Deployment Timeline
They contacted SecureW2 in March of 2021. Although they were impressed with what we had to offer, they just didn’t feel ready to deploy our Cloud RADIUS and managed PKI yet. Six months later, after merging with a couple other companies, they came back and purchased our JoinNow Connector Bundle. Deployment was fast – after just two weeks, they had everything set up for VPN and Wi-Fi authentication.
Challenges
Since their first contact with SecureW2 in March, the client acquired two more companies that they were working into their network infrastructure. This meant that they had even more devices and operating systems to work with than before.
Patching together the technological structure of what was basically three different organizations presented a one-of-a-kind challenge. The company wanted to arrange all its new employees’ devices under its MDM, Intune, and needed a solution that could coordinate with Intune.
The goal was to enroll all company-owned devices for digital certificates. Once a device is enrolled for certificates, it can automatically authenticate to a specific Wi-Fi network without any input from the end user, such as entering in a username and password. Beyond Wi-Fi authentication, the company also wished to use the security of digital certificates, which can’t be stolen or lost, to authenticate to their VPN.
It was imperative that any certificate solution be deployed as soon as possible. Jonathan understood the dangers of the modern cybersecurity landscape and knew that usernames and passwords just won’t cut it for security-conscious businesses.
Solutions
Fortunately for the customer, SecureW2 had everything they needed to achieve their network security goals. The first piece was our turnkey managed PKI. A Public Key Infrastructure (PKI) has all the components you need to enroll devices for certificates, and then manage those certificates afterward.
Our vendor-neutral PKI slid right into place with Intune. With our Managed Device Gateway APIs, each company-owned device was automatically enrolled for certificates. Since this was done automatically, there wasn’t a single support ticket about configuring a device for its certificate.
After certificates are issued, our managed PKI makes it effortless to oversee all parts of their lifecycle. Certificates can be set to automatically revoke at a specific time, so IT teams don’t need to manually revoke certificates themselves.
The company didn’t just stop at certificates, either. They also opted for our dynamic Cloud RADIUS, which helps further protect their network by checking the certificate status of each device attempting to access the company’s Wi-Fi or VPN. Our Cloud RADIUS even supports identity lookup, which means that it references the company’s Identity Provider (IDP), Azure, for information on the user, such as which groups they belong to in the organization.
Once it has determined which group the user is part of, our RADIUS can apply the appropriate access policy. This means that different employees can be granted access to different resources according to their roles. No one has access to anything more than precisely what they need to perform their day-to-day duties.
Evaluating Success
The company initially started by rolling out certificates to all devices in the core organization, but they very soon had all devices in even the newly acquired organizations equipped with certificates. Now, end users and IT staff alike are relieved to find that connecting to the Wi-Fi or VPN takes absolutely no effort on their part.
Best of all, the IT team gets to rest assured that their network is more secure in addition to being more convenient. Certificates cannot be stolen, lost, or transferred to other devices. Plus, with our Cloud RADIUS, it’s a breeze to ensure that only the company’s certificate-backed devices can access the network at all.