Deployment Timeline
The company first contacted SecureW2 late in the fall of 2021. One of their security engineers, John, had been pushing for them to find a better network authentication solution. SecureW2’s solutions were the first ones to impress them on their search.
Setup was fast. In just a couple calls with our experienced support team, they were able to roll out their new certificate-based authentication system with our Managed PKI and Cloud RADIUS in a mere two weeks.
Challenges
The company worked with an MSP that they totally trusted to help them address their network security concerns. They’re a startup that anticipates rapid growth, and with that growth comes an exponentially increasing need for a safe network.
Certificate-based Wi-Fi authentication was at the top of their list, but it was imperative that it be convenient. The company didn’t want to have to spend a lot of time manually issuing and revoking certificates. Since they’re in the healthcare industry, they have much more pressing problems to deal with than constant certificate management.
Their concerns about digital certificates didn’t end at just managing them. Making sure employee devices were correctly configured for certificates in the first place was also a major consideration – especially since the company employs a lot of contractors who use their own devices. With a BYOD policy, it can be tricky to ensure that everyone meets the same rigorous company standards. Contractors bring a wide variety of operating systems to the mix, and having a single IT team handle configuring all their devices can lead to a frustrating bottleneck in productivity.
Solution
The customer started their journey to certificate-based authentication by checking out a couple of SecureW2’s competitors. Not finding what they were looking for, they eventually made their way to SecureW2. It was then they found exactly what they needed.
The first solution we offered the customer was an intuitive managed Public Key Infrastructure (MPKI). Its convenient and straightforward GUI made it easy for the customer to create, issue, and revoke certificates. They even have the option of setting up certificates to automatically expire after a specific period of time, saving them from the hassle of having to manually revoke all certificates.
Automatic revocation raised some additional concerns for the company. Certificates that expired automatically could cause issues with network connectivity if users don’t know how to renew those certificates. This is another aspect that our PKI was able to address handily, with settings that allow organizations to set certificates to automatically renew, as well.Since the company works with a large number of contractors, being able to issue certificates efficiently to BYODs was another huge issue. With SecureW2’s ultra-easy onboarding software, this box was also checked off the company’s wishlist. The JoinNow onboarding application allows contractors to quickly self-enroll their own devices for certificates, saving their IT MSP time. Full-time employees with company-managed devices also enjoy an effortless enrollment process. In fact, thanks to our Managed Device Gateways, MDMs are auto-enrolled for certificates through Intune with absolutely no involvement on the user’s part.With their certificate concerns taken care of, there was another aspect to consider: verifying each certificate securely. The company jumped at the opportunity to use SecureW2’s Cloud RADIUS, which can verify a user’s certificate at the time of authentication with identity lookup. Every time a device enrolled with the company’s certificate attempts to access the network, our RADIUS checks that they’re not on the Certificate Revocation List and applies a proper authorization level based on what is listed for them in Azure.
Evaluating Success
The MSP entered the conversation with SecureW2 concerned about their client’s needs for certificate-based network authentication. After just a couple weeks in a trial period and a few phone calls, SecureW2 was able to get a PKI and RADIUS server up and running for them.
Now, whenever an employee or contractor needs a certificate, they are either automatically enrolled or can self-enroll in a matter of minutes. Best of all, this solution didn’t require costly on-premise servers – both the PKI and RADIUS are cloud-based.