Deployment Timeline
The customer contacted SecureW2 in early March of 2020 during the initial stages of the Covid-19 pandemic. They had tried to configure their own PKI through Active Directory Certificate Services, only to find it was more challenging than they anticipated.
They wanted a certificate-backed VPN solution but found that native integration was becoming too cumbersome. After researching a number of different solutions, they found that SecureW2 likely had the tools they needed to solve their issues.
They were correct. It was clear that SecureW2 was the right fit and by the beginning of April that year, the customer had their certificate-based VPN authentication set up and their MDMs enrolled for certificates.
Challenges
Creating and maintaining your own Public Key Infrastructure (PKI) is tough, that much was made clear to the customer. They had tried to set up their own PKI through ADCS but found the task to be much more difficult than it seemed initially.
Aside from hardships with building their own PKI, the company had a growing remote workforce to worry about. With a sprawling business located in multiple countries, they were concerned about finding a way to ensure employees could access important company resources from anywhere. A VPN was a no-brainer for them, but ensuring only authorized employees, using trusted devices, accessed the VPN was a whole other issue entirely.This meant that any service they purchased needed to address a couple of huge issues. The company needed something that could replace their ailing PKI easily and they needed something that could guarantee only valid users logged into their Fortinet VPN and access points.
Solution
The company decided to reach out to SecureW2 after evaluating several options. In just a few weeks, SecureW2 responded to all their challenges with gusto.
Step one was replacing the company’s private AD CS PKI that just wasn’t working for them. Secure W2’s cloud-hosted Managed PKI was an easy fit, integrating flawlessly with their Intune MDM.
The next step was making a user-friendly way for all the company’s employees to self-enroll for certificates regardless of their location. SecureW2’s Managed Device Gateways were another perfect fit for Intune, making it possible for devices to auto-enroll themselves securely for certificates, with no user interaction required.They were able to get all their devices set up for certificate-based authentication at the press of a button. SecureW2 not only provided the PKI necessary for certificate enrollment, but it also provided a Cloud RADIUS server for authenticating users. Whenever someone attempts to access the network, the RADIUS checks to make sure they’re a valid user by comparing their certificate to a database of users kept by an Identity Provider (IDP). SecureW2’s Cloud RADIUS is vendor-neutral, so it works seamlessly with Azure.
Once all remote employees were able to authenticate to the VPN with secure certificates, the company decided to take an added security measure. Using SecureW2’s PKI and Managed Device Gateways, they configured their device and infrastructure for certificate-based Wi-Fi authentication.
Now, when employees are able to safely return to the office, their devices will connect automatically to the company’s Wi-Fi – no need to struggle to remember a network password, and no risk of over-the-air credential theft.
Evaluating Success
Over a year since the company implemented SecureW2’s PKI for VPN and Wi-Fi authentication, and accessing the network is a breeze for all their employees. No matter which office they’re located in, all employees can quickly connect to either the company’s Wi-Fi or the VPN.
Best of all, because they’ve eliminated passwords for these networks, they’ve seen a reduction in password-related IT tickets. They’re happy with the improvements, both because of the user-friendliness certificates offer to their end-users and because of the enhanced security that comes from knowing employees have one less password to manage.