Organizations the world over are shifting away from on-prem infrastructure in favor of the cloud. Many of those organizations are leveraging G Suite as their productivity platform, and some go even further to leverage Google Identity-as-a-Service (IDaaS) to authenticate users to Google Apps and a few select web applications. With so much of business being conducted on Google Cloud Platform (GCP) these days and G Suite is core infrastructure, securing access to these cloud based resources is critical – including access to the network itself.
One of the best ways to improve the security of your WiFi networks is through the Remote Authentication Dial-In User Service (RADIUS). That is why a common question we get is how to achieve RADIUS authentication with Google Identity-as-a-Service. Before we answer that question, we should discuss why RADIUS authentication is valuable.
The Value of RADIUS Authentication
WiFi networks are the norm at virtually all organizations today. While there are tremendous benefits to WiFi, there are some serious security drawbacks as well.
One major challenge with WiFi authentication is ensuring that only authorized individuals have access to the network and, subsequently, an organization’s resources. Fortunately, there are a few approaches that can effectively mitigate this challenge.
The most common approach to WiFi authentication in use today comes in the form of a shared SSID and passphrase. Shared SSID and passphrase authentication can be effective at keeping the majority of unauthorized users at bay, but it doesn’t offer the capability to easily control who is accessing your WiFi network because anyone with the SSID and passphrase effectively has full access. Even if you have a “café style” network where there is very little on-prem, your users are on the network and their devices are conduits to your critical systems, applications, and data.
That’s where RADIUS comes into play. Leveraging a RADIUS server can help create unique access to your WiFi for each person on your network. The advantage of this approach is that SSIDs and passphrases are no longer shared across multiple users. By controlling access with credentials unique to each individual user, IT admins can (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/radius-authentication-google-idaas/