call going on your mobile. Or, you are on your mobile, but need to view a document and would like to transfer the conference call to your tablet. SIP makes all of that possible.
You operate a customer service operation using agents working from home. You want them to be able to serve customers using e-mail, instant messaging, Web chat, video, or a phone call. Rely on SIP to make it happen.
You use various programs in your business to keep track of sales, inventory, production scheduling, etc. When a problem arises, i.e., a shortage in a particular part, you would like to have a click-to-conference button on the program itself so you can quickly see who is available, initiate the call and share the application. SIP makes that possible. In fact, many applications using dynamic linked libraries (DLLs in Windows and shared libraries in Linux) are ready to be connected using SIP.
Right now, a lot of businesses are looking to SIP to save money by using a single IP pipe to their provider for voice calls and reducing or eliminating recurring network charges. But that’s really just the start. The current uptake in SIP services is an indicator of what the future holds: SIP is big.

Want to learn more. Avaya has prepared a great introduction that’s an easy read. Get the free download of SIP for Dummies at

Mobile Collaboration—Who Needs It in Your Company?

Mobile workers are no longer the “road warriors” of yesterday—salespeople and executives who spend more time on the road than not. These days, all kinds of iWorkers (as the consulting firm Forrester calls many of us) are constantly blurring the lines between being on duty and off.

Because mobile, unified communications is going to be a significant focus for investment, you want to make sure you are allocating your spend in the right places.

Yes, everyone in your business can benefit from mobile communications and collaboration. But different kinds of workers will find themselves working in different situations more often than others.

Forrester recommends spending time to make a full assessment of the types of tasks that mobile and remote workers are performing. This will define the required capabilities.

Typically, you will focus on solutions that enable mobile workers can use to resolve issues and answer questions more rapidly.

Don’t expect immediate results.  To drive effective adoption of mobility use early adopters—executives, sales team, and field forces—to be evangelists for the rest of the firm. And remember to back up your efforts with training and communications support.

To help you in your efforts, Avaya has developed a guide to Getting Mobile Collaboration Right.

It recommends that you factor in the needs of employees that fit one or more of the profiles below.  Each has its own unique requirements, but they can all benefit from the improvements delivered by mobile communications and collaboration.

Power Users: These employees often work on a laptop computer and are as comfortable working in the office as they are out of it — from their home or car, at the airport, or in a coffee shop. They need to be accessible no matter where they are.  In their eyes, mobility is mission critical.

Highly Mobile Employees: These workers may not have a laptop, but they are frequently out of the office — either meeting with clients or roaming around your facility. Typical examples of this user include sales reps, accountants, attorneys, real estate brokers, manufacturing workers and healthcare workers.

Full time Teleworkers: These employees don’t have an office in the traditional sense; they work from home exclusively. They need communications tools that make them just as accessible and responsive as employees who work in the office.

Office Workers:   People who primarily work in the office were the prototypical deskphone user. In today’s high energy work environments they can also benefit from communications and collaboration tools to ensure they work faster and smarter, and are as productive as possible wherever they happen to be—whether in their office, in a conference room or waiting for a train or bus on the commute home.

Are You Ready for a Pop-up Branch Office?

The need to have a physical office space where employees do their work has been under revision for years as more companies opt for telecommuting and home office working arrangements.

Now, this same thinking is being applied to traditional branch office expansion strategies.  Companies are now looking at what are called “pop-up” or “ultra-light” branch offices with an expected lifespan measured in months or a few years, at most.

To minimize IT costs, the pop-up branches rely on cloud services, IP-based communications solutions, mobile communications (both company- owned or BYOD), tight user authentication and security processes and remote management.

Interestingly, these branches often get Internet access via consumer and/or wireless as prices continue to decline and reliability increases.

They are also taking advantage of 802.11n-based WiFi solutions to get practical and high-performing multimedia communications. According to a recent Nemertes report, 802.11n “makes WiFi acceptable as the sole means of connectivity for laptops and desktops.”

