The 802.1X standard for authenticating access to wired and wireless networks has met with a good deal of scrutiny in recent years. While 802.1X was considered a success when initially implemented on wired networks, with the shift to wireless networks, the growth of the geo-distributed organizations and the proliferation of internet-connected devices, the tides of opinion shifted, casting 802.1X in a negative light due to the difficulty and sheer expense of implementation.
Deployment of 802.1X is the main pain point as it requires support from RADIUS/AD servers at every location, making authentication available only when devices are physically present in the office, and requiring manual configuration of endpoints with an agent. This makes the implementation of 802.1X daunting, often taking systems administrators and engineers weeks to configure (and even more if a user repository is not already in place). This can take even longer (and cost much more) if being implemented in a geo-distributed organization that needs continually authenticate endpoints. As a result, deployment of 802.1X authentication protocols often feels like more of a headache than a help.
So why reconsider 802.1X?
Aside from implementation woes, 802.1X remains one of the best ways to authenticate devices because of its continuous and direct communication with the authenticating, as opposed to pre/post scanners or other less secure authentication solutions that expose the network to vulnerabilities (see more below).
Here’s why:
- Ease of Management: Unlike other authentication methods that use pre-shared keys (PSKs), which are difficult to control and can result in unauthorized access if not properly managed, 802.1X depends on certificates (WEP) and user credentials to grant access. These certificates/credentials can be effectively managed from the server, and the method uses existing backend infrastructure, simplifying implementation and policy administration. 802.1X is a highly integrated solution across all pillars of authentication: PKI and credential management, as well as automated management of access based on information from user repositories.
- Ease of Use: Despite the myth that 802.1X is more demanding of end users than other authentication solutions due to dependence on an agent, all it requires is that end users enter their credentials when promoted by the wired/wireless supplicant. This prompt is issued once, unless passwords or certificates have been altered. Group policies automatically configure the end user’s device for connection based on their specific group permissions. 802.1X allows for full end-to-end provisioning, automating deployment, management and troubleshooting tasks.
- Security:1X is one of the best methods for secure authentication of devices because authentication keys are individual and not shared like PSKs. Contextual information on users can be retrieved from the authentication server, such as roles like “Staff” or “Visitor.” Role assignment makes it possible to devise specific access policies (known as Role Based Access Control), and it’s possible to track individual users, removing them from the network if they pose a threat.
802.1X delivered as a cloud service
Offering 802.1X as a cloud service, with no need for physical deployment or network hardware, allows for hyper-availability of 802.1X authentication, taking into account geo-redundancies, enabling secure access to the network from every location for the distributed workforce, while enforcing network security policies through automated access controls.
If cost and rigid implementation were challenges in implementing traditional 802.1X, 802.1X as a service takes RADIUS, Active Directory and open source authentication servers to the cloud, enabling an appliance-free and limitless deployment for the cloud- agile enterprise. As a cloud service, it allows for automated full end-to-end provisioning and configuration, including the deployment of agents and management of network access and security policies, without compromising on network security. Finally, using information from the supplicant and the authentication server, 802.1X as a service characterizes device risk with the help of contextual information.
802.1X can really be that simple
Though many security professionals know 802.1X’s strengths when it comes to authentication solutions, deployment on wireless networks has presented significant implementation barriers. Delivering 802.1X as a software-defined cloud service, which does not require physical authentication servers, radically simplifies 802.1X deployment, making it an accessible solution for enterprises invested in the cloud computing, enterprise mobility, and digital transformation shifts. Also, it uses contextual information gatherable from 802.1X agents to calculate device risk. Enabling the benefits of 802.1X authentication without the headache of on-premise deployment is what 802.1X authentication as a service is all about.