Deployment Timeline
The client is a United States-based company valued at $1.4 billion with offices on both coasts. Because of their large employee base combined with an increasingly mobile workforce after the onset of the Covid-19 pandemic, they needed a solution to help authenticate remote employees more securely.
After a two-week trial period with a competing VPN solution, they decided to go with SecureW2 to help authenticate remote employees.
They were able to implement the products they purchased a few weeks after contacting SecureW2 in the fall of 2020.
Challenges
The Covid-19 pandemic changed the nature of the workday for a large portion of the global workforce. It was no exception for this company, which suddenly had to grapple with the challenges of employees increasingly moving to work from home.
They had been using pre-shared keys as a means of providing network access to employees. As more of their employees began remote work, they came to the realization that using PSKs leaves any organization’s network vulnerable to attack. They were also concerned that PSKs leave no visibility as to who is accessing the network.
To harden their security, the company set a goal of moving to 802.1x with a RADIUS to authenticate users onto their network. They also wanted to swap out pre-shared keys for certificates, which they correctly decided were significantly more secure.
Any prospective solution needed to integrate with their current infrastructure seamlessly. On top of needing to work with numerous different types of devices, they needed something that could be implemented with their existing environment, which consists of:
- Meraki Wi-fi APs
- Okta SSO
- Jamf and Intune MDM
Additionally, any solution the company purchased also needed to be highly scalable. They were – and still are – a growing business spread across multiple physical locations.
Solution
With the aforementioned objectives in mind, the client started researching what their options were. They reached out to and spoke with a few different solutions providers, but it was SecureW2’s pitch that ultimately drew them in.
SecureW2 got to work on preparing a bundle of services that would best meet the client’s needs. Their silent binary tools work in tandem with both JAMF and Intune, so MDMs will be able to quickly verify with Okta and enroll for certificates.
The client wanted to be sure that, in a remote work environment, only corporate-owned devices would be able to access company resources. To use certificates for the company VPN, Andrew simply used SecureW2’s intuitive Cloud RADIUS for VPN authentication.
Once users were enrolled for a certificate, the RADIUS server can use that to verify the level of permissions they have. Andrew created customize group security policies to segment users into different levels of resource access as a further security measure.
It was important as a matter of the company’s growing zero-trust policy that each corporate-owned device only was granted access to what is needed for the user to complete their work.
Users can log on, verify with Okta through SSO, and be issued a certificate tied to their device. With certificates tied to specific devices, it’s a simple matter to designate various levels of authorization for groups of devices.
Evaluating Success
With SecureW2’s JoinNow Connector, the client has access to a powerful PKI backed by AWS. They are able to easily issue, revoke, and manage certificates to all JAMF and Intune-managed devices across all their offices – even for employees now working from home.
Users can effortlessly enroll their own devices for certificates from anywhere with SecureW2’s onboarding application.