Many IT organizations are taking significant steps to lock down their networks. With a slew of breaches occurring every day, IT organizations are right to step-up their security efforts. One common area of concern with security is WiFi. As a result, many IT admins are searching for a solution to improve network security, and one of the most effective approaches is to move from a single shared SSID password to unique credentials for each user. Since some of the most common credentials in use at organizations are Google identities, it’s natural that IT is asking if Google Identity-as-a-Service can be used for WiFi authentication?
The Evolving Network
IT networks used to be far simpler a few years ago. They were mainly composed of Microsoft Windows®-based solutions and hosted on-prem. They were connected together with a wired LAN, and there was networking equipment to help everything function. There was a perimeter gateway where all network traffic flowed in and out. For the most part, security could be handled at the DMZ. Then, the only thing that was required was to ensure that only the right people were inside the office and able to physically access workstations.
Of course, those were far simpler days. Today’s IT environment is far different and more challenging for IT teams. With the advent of web applications and cloud infrastructure, many IT functions are handled in the cloud. Microsoft solutions such as Exchange, Windows File Server, and Office are being replaced by solutions like G Suite (formerly Google Apps) and Office 365. Users are leveraging a wide range of platforms including Mac and Linux systems. But even with all of this change, one of the most significant advancements in IT has been WiFi.
Securing a WiFi Network
WiFi networks enable end users to work from virtually anywhere within about 150 ft (46 m) – or even further if you’re using a Wi-Fi extender or an enterprise-grade router. There is little doubt that WiFi has increased productivity, collaboration, and agility for organizations. IT admins have embraced it due to significant decreases in cost and infrastructure requirements. Users love it because it allows them to work from a meeting room on the other side of the building without additional steps.
But the challenge with WiFi has always been security. There are many different obstacles that admins must face when securing a WiFi network, but one of the core challenges that is faced involves the WiFi credentials. Security for WiFi has been lax with shared SSID and passphrases being the most common method. Unlike wired networks where access is uniquely granted, shared WiFi credentials are the norm. However, because the signal is available outside of the office, this creates the risk that a hacker is sitting in the parking lot or neighboring office attempting to get on the network. All they need is to get the shared passphrase and they are in.
The best practices solution for WiFi security is to authenticate each person’s access with their core employee credentials. This ensures that every user has a unique log in, making it much more difficult for a password to leak out to the public. With many of those core credentials now being hosted in G Suite Directory, or what some are referring to as Google IDaaS, the challenge now becomes how to have WiFi authentication occur with Google Cloud Identities.
WiFi Authentication through Google IDaaS?
As IT admins realize, this isn’t possible natively with G Suite Directory, but it is possible with a tightly integrated third party solution called Directory-as-a-Service®. This cloud-based directory comes with a cloud RADIUS service embedded into its core offering. IT admins simply connect the cloud identity management platform with G Suite. A user’s G Suite credentials are then used as the identities for access to systems, applications, data, and networks such as the WiFi infrastructure.
WiFi authentication with Google Identity-as-a-Service is possible when you integrate with Directory-as-a-Service as the core identity provider. If you would like to learn more about how you can employ G Suite Identities to secure your WiFi network, reach out to us. We would be happy to answer any questions you might have. Alternatively, sign up for a free Directory-as-a-Service account and check it out for yourself. Your first 10 users are free forever (no credit card required), so there’s no reason not to try the platform for yourself and see if it could help you secure your WiFi network.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud