Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Cloud 802.1x Explained

What Is Cloud 802.1x?

An 802.1x network is unique in one major way; it uses a Cloud RADIUS server as a means of authenticating users. The Cloud RADIUS checks a user’s credentials to see if they are an active member of an enterprise and grants users varying privileges of access depending on the network policies in place. This allows unique certificates to be used for each individual user, eliminating the reliance on  passwords that are always at risk to be stolen. Historically, 802.1x required on-premise RADIUS & identity servers, which caused a lot of confusion and high costs as a large number of moving parts required time and expertise to operate.

Enter Cloud 802.1x; as cloud technology became more readily available, innovative companies (such as SecureW2) utilized the advancements in technology to deliver better network security by making 802.1x infrastructure readily available for the cloud. Not to mention maintaining a cloud PKI costs ⅓ of the price of on-prem PKI.

Cloud 802.1x basically provides all the security features of a standard 802.1x network, but without all the hardware and expertise necessary to do so. SecureW2 allows people to get rid of their on-premise servers like Windows NPS and AD so they can go all cloud, check out how one of our customers benefited from the move to the cloud.

How Does 802.1x in the Cloud Work? Is it Safe?

As previously mentioned, instead of hosting on a physical server, you can host your infrastructure on a virtual server hosted on the cloud, and then access the services via the Internet. However, this has presented the question to many admins, is this safe? In short, yes, but it must be set up properly.

The biggest mistake organizations can make is using credential-based authentication, rather than certificate-based authentication. Think about it, having all your users send their credentials over the internet? Bad news. If you see a Cloud RADIUS server that only supports EAP-TTLS/PAP, run away!

Luckily, the setup for certificate-based authentication is incredibly simple with SecureW2. You first configure the secure SSID on a WPA2-Enterprise network. After that, set up the cloud RADIUS in the controller or AP by sharing the RADIUS IP and the shared secret. Just like that the setup process is complete.

Historically, the certificates have been used sparingly as a means of authentication. However, as technology has advanced and hacker activity has increased, certificates have become a primary means of defense for cybersecurity experts. Certificates are a substantial upgrade for network security and allow for a far superior user experience. Proper use of certificates can completely eliminate the threat of Man in the Middle Attacks and password-based headaches.

SecureW2’s CloudRADIUS has generated automatically for our users and benefits from built-in redundancy, meaning a high traffic event won’t slow down the authentication process. The reason that it’s so easy to set up for certificate-based authentication, is it’s paired with our Managed PKI Services. Your CloudRADIUS server comes built with your own Private CA already integrated, ready for Cloud 802.1x authentication. Overall, efficiency is the theme for Cloud RADIUS, as it benefits from lack of hardware and associated costs over time.

Cloud 802.1x With SecureW2

If you can justify the immense startup costs and ongoing maintenance on an on-site RADIUS, more power to you. It’s a valid option for very large or very niche organizations.

For most people, however, the affordability and convenience of a CLOUD Radius far outweigh on-site/on-prem RADIUS. It’s more scalable and it leverages newer, more secure technology.

If you are considering a Cloud RADIUS solution, check out our aptly named CloudRADIUS product. If you need further convincing, check out how we helped out this, creative agency deploy their RADIUS solution.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Cloud 802.1x Explained