Heightened security is critical to any pop-up branch strategy. IT will have to implement authenticated network access at a minimum, but also more robust health checks (i.e., is the device properly configured with antivirus software, firewall, etc.) and flexible virtual LAN management.

An alternative to the pop-up branch is the completely virtual branch.  Back in 2008, UMTB, Israel’s third largest bank, gave customers the virtual branch option. Those who enroll cannot get service at any of the bank’s physical branches, with the exception of using teller and ATM services for deposits and withdrawals. In return they have access to one-on-one phone support, e-mail, live online chat, extended service hours and a range of online tools to manage their interactions.  About 6,000 customers have opted for the virtual branch—not big numbers, but the bank says it is satisfied and some other Israeli financial institutions have followed suit.

For more on pop-up or ultralight branches see the full Nemertes report at

Avaya has also posted a wide range of source materials on BYOD and mobile strategies.  Go to

A Secure BYOD Strategy

Wireless devices are making their presence felt in every business. From smartphones and touch screen tablets to handheld video conferencing tools and traditional laptops, these devices enable employees to perform critical business functions at any time and any location.

That’s why more companies are embracing Bring Your Own Device (BYOD) strategies, enabling employees to choose the tools and in some cases,  move completely away from devices like desk phones and desktop PCs—both long considered to be indispensable.

But if businesses are not careful, BYOD can quickly turn into ‘bring your own difficulties” inviting a wide range of security issues. The challenge is to balance the need to control access, but not limit employee flexibility or create an onerous management burden for IT.

Organizations know that employees’ personal mobile devices are getting onto their networks, but, based on a recent study by the SANS Institute, only nine percent of organizations surveyed were “fully aware” of the devices accessing their networks, and only 50 percent were “vaguely or fairly” aware.  (Learn more about the SANS study at

Many mobile devices support 802.1x (an IEEE Standard for port-based Network Access Control), though  often it is not enabled.  Also, many smaller companies without the IT resources find it too onerous to be configuring their network to control access via 802.1x.

One way to solve the BYOD challenge is to centralize management of your access, authentication and security controls. A centralized, standards-based, policy server deployable over any underpinning network infrastructure allows administrators to quickly and easily add devices from a central hub and even assign multiple devices to a single user.

A centralized solution gives you full visibility into who has accessed the network based on a combination of user identity, device type and location. If an employee brings a new device, it can get validated by comparing the user credentials and device attributes against corporate directories. Network access can be limited to all or select resources.

A centralized approach simplifies the process of providing guests wireless Internet access. For large events such as conferences or expos, enterprise staff can administer guest policies in bulk, eliminating the need to manually set guest preferences and rules. To ensure that guests don’t outstay their welcome, these credentials automatically expire at a specified date and time.

Avaya provides a range of centralized security capabilities through its Identity Engines portfolio of security solutions.  Many of these capabilities have traditionally been limited to large enterprise installations, but now much smaller organizations are taking advantage of them implementing them on networks with the Avaya Ethernet Routing Switch (ERS) 3500, a compact Ethernet switch designed exclusively for small and midsize enterprises and remote branches.

Putting a Lid on Mobile Communications Costs

Having a cell phone started out as a convenient way to keep in touch. Now it’s a business necessity. Spending on mobile devices and communications is growing rapidly:

  • Smartphone sales are poised to outstrip that of PCs and laptops, if they haven’t already.
  • Data traffic on mobile networks is growing at exponential rates, driven primarily by rising consumer adoption of video streaming services.
  • Location-based services (LBS) are coming into their own, which will drive even greater use of mobile communications.

To manage your growing reliance on mobile communications, look for opportunities to control your costs.

