When Cisco integrated our Identity Services Engine (ISE) platform with leading mobile device management (MDM) systems, it was clear from the start that we had struck a chord among IT administrators trying to wrestle with the onslaught of employee-owned mobile devices accessing their networks. First and foremost for IT organizations was gaining visibility to all mobile devices — rogue or authorized — that were present on the wireless network. Cisco ISE delivered that capability, providing IT staff with a detailed view of what types of mobile devices were on the network. Coupling that with ISE’s native BYOD enrollment capabilities or the active management capabilities of MDM platforms — as well as network intelligence from the Cisco Wireless Network — was key to gaining full control over this Wild West of mobile devices
The integration of MDM solutions and Cisco ISE provides flexible, yet comprehensive network-wide controls needed to secure a BYOD environment. With ISE/MDM integration, no rogue devices can connect to the network. Instead, ISE is able to uniquely identify mobile devices trying to access the network and then check with our partner MDM solutions to determine whether those devices have been registered with the MDM. A device registered with MDM ensures a solid baseline of security and policy compliance. All of this is accomplished while still providing an integrated device onboarding experience between the two systems.
ISE can also leverage MDM platforms for detailed, on-going compliance checks as well, like whether the mobile device has the right security settings or if the right (or prohibited) applications are installed. Any device not in compliance can be placed in network quarantine until the device is remediated. Application control is offered at a variety of levels to empower the end user to access appropriate applications and data while simplifying IT’s life. This joint solution extends the endpoint control capabilities of MDM to the network and leverages Cisco ISE to exert its policy control over network access. It’s a win-win for mobility.
Ensuring secure BYOD network control is not a one-size-fits-all proposition, though. Through our MDM integration partners — AirWatch, Citrix (Zenprise), Good Technology, MobileIron, SAP Afaria… and our newest partner Fiberlink — customers have a number of great deployment options. Cloud-based, on-prem, and everything in-between. But Cisco is adding another option to the mix: fully-managed BYOD via Cisco Mobile Collaboration Management Service (MCMS) and its integration with Cisco ISE.
Cisco MCMS is a cloud-based managed mobility service from Cisco Advanced Services (AS) that provides mid to large enterprise customers with the ability to rapidly roll out and secure a business collaboration experience on smartphones and tablets. This turnkey solution offloads the burden of rolling out a BYOD infrastructure from IT organizations to Cisco. This deployment approach leverages Cisco AS expertise and best practices, allowing IT to focus on other areas vying for their attention.
Cisco MCMS offers a robust mobility management platform with the ability to rapidly onboard devices, centrally manage policies, create a customized enterprise application catalog and securely distribute content. Cisco MCMS also integrates with enterprise security, identity, email, and mobility infrastructure for seamless enterprise mobility and collaboration on both campus WLAN and carrier networks. For those needing customization, there are also APIs to facilitate integration between the mobility environment and the rest of the IT infrastructure.
With the addition of Cisco MCMS to the catalog of integrated ISE/MDM solutions for securing BYOD environments, there’s a deployment model to suit any BYOD rollout. For more on Cisco’s MDM approach, see Consider the Best Approach for Your BYOD/Mobility Environment.
UPDATE: Cisco TechWise Sheds More Light on MDM
Learn more from TechWiseTV’s Chief Geek, Jimmy Ray, on MDM and “…the match made in networking heaven….ISE & MDM”. Imagine what the power of device and network intelligence can do for you!