Access versus security - it shouldn’t be a trade-off, says Fortinet’s Scott Cowen. He offers some security tips for the mobile workforce.
Enterprises can improve productivity by supporting BYOD (bring your own device) capabilities for management and staff.
Users should be able to log on to the corporate LAN, either wired or wireless, from the device of their choice, access the application services they need and then exit the system. But, to ensure that only authorised users can do so, stronger security must be implemented .
The challenge for IT managers is to maintain real-time visibility of both traffic and application services, not only to guarantee a quality user experience but to add another level of protection against abuse or unauthorised activity.
To do this savvy managers are ensuring that access to the network (either wired or wireless) is based on a combination of authentications based on both user and device. This is achieved with a unified approach to security that adds protection at every node on the network.
From Wi-Fi to a secure wireless LAN
The key is to start with the premise that there is ONE network, regardless of how users are connected to it – wired, wireless or remote access.
This can only be achieved if you integrate a single, comprehensive security-centric infrastructure - the so-called unified access layer - into the network’s fabric. A secure environment with a common set of rules and policies that determine the level of user access based on their needs/roles, not by which access method they use.
All of the components on the network have to be secured: the gateway, servers, switches and access points. Secure gateways are nothing new, indeed most gateways have embedded firewalls, application control, web filtering and intrusion prevention as standard features.
These features secure the LAN behind the gateway. But, with the advent of BYOD, there is now a back door that can bypass the secure gateway and provide unauthorised users a free hand.
Authentication, single sign-on and ID
Authentication is a standard feature of wired LANs. Extending authentication to the wireless world has traditionally been difficult and entails separate security for both access layers and infrastructure layers. Not only does this entail more operational overheads but it is cumbersome for users as they log on and off the WLAN. Hence the rise of single sign on (SSO).
SSO essentially takes advantage of the identity management capabilities inherent in the security-centric infrastructure to identify the user by both name and device. SSO interacts with other authentication servers on the network to act as a central repository for user identification. This in turn improves the user experience by reducing the number of logins that a user must execute. And once users are identified and authenticated, they are governed by a set of policies defining their resource access rights.
The secure WLAN: Access and security
Corporates need to make it easy for staff to work from any device, any time and in a secure manner. The technology has caught up with the requirement and is now available at a reasonable cost. Building security into your WLAN is no longer a separate exercise but a vital component of the security-centric infrastructure. It’s the most cost-effective and accessible strategy to remove the ‘access versus security’ trade-off from your network.
Scott Cowen is the New Zealand and Pacific Islands channel director for Fortinet, which provides high performance network security.