Evaluate the plans: Mobile service providers are increasingly looking to tiered pricing plans, enabling you to choose solutions tailored to your specific needs. Options such as zoned billing, flat-rate unlimited plans and free mobile-to-mobile are becoming part of the mix. Maximizing your buying power may mean shifting to a primary provider for everyone in the firm.

Analyze your usage: Before choosing a plan, take the time to closely analyze the ins and outs of your mobile usage:

  • Examine actual employee activity to better understand costs, usage and patterns. This can be the first step in controlling costs and/or changing user behavior.
  • Make sure you are paying for services you are actually using. Unused minutes, extra usage fees, roaming charges as well as unnecessary purchases, such as software or ringtones, can all add to your mobile bill.
  • Consider providing an accounting to employees. Making individuals more aware of how they are using their mobile devices is always a good idea.

Look at the alternatives: In business, it’s estimated that well over half of all mobile usage occurs within the halls and walls of the enterprise, where alternate solutions exist and where a user’s desk phone may be only a couple of feet away. IP-based communications solutions for small and midsize businesses, such as Avaya IP Office (, provide a way to better manage mobile costs, such as

  • Handling incoming mobile calls on landline phones when convenient. You can pre-configure the system to push the mobile call to a ‘free’ landline phone in real time.
  • Eliminate services (e.g., mobile voicemail, conferencing services or text messaging) that are better handled through IP Office.
  • ‘Business-enable’ personal phones or laptops with softphone to take advantage of Wi-Fi hotspots in airports, hotels, coffee shops, etc. For a business traveler, this can result in large savings.

La Nina 2011-2012 is coming- and it’s going to be rough. Are you ready?

According to their website, The Long-Range Forecasting Team is predicting another brutally cold and snowy winter for a large part of the country, thanks in large part to La Niña… yet again.

La Niña, a phenomenon that occurs when sea surface temperatures across the equatorial central and eastern Pacific are below normal, is what made last year’s winter so awful for the Midwest and Northeast. Monster blizzards virtually shut down the cities of New York and Chicago. Last winter was one of New York City’s snowiest on record.

La Niñas often produce a volatile weather pattern for the Midwest and Northeast during winter due to the influence they have on the jet stream. The graphic below shows the position the jet stream typically takes over the U.S. during La Niña.


Winter 2011 2012

It doesn't look so good!!!

So, besides dealing with a lot of snow and ice, what does this mean for your business and how are you preparing for it?

Here are some valuable thoughts on what you should be doing for communications continuity planning.

1. Employees: Do you have a method to notify employees about snow days – when not to come to the office? It may sound mundane, but if you don’t, then the costs can be significant as soon as hourly employees start clocking in on days that the business is closed.

Suggestion:  A written policy that is communicated to all employees about snow days that includes:

Will they be announced by an email or by a phone tree?

Who will be sending the email or making the calls?

When will this be determined?

How will at home employees be compensated?

What work activities are they expected to do from home?

2. Customers: How will you notify your customers that your business is closed?

Suggestion: A written policy communicated to your key sales staff

Will you announce via an email or phone tree?

Who will be sending the email or making the calls?

How will your automated attendant greeting be changed? By whom? Saying what? When?

 3. Practice Beforehand! Don’t wait until your first snow day to practice implementing your plan. You should have a dry run

If you are using emails to communicate to your clients, make sure that the database is accurate. Make sure that the phone numbers for employees are accurate.

Make sure that you can change greetings.

Recommendations: Did you know that IP based systems and can enhance your ability to function on days when you can’t get to the office? Either our Allworx System, Avaya or S-NET Hosted Solutions can enable your work at home employees to log in remotely and work as if they were in the office. When combined with remote login capabilities on your network, your employees can work – answering calls, dealing with clients as if they were at their desks.

It looks like it is going to be another long, hard winter. We know what to expect – but the key is getting ready in advance. I remember the story about an out of work actor who finally got a one line part in a play. He had to say “Hark, I hear the cannons roar”. This actor practiced his line- on the subway, walking to the theater, in make up. Finally, he gets on stage, hears a loud BOOM- and yells “What the hell was that!?”. Moral of the story: Don’t wait until Mother Nature drops a foot of snow overnight. Make sure you have a plan that has been practiced and works!

