Why businesses need WLAN
While the worldwide growth in the enterprise WLAN market has been steady rather than spectacular over the last couple of years, Redcentric’s own experience is that it has become one of the hotter technologies out there, with a significant number of tenders now containing a wireless networking element.
A good time then to bring you the low-down on WLAN – why you need it, how to get it, what to look out for, and how to secure it
Why do businesses need wireless LANs
There are a number of reasons for WLAN adoption and most projects are driven by a combination of these and their attendant benefits.
- To extend both the reach and the life of the wired corporate WAN - The extensibility and scalability offered by WLANs can take the pressure off wired LANs that may be reaching capacity, whilst also filling coverage gaps across larger network estates
- To improve staff mobility, productivity and collaboration – Creating an environment that allows for flexible ‘always on’ location-agnostic working speeds and simplifies communication and connectivity, boosts agile capability, and caters for the growth in personal device usage
- To provide guest/visitor internet access – Consumer behaviour has led us to the point where today we expect to be able to access a wireless connection, and to do it reasonably painlessly. In some sectors, such as retail, the cost of a wireless service can be offset against the immense business value to be had through the harvesting of user information and application of data analytics
- To enable the roll-out of voice services where physical estate characteristics favour the use of WLANs – Many organisations have challengingly diverse or sprawling sites – think hospitals or a university campus - that need robust coverage and high-class performance to properly underpin IP voice or Unified Communications deployments.
- To support the nascent ‘Internet of Things’ (IoT) – The headlines may have been taken by the domestic fridge or thermostat but many sectors are looking at connectivity options for ‘non-human’ devices, from streetlamp sensors to clinical drugs trollies, noise-activated CCTV to next-generation bus stops.
How to deploy WLANS
There are three main options for those looking to roll-out a WLAN across an enterprise:
- Do-it-yourself – Potentially appropriate if it is a very simple scenario, but still with the downside of considerable initial capex spend
- Outsource completely – Use a specialist managed service provider who can design, deploy and manage a WLAN to your precise needs, charging on an opex model
- Pick ‘n’ mix – Rely on the outsourcing option for all the heavylifting and ongoing support but use internal staff for initial deployment of pre-configured access points
The third option is proving itself most popular as the survey, design, security and configuration work is where the real expertise is needed at the outset; deployment just comes down to the successful placement and physical securing of the access points. Monitoring, upgrading and troubleshooting going forward all reside with the managed service provider.
The trend for outsourcing the majority of WLAN installations reflects most enterprises’ recognition that it is one of those technology subsets that requires particular knowledge and skill sets, and continuous learning to keep abreast of innovations, changes and risks. This is not the sort of know-how likely to be found in-house and there is probably little appetite for that sort of overhead anyway, when cost-effective subscription-based services are available.
The specialist is also much better equipped to deliver bespoke WLAN solutions. Currently, much of the outsourced wireless that gets piped into leisure and retail environments, for example, is a commodity, with a single specific use. There’s no questioning its fitness for purpose but it is essentially a product, not a service and the opposite of what most enterprise organisations need – consulting, design, security assessments, procurement, configuration, testing, roll-out, performance management, support and problem solving.
What to look out for when planning a WLAN
There are a number of considerations to focus on here
Deployment – Picking up on the point made above, you may want to exercise choice over how wireless roll-outs are handled. A project for fifty shops with a similar footprint and fit-out may lend itself to self-installation of pre-configured access points; ensuring wireless coverage across a sprawling multi-building site like a hospital may require specialist engineers. You also invariably need to plan for live site working and how to install and test your WLAN while minimising disruption and downtime for others.
Flexibility – With daily flux in user density and concurrent usage, ensure that your WLAN can adapt to cope without any drop-off in performance. Similarly, bear in mind future expansion. If, for example, your development roadmap has wireless supporting IP telephony at some point, then make sure that your chosen solution and/or service provider are compatible with your plans.
Performance - Today's wireless user expects a familiar log-in experience, so secure but not overly onerous; and consistent performance, so reasonably quick and reliable. That calls for performance by design, ensuring that physical sites and user requirements and user volumes now and going forward are properly audited and scoped and poured into a fit for purpose, flexible, future-proof solution. This is especially so for those networks supporting IP voice and UC deployments, where signal quality needs to be sustained to avoid call cut-out; on estates with people moving between buildings or negotiating a physically diverse environment, defining the appropriate access point coverage and topology is essential.
Authentication – The authentication process and capture of user details is increasingly providing valuable data, metrics and analytics for both CRM and operational/security purposes. If this is a business driver for your WLAN deployment, ensure that your WLAN does support a granular, customised approach to data collection, with very specific configurations available to better meet your needs. The same applies to reporting and management information – make sure that the service can match your preferences.
How to secure a WLAN
Data breach, theft of payment details, malicious backdoor entry, frontal assault on service, the WLAN is subject to the same cyber risks as the wired network – but it is arguably much more vulnerable. Some key considerations include:
- Wireless signals travel beyond physical barriers, making it theoretically easier to compromise when compared with having to access a wired port
- Authentication and encryption do a good job but you also have to factor in who and what you are granting access to
- You face a whole host of unknown devices and software accessing systems all the time, a problem that is growing with the emergence of the IoT
- Cyber threats and attacks are becoming ever more sophisticated so WLAN security has to keep pace
Ensuring your WLAN has adequate and evolving protection is perhaps one of the most compelling reasons for entrusting WLAN provision to a specialist managed service provider. Their experience and know-how of best practice, and their day-to-day awareness of emerging threats and new tools, can help you achieve the requisite protection levels without any additional cost premium – it’s all part of the service.
A security by default approach will address key risk factors and bake safeguards into the solution design and service delivery. Aspects to consider include:
Separation – Deploy an architecture that logically separates internal networks and creates a totally discrete guest WiFi network
Protocols – Ensure you use the appropriate security standards for your requirements, and remember that usability must never compromise safety
User rights – Security is not always about keeping the ‘baddies’ out, it is also about ensuring that ‘goodies’ can only access what they should be accessing. Different trust levels can be facilitated most simply by implementing rules-based policies based on user type.
APs – Distributed physical devices can become easy targets for theft and interference so ensure access points can be securely mounted and locked down
WiFi signal – Avoid wireless signals being too strong and bleeding beyond their designated area into space where they could be at greater risk of interference. Match the signal to what is actually needed.
Rogue access points – To avoid unauthorised access points lurking on your network, constant monitoring is essential for timely detection and remediation
Intrusion prevention – Ensure your WLAN solution can cope with whatever might be thrown at it going forward. Intrusion prevention systems are an excellent defence against more sophisticated attacks.
Mobile device management – Use the security elements of MDM to effect controls over BYOD devices trying to access the WLAN eg quarantining devices that fail to meet the security standards
IoT focus – The Internet of Things is bringing a proliferation of devices to market from a wealth of suppliers, not all of which are prioritising security. It’s imperative that any device connecting to your WLAN meets your quality standard and is kept patched and updated.
WLANs are fast becoming ‘must have’ technology for many within the enterprise space. Organisations just need to remain mindful that they ‘must have’ the right technologies, the right skills and the right approach as well.
To learn more about Redcentric’s managed WLAN service, please click here