Three Options for Managing Secure Wireless Access
By: Chris Hinsz
Director, Product Marketing at Fortinet
The number of wireless access points deployed in the typical enterprise continues to expand. The global enterprise wireless local area network (WLAN) market is projected to grow at a compound annual growth rate (CAGR) of 32% through 2023. The proliferation of smart devices and increased media intensive applications are some of the factors contributing to this explosion.
With this growth come challenges for end-user businesses. Analysts indicate that as the complexity of the wireless access layer increases, already pressing concerns around the shortage of cybersecurity professionals with the expertise to manage wireless access challenges, including all associated devices will exacerbate the situation.
Solving this challenge by finding an easier way to manage access points is crucial given the expanded use of wireless solutions by a wide range of industries. Wireless networks that deliver applications to end users smoothly, while ensuring the security of transmitted data, offer valuable opportunities for all type of businesses to connect customers and employees.
Wireless Boom Adds to IT Challenges
As wireless access infrastructures give organizations the ability to tap into powerful new business opportunities, network security teams face a number of management challenges. These include changing the way they deploy wireless access networks, manage connected devices, and support business applications. While users want fast Wi-Fi connections and a seamless experience, network security teams must simultaneously ensure that their connections are also secure—protecting networks, applications, and devices from threats.
Without appropriate threat protections in place, organizations place their customers, employees, and business partners at risk when they use access points. In addition, applications and sensitive data must be fully protected to comply with regulations ranging from the Health Insurance Portability and Accountability Act (HIPAA) to the Payment Card Industry Data Security Standard (PCI DSS). And organizations must demonstrate that compliance through tracking and reporting.
What to Look for in a Wireless Infrastructure Solution
From a network perspective, a wireless access solution should feature plug-and-play deployment and ease of management. Core capabilities include application security, visibility, and control across on-premises and cloud infrastructures. Management of access points should also be integrated into the broader security architecture. In addition to improving efficiencies and minimizing the number of manual touch points, this architectural approach improves an organization’s security posture. This ensures that wireless access points are visible from a centralized console and that threat intelligence can be shared with and from other security areas in real time.
When searching for a wireless access infrastructure solution, network leaders should look for the following key attributes:
- Provides reliable performance for data, voice, and video applications.
- Scales easily to prevent poor performance during spikes in activity.
- Optimizes traffic to handle surging volumes.
- Supports multiple channels and RF management capabilities.
- Protects against new threat vectors that tap into wireless access vulnerabilities.
Other key functionality to look for includes support for multi-form factors both at the AP level (indoor, outdoor, and wall-plate form factors) and at the management level (cloud, on-premises, virtual machine.)
Fortinet’s Wireless Management Options: Combining Access and Security
When selecting access points for wireless networks, one size rarely fits all. In addition to the technical capabilities that deliver the required connectivity and throughput, combined with physical specifications that conform to building and property logistics, businesses also require varying management and security options.
As businesses often have varying requirements when it comes to wireless access infrastructures, Fortinet offers three solutions for managing the performance and the security of wireless networks. All Fortinet current-model access points can be managed by at least two of the solution approaches described below, and FortiAP Universal Access Point devices can be managed by all three. In addition, all three solutions provide superior wireless access performance.
- FortiGate Integrated Wireless Management. With the FortiGate integrated wireless management solution, businesses can leverage FortiGate Next Generation Firewalls (NGFWs) already deployed to protect their networks. These NGFWs can also serve as wireless controllers for managing access points. Businesses with one small/medium location, or those with numerous small/medium locations such as a chain of retail stores or restaurants, or businesses with remote sales and service offices, often prefer this approach. In these scenarios, the network security team can manage access points through their FortiGate NGFW without needing to buy any extra licenses to manage the system. Network staff doesn’t need to learn a new interface since they are already managing the FortiGate NGFW.
- Dedicated WLAN Controller Wireless Management. Fortinet’s dedicated controller wireless management solution utilizes standalone controller-based wireless management, which is ideal for sites with hundreds to thousands of access points, such as large hospitals and college campuses. With networks of this size, it generally makes sense to segment firewall management from wireless management. This approach may involve the use of a series of FortiGate NGFWs with dedicated FortiWLC wireless controllers and FortiWLM management devices.
The advantage here, in addition to scale, is that a dedicated wireless controller like FortiWLC can handle more complex radio frequency functionality. The FortiWLC devices offer a technology that’s unique to the wireless industry called virtual cell management. In a virtual cell, all access points operate on the same channel, and the network is in charge of managing which AP is transmitting to which clients at any given time, while the client sees the entire network as one large AP. Continual centralized computation and updating ensure clients on the network are serviced optimally. Layering of virtual cells allows disparate networks to be installed that are both physically and logically segmented from each other.
- Cloud-Based Wireless Management. Whether or not to use the Fortinet cloud-based wireless management solution usually comes down to how a business approaches cloud computing. If most applications are provisioned from the cloud, then it probably makes sense to also manage wireless network security and performance from the cloud. We generally recommend FortiCloud for very small environments with one or two access points per site where a FortiGate NGFW has not already been deployed. We also feature APs with unified threat management (UTM) services onboard that can provide security in remote environments with cloud management. The cloud can also be used for installations, all the way up to thousands of access points if so desired. Regardless, if FortiGate NGFWs are already in place, it typically makes sense to use them for management rather than moving to a cloud-based environment.
Quick and Safe Access to Your Business
Finding the right wireless network management solution for your business is vital. Your wireless network is the “door” through which many people choose to communicate and conduct business. Providing a safe experience—where all of your end users can quickly and securely exchange information—is paramount to forming strong, long-term relationships. Violate their trust, and they are more likely to conduct business with someone else.
There will never be a single answer to the question of how to best manage and deploy a wireless network. That’s why Fortinet plans to continue to develop and enrich its secure wireless access solution offerings, providing our customers with optimal total cost of ownership (TCO), high-performance network connectivity, and safe and secure connectivity.