- 14 April 2016 07:56
Fortinet: Protecting enterprise networks with cloud-based WiFi
Technology is changing the way we secure corporate networks. As the number and types of network-connected wireless devices continue to grow exponentially, these connected devices present new vulnerabilities and a growing attack surface. This is especially true as enterprises adopt BYOD (bring your own device) and WiFi to take advantage of all of the benefits of increased productivity. One particular solution to secure these devices and the network gaining traction in ANZ is cloud-managed secure WiFi.
Cloud-managed Wi-Fi security infrastructure According to IDC, adoption of cloud-managed WiFi is growing steadily. For many organisations, especially distributed enterprises (organisations built on a hub-and-spoke model, with a centralised IT staff, and with multiple remote sites needing connectivity), a traditional controller-based model of WiFi may not meet their needs for scalability, a less physically intensive infrastructure, and automated provisioning and management across a wide geographic area. Cloud-managed WiFi has emerged in recent years to address these growing needs.
In the traditional model of enterprise-grade WiFi, controllers can represent a large capital expense. In the case of cloud-managed WiFi, scaling up the network involves just the cost of additional access points (APs) plus applicable subscription fees. This cost structure often works well for small to medium-sized organisations and distributed enterprises. The space requirements of a controller are sometimes prohibitive for small distributed enterprise branch locations. This, along with a frequent lack of onsite networking expertise, has often led to distributed enterprises doing without WiFi —or employing consumer-grade solutions that lack adequate security, policy and network management capabilities.
Centralised management and provisioning capabilities are important within a cloud-managed WiFi platform. In such an infrastructure, APs ship preconfigured to remote sites, with provisioning taking place centrally through a Web based management application. Once APs arrive at a remote site, a branch worker need only plug in the AP and click through a Web-based GUI to get WiFi up and running in minutes. User and device policies—as well as all relevant WLAN updates —are managed centrally.
Key challenges for cloud WiFi security infrastructure Distributed organisations face many challenges as they deploy and manage a wireless LAN solution for their customers and employees. Current enterprise WLAN solutions often require complex architectures to segment guest and internal networks. Plus WLAN operates on extra hardware like separate WLAN controllers and security appliances. While emerging cloud-managed WiFi vendors have helped to reduce the complexity and management issues associated with deploying wireless networks, moving WLAN control into the cloud has introduced many security challenges.
Generally speaking, cloud-managed WiFi is capable of being just as secure as traditional WiFi. However, many cloud solutions on the market today do not reach this level of security. Most support basic wireless intrusion detection systems (WIDS), 802.1-based authentication, application visibility, and other standard wireless security mechanisms. However, the majority of these platforms do not support broader network security requirements such as intrusion prevention systems (IPS), Web content filtering, application control, antivirus, and others. Of course, security features need frequent updates to be effective, and the centralized updating capabilities of cloud-managed WiFi help enable this.
Due to wireless traffic leaving the remote network in a cloud-managed model, the security functionality requirements of cloud-managed WiFi are greater than those of traditional Wi-Fi in many ways. Regardless of control architecture, WLAN security requires more than just captive portal authentication, 802.1X, and WIDS/WIPS. Secure cloud-managed APs must move beyond wireless intrusion protection to network-wide IPS because threats are commonly found at the network layer and higher.
Securing WLAN: Still A Top Priority WLANs have become a standard part of an enterprise network and its role is becoming increasingly important due to BYOD. As such, WLAN must be a key priority for any network administrator. Strong authentication, smart policies based on user identity and device identification and a sophisticated client reputation capability give not only the WLAN but the whole network the ability to effectively combat the increasingly sophisticated attacks that enterprise networks are constantly encountering.
Gary Gardiner is Fortinet’s A/NZ Director of Engineering & Services and has years of experience securing networks of all shapes and sizes.
About Fortinet Fortinet helps protect networks, users and data from continually evolving threats. As a global leader in high-performance network security, we enable businesses and governments to consolidate and integrate stand-alone technologies without suffering performance penalties. Unlike costly, inflexible and low-performance alternatives, Fortinet solutions empower customers to embrace new technologies and business opportunities while protecting essential systems and content. Learn more at www.fortinet.com.