Until fairly recently, wireless networks were configured to only support wireless devices that were pre-approved by a network administrator. Typically, this required an incoming guest to register her wireless device (e.g., dual-mode cellular telephone with WiFi capabilities) with the network administrator. This registration process was problematic because, from an IT perspective, it was quite labor intensive and there is little control on the types of applications that could be executed by that registered wireless device.
Namely, for device registration, the network administrator manually uploaded either the unique media access control (MAC) address of the wireless device or its newly assigned identifier into a database. Tasked with the responsibility of controlling access to the wireless network, an authentication server accessed the database whenever a wireless device sought access to the network. If the wireless device was registered, it was granted access to the network. Otherwise, access was denied. The types of applications executed by the wireless device were not controlled thoroughly.
Recently, wireless networks are being adapted to support “Bring-Your-Own-Device” (BYOD) environments, where all users are able to access a targeted wireless network through their personal devices, such as laptop computers, tablets, or dual-mode cellular telephones for example. As a result, the number of devices per network user has grown from a one-to-one relationship to a one-to-many relationship as a network user may simultaneously or interchangeably connect to a network using multiple devices.
In light of BYOD environments, controlling enterprise access to personal devices and enforcing compliance with access and usage policies for application software running on these devices has become imperative for network security. Without such policy enforcement, users may install and operate application software as well as access websites that are inappropriate for a work environment. Furthermore, without ensuring compliance with application software usage, the BYOD networking environment has made networks susceptible to malware attacks.
Therefore, a system and method is needed for enabling application software to be provisioned within an enterprise network along with device-level policy enforcement to control access and usage of the application software, especially application software provided by third parties.