Agency Wi-Fi Adoption Can Take Off if Security Concerns Are Addressed

Federal agencies will be more likely to deploy Wi-Fi networks if they can achieve a comfortable level of network security when they do so, according to officials from Brocade and Ruckus Wireless.

Selina Lo, CEO of Ruckus Wireless (which Brocade agreed to acquire in April), says that security is the top concern for agencies when they are thinking about rolling out Wi-Fi networks. “Wireless, compared to wired, it’s definitely perceived as much less secure,” she told FedTech on the sidelines of the 2016 Federal Forum in Washington, D.C., in a joint interview with Steve Wallo, chief solutions architect at Brocade Federal.

However, Lo says that security for Wi-Fi has been augmented over the years through work on the 802.11 standards as well as proprietary intrusion detection technologies. The federal government will likely need to deploy more Wi-Fi networks in the years ahead to keep pace with the demand from mobile devices and a younger workforce that has grown up with smartphones.

“Even for the feds, it’s becoming futile to stop Wi-Fi from coming in,” she says, especially because of the demands of millennials. “They are going to bring in their devices, they are going to use Wi-Fi, and if you don’t actually offer them Wi-Fi access, they are going to look for neighboring networks or some open network to get on. That’s actually a big source of problems.”

Building Security into Wi-Fi NetworksThe are several tools and methods agencies can employ to ensure Wi-Fi networks inside their facilities are secure from end to end. One is to make sure mobile devices connecting to the networks are secure. Ruckus offers a technology called Cloudpath, which can automatically push a network certificate to devices when they connect and then allows the network administrator to set a policy for that device and manage it over time, Lo says.. “That, for us, is the most secure way of ensuring that all of the employees’ devices, even guest devices, are protected,” she adds.

Another way to handle Wi-Fi security is through analytics. Ruckus offers a solution called Smart Positioning Technology, or SPoT, which can provide network administrators with a real-time heat map of user devices on the network, allowing them to see where devices are concentrated in a facility and which devices are in which locations at certain times of day. They can then use SPoT analytics to detect anomalous or suspicious user behavior. Wallo says that another element of the network agencies need to think about securing is backhaul, which connects wireless networks to the backbone of the Internet.  “If you’re a CIO in the government, one of your biggest problems is the architecture is usually very old,” he says. “So addressing the Wi-Fi component, gives you one step toward a complete solution, but unless you pull that backend and the backhaul with it, you’re only putting new icing on an old cake.”

By adding security protections and layers to the backhaul network, even if a malicious user were to gain access to a Wi-Fi access point, the protections can thwart further access in the network, Wallo says. Software-defined networking (SDN) is helping on that front, according to Wallo. He notes that networks can be protected in two ways. One is to block malicious actors from accessing networks through firewalls and other measures. Another is to assume networks will be penetrated and use SDN to obscure, mask and change data inside the network so that even if the network is penetrated it cannot be accessed.

Lo notes that there are going to be some federal locations where Wi-Fi is not deemed secure enough. An option in those cases, is OpenG, she says, which enables enterprises to run a mutli-carrier private LTE infrastructure.

The Changing Face of Federal Wi-Fi

Lo says that today the market for Wi-Fi in the federal government lags behind the commercial Wi-Fi market mainly because of the security concerns. “Today, most of the deployments are very much limited to the barracks and residential usage, very tactical.,” she says. However, Lo thinks that will change, and that “being able to secure everything all the way to the [network] edge is the critical aspect.”

That includes securing smartphones and making sure that those devices can be managed and remotely wiped, and that certain users can be blocked from accessing networks. “All of that technology is there today,” she says.

Wallo says that when it comes to agencies being willing to embrace Wi-Fi more, “culture is huge” and that agencies’ IT leaders “have to be willing to accept a different direction than they were in the past in terms of how they design networks.”

For more on how the federal government is tackling Wi-Fi deployments, visit fedtechmagazine.com/wifi.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.