By Greg Keller Posted May 16, 2017
With the shift from wired networks to WiFi networks, many IT admins are searching for ways to manage and secure their networks without a great deal of effort or heavy lifting. Wired network security was almost inherent with the use of IAM, but with the shift to the cloud and WiFi, IT organizations need a new plan for their WiFi security.
This is why the cloud IAM feature for hosted RADIUS is generating a great deal of attention.
Wired to WiFi
IT networks of the past were more contained. Virtually all of the IT resources were located on-prem and the platform of choice was Microsoft Windows. Because the network was wired, gaining access to anything required users to be on the network or to VPN in. The domain controller would authenticate users and give them access to their devices and any other Windows-based IT resources they were authorized to access. The result for IT admins was that they were able to control who had access to the network in a centralized fashion. End users also had an easy time accessing their resources. They would simply login to their Windows system and be granted access to the network.
As the network shifted to wireless, things started to change. Access to the network was essentially an SSID and passphrase. This was often published widely and even written on whiteboards around the office. User authentication to the network was shared, not individual. For IT admins this approach provided a great deal of flexibility and agility for end users and less expense and infrastructure. The challenge was security. Shared access to the network made IT organizations uncomfortable – and rightly so.
Better WiFi Security with RADIUS Servers
The path to solving this problem was to implement a RADIUS server (often FreeRADIUS) and connect that to their directory service (likely Microsoft Active Directory®). After integrating their wireless access points with the RADIUS server, an organization could safely say they had stepped-up their WiFi security.
But implementing RADIUS yourself is far from simple. Each laptop or desktop would need to be configured to leverage the proper RADIUS protocol for authentication, and often a supplicant needed to be installed on the end user system. Of course, there was also the connection between the RADIUS server and Active Directory that needed to be managed.
This was a significant amount of work for IT organizations just to secure their WiFi network. As an easier alternative, many IT organizations simply started to rotate their SSID and passphrase more often. This pushed the hassle from IT onto end users. Good for IT. Of course, end users didn’t appreciate the approach. So, IT organizations had no good options to implement RADIUS and secure their WiFi networks.
Hosted RADIUS: The Cloud IAM Approach
Then a new approach to identity management emerged: Directory-as-a-Service® (DaaS). The DaaS platform functions as a cloud identity management platform, and allows IT organizations to integrate a number of identity management components into one cloud directory services approach. This cloud IAM approach can effectively replace Active Directory, LDAP, RADIUS servers, and others into one unified cloud directory. Directory-as-a-Service securely manages and connects users to the IT resources they need including systems (Windows, Mac, Linux), cloud and on-prem servers (e.g. AWS, Google Cloud), web and on-prem applications via LDAP and SAML, and wired and WiFi networks via RADIUS.
The hosted RADIUS functionality effectively places a RADIUS server in the cloud that is tightly integrated to the core user database. You simply point the WAPs (wireless access points) to the cloud RADIUS server, and that’s it. There is no need to install software on the Windows, Mac, or Linux system. IT admins get the security they are looking for with greater control, and end users can leverage the same passwords that they use for G Suite/ Office 365 and their system to uniquely access the WiFi network.
Learn More About RADIUS Management with Cloud IAM
If you would like to learn more about the cloud IAM feature for hosted RADIUS, drop us a note. Alternatively, sign-up for our cloud IAM platform and check out the hosted RADIUS functionality. That way, you can see for yourself if cloud IAM feature hosted RADIUS can help you secure your WiFi network. Your first 10 users are free forever.