One way to dramatically step up your network security is to start leveraging per user WiFi VLAN assignments. Essentially, VLAN assignment means to dynamically place users or groups of users into different VLANs (virtual local area networks) or network segments. The challenge with dynamic VLAN assignment has historically stemmed from the level of difficulty it presents when it comes time to implement. But, now a new identity and access management platform (IAM) is simplifying the process and making it much easier for organizations to increase their network security.
Why WiFi VLAN Assignment?
The first step in the journey to leveling up your network security is to understand the rationale behind VLAN tagging or VLAN steering as it is also known. By segmenting the network and placing users into specific VLANs that match their roles and needs, IT admins can limit the exposure of data, servers, and applications to only those that need it. With an unsegmented network, anybody can access any resource should they have the requisite skills. So, from a network security and compliance perspective, WiFi VLAN assignment can provide great benefits.
Challenges with Implementing VLAN Assignment
Returning back to the original challenge, implementing dynamic VLAN assignments can present quite the arduous task. Implementation starts with creating a segmented network through your wireless access points (WAPs) and switches/routers. It then cascades to assigning those VLANs to users and groups of users within the RADIUS server. And, then you need to tie all of these components, from endpoints (Windows®, Mac®, Linux®), WAPs, RADIUS servers, and the identity provider (IdP) together which can can be time consuming and difficult.
Shift Components to the Cloud
Luckily, a new generation of cloud identity and access management solution is simplifying the approach to WiFi VLAN assignment by shifting many of the components required for WiFi VLAN assignment to the cloud. IT admins just need to point their WAPs to a cloud RADIUS server and load their user assignments into the cloud directory service. No time consuming physical servers to stand up and configure. The cloud directory simply takes (Read more...)