Secure, segmented, and seamless WiFi connectivity

Part 1: Offices use case

Ana Ortiz | January, 2019

This series explores WiFi connectivity within different contexts based on real-life scenarios encountered by our sales team. In this entry, we’ll focus on the workplace, in particular, mid-sized offices.

The backstory: What Enterprise Control does

In the past, we’ve explored the many reasons why organizations shouldn’t share WiFi passwords, and why they should instead implement enterprise-grade security protocols. We’ve also seen how Fontech’s Enterprise Control allows organizations to implement secure WiFi access without having to invest in complex, on-premise infrastructure. But what exactly does Enterprise Control do? How can it help in such a real-life scenario?

In a nutshell, Enterprise Control provides self-managed, secure, and segmented device onboarding to WiFi networks. This means that it’ll be easy for users to connect to the WiFi network without IT assistance, and all their devices will be configured automatically. WiFi access is secure and conditional: users/devices will be granted or denied access based on specific variables (identity, time, location, etc.). And once WiFi access is granted, they’ll have specific, profile-based access rights.

So let’s look at this in terms of workplace WiFi.

The context: Mid-sized offices

Employees

Large corporations often have sophisticated and complex WiFi security and management solutions, but they’re often out of reach for mid-size offices. So how do averaged sized companies provide office WiFi access to employees? Well, we usually encounter one of these two scenarios:

  • Shared WiFi passwords: In many cases, employees use a common password to access office WiFi. But this implies a major security risk! There is no control over who is actually accessing the network, and there’s no traceability. Users will have access to the WiFi network until the password is changed (which itself will impact all users)… just imagine the risk and burden if an employee is fired or a device gets stolen or lost!

     

  • Overly complex solutions: Other organizations that are more concerned with security often have complex solutions in place. Some cumbersome solutions require IT to configure devices one-by-one, which is secure but costly, non-scalable, and rigid. No BYOD (bring your own device) initiatives can be implemented, and every time devices are upgraded they have to be reconfigured.

Guests

Employees aren’t the only ones that need internet access at the workplace. What about visitors such as consultants, clients, and partners coming to meetings? Here we once again find two very common alternatives:

  • Shared WiFi passwords (again): If employees use a shared password, they will often simply share it with guests and visitors. This only worsens the aforementioned security risks: People outside the organization will have access to corporate VLANs, creating vulnerabilities for on-premise equipment.
  • Captive portals: Another common alternative is providing a guest WiFi captive portal for visitors. These portals are very useful for commercial and monetization purposes, but not when visitors expect seamless, worry-free WiFi connectivity. These portals can be intrusive, and the subsequent process of getting WiFi can be burdensome. Who can’t relate to having to start a meeting 10 minutes late because of technical problems? What about that last minute panic when you can’t access that PowerPoint document in your email?

The Fix: Enterprise Control Features

The status quo of office WiFi connectivity sounds familiar, doesn’t it? This is where Enterprise Control comes in. With it, companies can:

  1. Offer two differentiated SSIDs: One for employees and one for visitors. For the sake of the example, let’s call them “Company” and “Company_visitors”, respectively.

     

  2. Give employees a completely self-managed onboarding process: Employees can connect to the “Company” SSID, and all they’ll have to do is enter in their corporate email on the onboarding portal Enterprise Control provides. Then, each device, regardless of its OS, will be automatically configured, and all server/client certificates will be installed and maintained.

    The company can even decide to give different user types access to specific resources (e.g. Legal, Finance, HR). And, if company administrators wish, they can allow employees to connect their personal devices. Thanks to Enterprise Control’s policy server, employees can connect corporate or personal devices to the same SSID, though their access privileges will still vary based on their profile and device.

     

  3. Offer secure and easy guest WiFi: Following our example, visitors will connect to the “Company_visitors” SSID. In this case, multiple guest WiFi options are available: Guests can self-register through a captive portal, or the company may decide they must be previously invited by employees to connect.

     

    We have found that a very successful type of invitation in this context is through calendar integration. Here, when the visitor gets to the office, all s/he’ll have to do is enter the email of the employee with whom s/he has the meeting. Fontech’s Enterprise Control will simply check with the employee’s calendar. If it matches, the visitor will be able to easily connect to the WiFi.

The Conclusion

What does all of this mean for workplaces? Enterprise Control allows for the evolution from insecure and burdensome workplace WiFi access, to easily self-managed, secure, and segmented WiFi access. All with an easy and cost effective, cloud-based solution.

Discover more about Fontech’s Enterprise Control and WiFi Solution for Small Businesses. Stay tuned for our next installment in this series to see how Enterprise Control can help other types of organizations too!