The use of employee-owned devices for corporate activities goes back to at least 2009 when Intel introduced a policy allowing the use of privately owned devices to attach to the corporate network. This was seen as an employee friendly policy which allowed workers to choose their preferred device for work by-passing debates about Windows vs Apple or iPhone vs Android. Further, they reduced the overhead and capital costs for companies, who no longer had to purchase and manage a fleet of mobile devices. Today, these policies are common and frequently include a stipend to cover cell phones bills. There have also been tax rules issued which mitigate the risk of creating a taxable benefit for employees.
The increasing sophistication of cybersecurity threats has necessitated an escalating response by companies employing BYOD policies. Initially the focus was on segregation of data and controls on exfiltration of corporate data while leaving “personal data” untouched. Lost phones could be “wiped” remotely to prevent the theft of data and terminated employees could easily have their phones wiped of corporate data while preserving their personal data. VLANs were used to isolate BYOD generated data from the enterprise, business-critical network, even while sharing physical network infrastructure. This is only a partial solution though because ubiquitous Wi-Fi Access Point (WAP)s are not considered secure enough for the most sensitive data.
The threat environment has evolved to the point where virtual or logical segregation of BYOD devices on a secure enterprise network is no longer enough. Evolving wireless threats now mean that physical separation of BYOD networks from mission-critical enterprise networks is the only way to guarantee the security of sensitive corporate data. Today, most BYOD organizations are a rogue “app” away from a major breach of their secure networks. For many companies, this may ultimately mean reversion to the previous solution: Company Owned Units (COU) devices provided to employees. However, even with strictly defined rules for employees and limiting access to Wi-Fi, this solution is cumbersome, imperfect, and risky.
Over the past decade, cellular technology, which is the gold standard for secure, un-hackable communications between mobile devices and Radio Access Network access points (RAN), have evolved to the point where high-speed, highly secure, mobile networks can be deployed at a cost competitive to Wi-Fi. In addition, due to the efforts of the 3rd Generation Partnership Project (3GPP), equipment and protocols have been standardized with high security has been built in. The rise of the use of software-based SIMs (Subscriber Identity Module) also known as eSIMs has enabled an easy to deploy and manage secure alternative to Wi-Fi for enterprises. This offers the possibility of cost-effectively maintaining BYOD policies while “air-gapping” the BYOD network from the enterprise Wi-Fi used for laptops, printers, Teams rooms and other connected, corporate devices.
Why not just build a parallel Wi-Fi network completely separate from the enterprise network for BYOD?Private cellular networks offer security, performance, latency, flexibility, policy control and cost advantages over Wi-Fi.
Private cellular network technologies deliver very high speed, high security, mobility and low latency for both voice and data and can provide awesome speeds for mobile computing. Adding MOCN (Multiple Operator Core Network) gateways allows native voice calls on any carrier and the use of private core networks for secure cloud computing and data storage in edge data centers.
A traditional cellular based RAN (radio) can cost double a Wi-Fi access point and uses many times the floor space. The cost of many networks is tin the switch ports and licenses required to support the network devices. The more connections that are needed the more a private network makes sense.
As software eats telecom, network professionals embrace the introduction of cellular into the infrastructure as an opportunity to improve their knowledge of a rapidly emerging enterprise technology. The connection from the private cellular to the internet uses standard TCP/IP protocols which are well understood by enterprise IT teams. This use of the familiar TCP/IP network as the backbone has proven to minimize the support cost of private cellular networks.
Major mobile device manufacturers are embracing the migration from hardware SIMs to eSIMs. Apple began the trend with the iPhone 11 which supported 1 eSIM in addition to the hardware SIM that it came with. The latest generation iPhone 15 only uses eSIM technology and supports up to 8 at a time. This is important because it enables enterprise IT to manage and activate private cellular networks for any device within their enterprise network which supports eSIM. This includes mobile phones, tablets and watches and increasingly computing devices such as Microsoft Surface Pro and laptops from Dell, Lenovo and others. This offers the possibility of delivering an inexpensive (~$5 one time) eSIM for BYOD users and the reduction or elimination of stipends for those users.
The mobile phone manufacturers are embracing this new technology to the extent that features like Wi-Fi calling are being enhanced to allow similar authentication over private cellular networks to complete calls. This is in addition to the private network gateways which natively support calls to major MNOs (Mobile Network Operators like Verizon, T-Mobile and AT&T) and MVNOs (Mobile Virtual Network Operators such as Comcast, Mint Mobile, Spectrum and others).
In addition to solving security issues for BYOD users, private cellular networks can also:
If you want to know more about how Private Cellular networks can help you improve security and performance while lowering your costs, please contact:
Ballast Networks
Jon Morris