2 years ago - Blog Posts
Wireless networks offer freedom for an increasingly mobile IT lifestyle. Yet managing login security is often overlooked. Scott Montgomery, Leader of Cloudpath Sales, Ruckus Wireless suggests that that there is a better way!
According to a recent report by Ericsson, there are now around 7 billion WiFi enabled mobile devices around the world and the number is growing. In the home, managing WiFi access rights is relatively simple but in the workplace, on university campuses and even in public areas like hotels, bars and gyms; the process of securely providing connectivity for staff, partners and guests has changed little over the last few decades. The most common method is still the simple password that provides universal access to either a private or guest network. However, as many technical experts will agree, this process is not a great idea in terms of security or efficiency.
To deal with the big item first, sharing passwords for access onto WiFi networks is like sharing the key to your front door. The key can be given back but there is no guarantee that the recipient hasn’t taken a copy. Until you change the locks, the door is no longer secure. This leads to a whole host of management issues as WiFi passwords change and insecure options of writing down passwords on bits of paper or the Chinese whispers of “Who knows the new password?” messages floating around an office.
Some organisations instead build WiFi access into other authentication methods such as Active Directory which is more secure but then this needs to be actively managed combined with authentication infrastructure that tends to be more complex.
Another issue is managing the devices on the network and who has access to which resources. This is becoming more of a problem as the number of devices and types of applications grow, especially with the popularity of cloud based services. As users or guests find themselves unable to access what they need from the appropriate device, the calls to the IT help-desk increase and everybody ends up unhappy at the WiFi network.
Anybody that has stayed in a hotel may have experienced another method through self-enrolment to the guest WiFi network via a web based interface. This technology has spread from hospitality and is now increasingly found in a more business friendly guise of which the Ruckus Cloudpath is the leading example.
In basic terms, Cloudpath is a policy based system that allows organisations to set who? what? when? and how? of access to the WiFi network. It uses mechanism of secure certificates; the same technology that websites such as Banks or retailers like Amazon use to ensure that a secure internet connection is made between a browser and a server. These certificates are used to authenticate that the legitimacy of each device that connects to the WiFi network and the system allows both self-enrolment and authentication against a trusted source like Active Directory or similar services, and is valid for any access point at any site connected to the Cloudpath service.
Once a user has been enrolled, approved for access and set against a policy, for example guest, staff or administrator; the system then manages the access to the WiFi network and related resources. This policy can be for an hour, day or even the length of a hotel stay or college course. Crucially, the user is not just given a password that they can share with anybody they choose, but instead Cloudpath ensures that the device is authorised only for the length of time set by the policy.
Although designed by Ruckus, a leading WiFi technology provider, Cloudpath can work with any 802.11 based WiFi networks to make it easy to deploy in multi-vendor environments and the system is designed to work with any fixed or mobile device that use any Microsoft, Apple or Google operating system or web browser combinations.
Although it ticks the boxes of security and ease of use; the biggest objection is often “Yeah but passwords are working just fine – we don’t need to change!” The reality is that even overlooking the inherent security risk, passwords are a costly administrative burden. Take for example the case of Blackpool and The Fylde College, a large higher education college that every year has to enrol 22,000 students onto its WiFi network. Not only was Cloudpath able to massively simplify this cumbersome process, the help desk saved literally days by not having to field hundreds of calls from students with WiFi sign up issues.
But even in smaller offices, the productivity gains from not having to make calls to technical support each time a member of staff upgrades or uses a new mobile device to attach to the network saves hundreds of hours in lost productivity. However, the security side is just too big to ignore. The sheer pervasiveness of WiFi networks are making them targets for attacks that aim to compromise IT security. The last trick up Cloudpath’s sleeve is the ability to check devices as they commence this enrolment process to make sure they are clean and also enforce policies to make users carry out basic IT security hygiene processes to help keep devices free of malware and worms that are used as the entry point for more advanced security threats.
So the next time somebody in your office taps you on the shoulder or phones up the IT department to ask about the WiFi password, remember there is a better way - a path that is securer, less cumbersome to manage and actually saves time and money.