Does Your Guest Access Solution Provide Adequate Security and Control?

Organizations have little choice but to offer guest network access. Customers expect it. Contractors, vendors and business partners require it. And it needs to be simple for guests to use and easy for IT to monitor and manage. However, traditional guest access solutions don’t provide the security and control needed to support growing numbers of devices and increasingly sophisticated threats.

Most organizations provide guest Internet access by segmenting off a section of the Wi-Fi network. Typically, guests are sent to a captive portal — a branded web page that displays the organization’s accepted use policy and a legal disclaimer limiting the organization’s liability should the guest fall victim to a cyberattack.

But even if the organization isn’t legally liable, it can suffer brand damage if guests connect to a malicious website from the organization’s network. It can also face legal and regulatory risks if guests download copyrighted materials or inappropriate content. Organizations need a way to protect guests from known and emerging threats, and to control and manage guests’ Internet access.

Advanced Protection

Cisco Umbrella is a cloud-based secure Internet gateway that blocks access to malicious URLs, IP addresses and files at the DNS layer, before a connection is established. It also provides powerful category-based content filtering, giving administrators granular control with flexible, location-aware enforcement.

Unlike legacy web gateways, Umbrella does not create latency, so guests enjoy a high-quality user experience. And it’s simple to deploy on Cisco Meraki and other Wi-Fi networks, with complete visibility and centralized management. No additional hardware or software is needed, and Cisco charges by the access point (AP) rather than by the user.

Of course, some guests require more than just Internet access. Vendors and contractors, for example, may have a legitimate business need to access certain corporate resources. Employees visiting from another company site will need the same level of access they’re accustomed to when working in their usual location. For these guests, you need role-based access controls and more robust authentication.

Role-Based Access

Cisco Identity Services Engine (ISE) is the ideal solution for role-based guest access, particularly for larger networks that must handle hundreds or even thousands of concurrent user sessions. ISE enables the centralized creation and management of access control policies based upon user profile, location, device type and other criteria. Simple guest onboarding processes mask the complexity of these robust security controls.

Guest portals allow guests to self-register themselves, while sponsor portals enable authorized users such as front-desk personnel to create guest user accounts. Administrators can define a duration for various types of guest accounts so that users who need ongoing access don’t have to reregister. Access is automatically suspended at the end of the predefined period.

As part of the registration process, guests can be required to download the ISE posture agent. Each time a guest logs in through the guest portal, ISE will check the device profile and confirm that it’s compliant with established policies. ISE also works in concert with Cisco TrustSec to enable consistent, policy-defined network segmentation without the need to manage complex access control lists.

Organizations need to provide a high-quality guest access experience while protecting against cyberattacks, filtering content and preventing unauthorized access to sensitive data. As a longtime Cisco Partner, Cerium’s experienced engineers can help you fortify your guest network with Cisco’s powerful tools.

Provide secure guest access with a great user experience

Contact us to learn how these tools can help you meet today’s guest access demands.

Contact Us

Related Articles

A sampling of other articles you may enjoy if you liked this one.

Zero Trust Security Makes Identity the New Perimeter
Feb 22, 2019

An interesting thing happened while we were busy revolutionizing the workplace with cloud and mobile...

Read More
Centralized Policy Management
Jan 29, 2019

Centralized Policy Management and Granular Controls Essential for BYOD The 2018 BYOD report from Bi...

Read More
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!