Deployment Timeline
In December 2018, the company contacted SecureW2 to help set-up an EAP-TLS cloud environment for their network. The entire PKI was set up from scratch after just a few phone calls.
The organization currently has 1,200 devices enrolled with certificates and a fully capable BYOD system enabled with certificate self-enrollment.
Challenges
As an expanding company, the organization was seeing its number of employees increase dramatically. They had a small team that was in charge of their network security that eventually wanted to move away from their Pre-shared key (PSK) authentication method.
Chris and his team decided they wanted to go with 802.1X EAP-TLS authentication, in order to get rid of passwords and take advantage of certificates.
The company knew that a requirement for all WPA2-Enterprise networks is the use of a RADIUS server. They initially wanted to get an on-premise server to leverage their new network security, but after some research found it was too expensive a solution, the IT administrator explained, “We didn’t initially realize how hands-on the process of getting an On-Site RADIUS was and we were having a hard time justifying the enormous cost in maintenance.”
Eventually, they decided they needed their solution to work in a cloud environment in order to reduce the costs associated with on-premise infrastructure.
Lastly, the company has a number of printers with access to their network, so they needed a way to ensure no bad actors could use one as an attack vector. To ensure a completely secure network, they wanted a way to enroll their printers for certificates as well.
Solution
The customer evaluated several 802.1X solutions and found that SecureW2 offered the best solution for their needs based on capabilities, managed services, and affordability.
SecureW2’s Managed Device Gateways for certificate auto-enrollment has made certificate distribution for users a breeze, as they quickly enrolled over a thousand devices in just a few weeks.
After getting started with SecureW2, the COVID-19 pandemic forced most of the customers’ employees to start working from home. The company needed a way to ensure their data remained safe even when away from the office. They used SecureW2 to enroll end-users with certificates to access their VPNs, now over 1,000 employees are able to securely access company data. Some other notable advantages the customer has enjoyed are:
- A massive reduction in password-related help-desk tickets.
- Easy certificate enrollment for IoT devices such as their printers.
- An easy-to-manage certificate portal with a complete graphical user interface.
Evaluating Success
With a completely cloud-based network and a fully functional PKI, the client is ready for any potential threat. They are currently transitioning to a more Okta based environment and can rest easy knowing they’re Okta directory is easily integrated with SecureW2.
The customer is moving towards a zero-trust network and is pushing to use certificates wherever possible to reinforce their security and move away from insecure passwords.
The firm has reached the point where they aim to use certificates wherever possible to strengthen and mature their security by completely moving away from passwords.