The guest at the door

The Guest Wi-Fi phenomenon in recent years had resulted from pressure from users, sometimes senior users, wanting their personal devices to have internet access. This has been coupled with the wish to improve the working environment for visitors and high function guest users. This ends up producing more complex Wi-Fi configurations, more intense administration overheads and more importantly security concerns.

Increasingly enterprises are looking to offload those additional difficulties onto outside providers with two approaches. Firstly to offer a WLAN connection onto their corporate network on an isolated VLAN which offers pass-through authentication to a service provider. This removes the headaches of admin and complexity and can provide user convenience with sign on being shared with other guest networks offered by the provider. In effect the user can use existing credentials to access your guest network. However this guest solution still relies on the corporate network to offer the service and also can result in lost opportunities to interact with the guest users and offer timely or useful information during the registration process.

The second approach is to create an entirely separate guest network in parallel to the corporate network. This would involve a separate Wi-Fi, LAN and Internet connection. The first objection to this is of course cost but the separation of the two networks, the so called “air gap” can guarantee corporate network integrity which may be a potential cost saving where security is concerned. This approach is especially useful for enterprises without a requirement for a corporate network. For the more mainstream technical Wi-Fi issues can occur.

The other issue is the possibility of two competing Wi-Fi solution in the same airspace. Traditionally this would be taboo but with recent advances in adaptive radio technology and interference mitigation, this is not quite the problem that it once was and can be ameliorated by providing guest coverage in public areas only. Another sensible way around this is to dedicate the 2.4GHz spectrum to Guest and the 5GHz to corporate.

A separate guest network can provide access and management resources from the cloud or from a service provider as preferred. This removes the complexity from the corporate environment and the administration can be provided on a lower SLA.  An important consideration is responsibility for device support and content/web filter management can be off loaded keeping the corporate IT department under less obligation to government as they work out their coruscations of Snooper’s Charters, Prevent Strategies and Data Protection laws.

So there are ways of preventing a security headache when the next guest knocks at your Wi-Fi door.