CASE STUDY
appliances in its data centre and Disaster
Recovery sites and 10 further Aruba
ClearPass Policy Manager 500 virtual
appliance nodes in its branches.
This translated to immediate cost savings
as Almarzooqi said: “Because there was no
need for any physical appliances, we could
maximise the utilisation of our existing
servers by running Aruba ClearPass VMs.
These were easily installed on commodity
hardware which is testament to the open
nature of Aruba’s solutions.”
A NAC for security
Implementation of ClearPass allows
Daman to centrally control network
access at all locations via a single intuitive
dashboard. No longer can users plug their
devices into ethernet ports and connect to
the network, nor does the company need
human resources to manage approvals for
wireless access.
“Now when someone requires access,
they simply raise a request from their
device which can be instantly approved or
rejected with a single click,” said Almarzooqi.
“This process is equally convenient on the
wired as well as the wireless network and
for devices running all types of operating
systems. As a result, all users get a uniformly
great experience.”
This self-registration system automates
authorisation from over 45,000 devices per
week and has entirely eliminated the need
for the IT team to get involved, reducing the
number of helpdesk calls related to network
access from over 30 per day, down to zero.
Taking security a step further
connecting them to Daman’s wired or
wireless network, thus mitigating the
possibility of endpoint vulnerabilities being
exploited for an attack or data breach.
“We have a pre-set checklist that includes
identifying whether the device’s operating
system is updated and patched and that its
running antivirus software. ClearPass rapidly
tests against our criteria and only devices
that meet these checks are permitted
access,” said Almarzooqi.
Unexpected benefits
Security and compliance may have been
Daman’s only expectations of Aruba’s
access control solution, but the company has
successfully leveraged ClearPass to introduce
several new IT services.
“The powerful features of ClearPass
have made possible a host of benefits
we did not even consider at the time of
evaluation. After meeting and exceeding
our expectations for NAC, ClearPass enabled
us to implement Wi-Fi self-registration
and onboarding, Wireless Security Policy
Management, BYOD support and guest
management,” said Almarzooqi.
Enhanced experience for
all stakeholders
ClearPass delivers policy-based network
security, allowing employees, contractors
and guests to self-register and connect to
the network with the appropriate level of
access to either the Internet or intranet.
Via convenient dashboards, Daman’s IT
team can set and modify these policies
and monitor all connections as well as their
usage of the network.
The company has also started introducing
innovations based on ClearPass. “We
successfully integrated it with our queue
system so now, instead of waiting in line
to get a physical coupon to access the
Wi-Fi network, guests can connect to our
network, click a single button and get a
token,” said Almarzooqi.
Behavioural analysis on the horizon
Almarzooqi and his team have already
begun exploring ways to further extend
their ClearPass utilisation. “We are
particularly interested in augmenting its
security capabilities through integration
with Aruba’s endpoint behaviour analytics
solution,” he said.
Aruba Introspect monitors the behaviour
of endpoint and IoT devices and using AI
and Machine Learning, detects and flags
anomalous or malicious activities.
“By combining this with ClearPass, we would
be able to automatically quarantine or
block rogue devices which will drastically
enhance our incident response capabilities,”
he continued.
A commitment to innovation
“Aruba’s solution performs exceptionally
well even in our complex multi-vendor
environment and its powerful capabilities
open up the possibility of leveraging it
for many more purposes than we
initially intended.
“We will continue innovating with this
solid platform and are excited to grow our
relationship with Aruba to enhance services
for all stakeholders,” said Almarzooqi. •
“Earlier, and without manual intervention,
approved devices rarely saw their access
being revoked after connectivity was no
longer necessary. Now, however, we can
specify the duration for which authorisation
should remain valid at the time of approval.
This feature is especially useful when
considering the large number of thirdparty
contractors who frequently work
from our offices for extended durations,”
said Almarzooqi.
Security is further enhanced as ClearPass
automatically vets devices prior to
NOW WHEN SOMEONE REQUIRES
ACCESS, THEY SIMPLY RAISE A
REQUEST FROM THEIR DEVICE WHICH
CAN BE INSTANTLY APPROVED OR
REJECTED WITH A SINGLE CLICK.
www.intelligentcio.com
INTELLIGENTCIO
57