Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!
Case Studies

Creative Licensing Company Faces the Music and Upgrades to a Certificate-Backed Network

Azure
Cloud Radius
Intune
Meraki
PKI
SMB
VPN
Wi-Fi
Case Study Hero BG

Deployment Timeline

They contacted SecureW2 in March of 2021. Although they were impressed with what we had to offer, they just didn’t feel ready to deploy our Cloud RADIUS and managed PKI yet. Six months later, after merging with a couple other companies, they came back and purchased our JoinNow Connector Bundle. Deployment was fast – after just two weeks, they had everything set up for VPN and Wi-Fi authentication.

Challenges

Since their first contact with SecureW2 in March, the client acquired two more companies that they were working into their network infrastructure. This meant that they had even more devices and operating systems to work with than before.

Quote Left Icon
Our merger was a big part of the reason we were drawn back to SecureW2, We remembered how flexible you guys are with various MDMs and IDPs. That vendor-neutrality was important for us.
JONATHAN, IT SECURITY SPECIALIST

Patching together the technological structure of what was basically three different organizations presented a one-of-a-kind challenge. The company wanted to arrange all its new employees’ devices under its MDM, Intune, and needed a solution that could coordinate with Intune.

The goal was to enroll all company-owned devices for digital certificates. Once a device is enrolled for certificates, it can automatically authenticate to a specific Wi-Fi network without any input from the end user, such as entering in a username and password. Beyond Wi-Fi authentication, the company also wished to use the security of digital certificates, which can’t be stolen or lost, to authenticate to their VPN.

It was imperative that any certificate solution be deployed as soon as possible. Jonathan understood the dangers of the modern cybersecurity landscape and knew that usernames and passwords just won’t cut it for security-conscious businesses.

Solutions

Fortunately for the customer, SecureW2 had everything they needed to achieve their network security goals. The first piece was our turnkey managed PKI. A Public Key Infrastructure (PKI) has all the components you need to enroll devices for certificates, and then manage those certificates afterward.

Our vendor-neutral PKI slid right into place with Intune. With our Managed Device Gateway APIs, each company-owned device was automatically enrolled for certificates. Since this was done automatically, there wasn’t a single support ticket about configuring a device for its certificate.

Quote Left Icon
I couldn’t believe how fast issuing the certificates was. With your gateways, we practically had certificates on all company devices overnight.
JONATHAN, IT SECURITY SPECIALIST

After certificates are issued, our managed PKI makes it effortless to oversee all parts of their lifecycle. Certificates can be set to automatically revoke at a specific time, so IT teams don’t need to manually revoke certificates themselves.

The company didn’t just stop at certificates, either. They also opted for our dynamic Cloud RADIUS, which helps further protect their network by checking the certificate status of each device attempting to access the company’s Wi-Fi or VPN. Our Cloud RADIUS even supports identity lookup, which means that it references the company’s Identity Provider (IDP), Azure, for information on the user, such as which groups they belong to in the organization.

Once it has determined which group the user is part of, our RADIUS can apply the appropriate access policy. This means that different employees can be granted access to different resources according to their roles. No one has access to anything more than precisely what they need to perform their day-to-day duties.

Evaluating Success

The company initially started by rolling out certificates to all devices in the core organization, but they very soon had all devices in even the newly acquired organizations equipped with certificates. Now, end users and IT staff alike are relieved to find that connecting to the Wi-Fi or VPN takes absolutely no effort on their part.

Best of all, the IT team gets to rest assured that their network is more secure in addition to being more convenient. Certificates cannot be stolen, lost, or transferred to other devices. Plus, with our Cloud RADIUS, it’s a breeze to ensure that only the company’s certificate-backed devices can access the network at all.

Quote Left Icon
I can rest easy now knowing that both our VPN and Wi-Fi are protected by a combination of certificates and Cloud RADIUS.
JONATHAN, IT SECURITY SPECIALIST