In most companies today, wireless LANS (WLANs) now carry the bulk of corporate traffic, relegating the once all-important wired network to second-tier status. In fact, Gartner predicts that tablets and smartphones will be the first choice for 50% of all users by 2018, and 40% of enterprises will specify Wi-Fi as the default connection for even non-mobile devices like desktop PCs. With increasingly critical devices, applications and resources running over the corporate WLAN, it’s time to re-evaluate exactly how you plan, manage and deploy WLAN network access security.
WLAN access security becomes especially important in this era of the mobile-first enterprise, where more companies are looking to mobile applications, bring-your-own-device (BYOD) programs and emerging Internet of Things (IoT) initiatives to run core aspects of their business. Consider how the healthcare industry is adopting Internet-of-Things (IoT) and connected medical devices, or how manufacturers are implementing connected, instrumented factory floors, or how any number of companies are basing their entire success on the productivity of a primarily mobile salesforce.
As WLANs run more mission-critical, Internet-facing applications and provide access to an increasingly wide range of mobile and IoT devices, they also become lucrative targets for attackers. In this emerging environment, ad hoc WLANs security mechanisms are no longer sufficient. To truly secure their networks end-to-end, mobile-first enterprises must re-evaluate their approach to deploy security that consists of:
- Internal layers of defense. This means foregoing flat WLAN topologies and instead implementing internal network segmentation, with firewall policies set between all users and all resources. This ensures that even if one mobile device is compromised, the malware will be unable propagate and gain access to more critical network devices and resources, effectively breaking the attack chain.
- Continuous scans for malware. This includes implementing wireless intrusion protection (WIP) to safeguard against rogue devices, ad hoc personal Mi-Fi networks, and unauthorized access, as well as deploying next-generation firewalls to handle intrusion prevention, deep packet inspection, malware detection and more.
- Consistent policies end-to-end. With tight internal segmentation in place, security policies must be applied consistently across all applications and devices, whether they are wired or wireless.The ability to easily configure and manage the entire security fabric is critical to ensure that your end-to-end to ensure wireless LAN security is as good as (if not better than) its wired counterpart.
- Fortinet’s Secure Access architecture delivers on every point. Purpose-built ASICs that ensure both performance and security, are coupled with tight internal segmentation and industry-leading WIP and next-generation firewalls, to collaborate and communicate effectively. With Fortinet, IT security professionals have a single pane of glass to centrally manage security, connectivity and access control for the whole enterprise network, wired and wireless, end-to-end.
Resilient Intelligent Networks is a Fortinet partner who can help you deploy comprehensive network security across the entire fabric or your organization, with the protection you need to keep your organization’s data safe and flexibility you need to grow.