Cutting the Cost of Mobility

Spending on mobile devices and communications is growing as more and more people demand anytime-anywhere access to each other.  Consider this: while economic data shows personal consumption expenditures from 2007 to 2010 (including the heart of the economic turndown) slowed to a modest 2.9 percent growth, spending on mobile devices increased at a 17 percent rate. The growing cost of mobility is getting the attention of anyone who worries about budgets, as well it should.

In business, it’s estimated that well over half of all mobile minute usage occurs within the halls and walls of the enterprise, where alternate solutions exist and where a user’s desk phone may be only a couple of feet away.

So what can enterprises do to embrace mobility and take advantage of the productivity benefits it brings without incurring the high costs? For small and growing businesses, Avaya IP Office offers a number of options for better managing your company’s mobile phone charges:

  • Avaya IP Office allows you to handle incoming mobile calls on landline phones. You can pre-configure the system to push the mobile call to a ‘free’ landline phone in real time.
  • Avaya IP Office allows you to eliminate redundant services (e.g., mobile voicemail, conferencing services or text messaging) because you can get these capabilities through IP Office.
  • IP Office makes it easy for employees to ‘business-enable’ their personal phones if and when required. No client needs to be downloaded; you can simply enlist your personal device for business use when needed (e.g., to use enterprise dialing or search the corporate directory). The business does not have to pay for the cost of the mobile device and the user gets to keep their preferred device.
  • Many enterprises have Wi-Fi or WLAN networks allowing employees to stay mobile within their workplace. Wi-Fi hotspots are also commonplace in many public places such as airports, hotels, coffee shops, etc. the user can move all communications over Wi-Fi. For a business traveler, this can result in large savings.

The Agency Group, a global talent agency with offices in the U.S, Canada and Europe recently implemented a mobility solution using Avaya IP Office and chalked up savings of around $50,000 a year. See the video at

Upgrading your office communications: Is it worth it now?

Deciding whether and when to upgrade your communications is a challenge for every small and growing business. Today’s new communications solutions offer many advantages, but are they worth it? What’s the best way to make an intelligent judgment? Here are three options to help answer that question:

Survey employees: One strategy that many businesses use is to survey their employees. Employees are a great source of insight. Complaints that ring true in terms of impact on the business—lost productivity, poor customer service, and unnecessary costs—may give you all the information you need to build a case for an upgrade.

What If?: Another option is to play a bit of “What If?”: what would be the impact on your business if your communications gave you:

  • The ability to recognize your top customers and route their calls for priority attention
  • Enable your employees to give out one number—their work number—and get their mobile phone, office phone, home phone, etc. all working together
  • Get built-in call recording for analyzing customer service or simply catching everything said on a critical call
  • Eliminated the need for outside conferencing services

Many companies that upgrade their communications report that the impact is huge, but they really couldn’t “see it” when they were just getting by with an older system.  Playing a bit of “what if” can help identify real benefits.

Calculate the Value: Perhaps the best way to determine if an upgrade is worth it is to take a cold, hard look at the finances. A new communications system can lower the costs of long distance, mobile phone plans, conferencing services and more. It can eliminate the need for technicians to visit your company for routine system administration and reduce the time that employees (such as front desk personnel) devote to answering the phones. It can help make your business greener, giving options for employees to work from home:  cutting energy costs and possibly the cost of office space.  These savings can add up to tens of thousands of dollars a year. An easy way to calculate your savings is to use an online calculator.  Avaya has one for its IP Office solution at

Also, when you upgrade from an older Nortel or Avaya solution to Avaya IP Office, Avaya offers a way you can save as much as 60% of your original system investment. To learn more, go to