By Vernon Shure, Ruckus Networks.
If you have been following Ruckus Networks for a while, you have probably heard us frequently mention “security” and “policy” in the same breath. In many cases, the two do go hand in hand, and that’s certainly the case when it comes to network access policies.
IT policies that govern network access enhance security by limiting access to network resources to only those users whose role merits access to those resources. The HR and payroll departments get access to a server that houses confidential payroll data, but the call center and marketing department do not.
Even with many applications moving to the cloud, lots of sensitive data still resides within the network. Organizations can use network access policies as an important tool for implementing sound data governance practices. Who gets access to what resources is an important element of this. Network access policies can be defined and managed centrally for enforcement within the wired and wireless network infrastructure itself. (The Ruckus SaaS/software product that lets you define and manage policies for secure network access is Cloudpath Enrollment System).
While this policy capability is a powerful way to enhance IT security as part of a layered defense, the uses of network access policies also extend beyond the security realm. Let’s examine a few ways that you might use this type of policy that doesn’t explicitly have to do with IT security.
Network bandwidth management—sometimes not all network traffic is created equal
IT teams might want to favor one user, application or device over another, and network access policies can help do that. There are many examples of this, but one mission-critical one that comes to mind is in a hospital setting. If you are an IT admin in a hospital, you probably want network traffic generated by doctors accessing clinical applications to get priority over, say, someone visiting a sick relative accessing streaming video for entertainment purposes. A policy-based approach is one way to make sure that your network prioritizes the traffic that’s most important to your organization’s success.
Tiered service levels—monetizing network infrastructure based on willingness to pay
In some scenarios, the IT team might want to provide different levels of service to different users in proportion to their willingness to pay. This is where tiered service levels come into play. Imagine an airport setting where the facility wants to give some basic level of internet access for airline patrons for free—say speeds fast enough for checking email on their laptops. It might also want to provide faster service for someone willing to pay for it—say speeds fast enough to watch streaming video. This scenario also might present itself in a hospitality setting. Tiered service levels are another use case where the ability to centrally define and manage network access policies, and map those to users and devices, can really come in handy.
Separate VLANS for a personalized user experience
Certain settings call for not one large network, but rather something that looks like a lot of smaller networks—each of which is accessible only by a single user or small group of users. One example that springs to mind is in higher education—specifically in a college dormitory. The right policy implementation can give students a personalized experience so that they only see their own network resources or those that they have been granted access to. If a printer is in someone else’s dorm room down the hall, there is no need for a student to even see that resource. Why not put each student on their own VLAN? The right tools for a policy-based approach make it possible. The same scenario applies in an MDU (multi-dwelling unit) setting, such as a senior living center, or for any communal living situation.
Cloudpath Enrollment System for centralized network access policy management
You’ve probably heard us here at Ruckus talk more about the security aspects of network access policy than these other scenarios. The security element is front and center when it comes to describing the policy capabilities of Cloudpath Enrollment System, our SaaS/software platform for secure network onboarding. But as we have seen in this blog, the benefits of centrally managed policies for network access extend beyond enhancing IT security. As you might have guessed by now, Cloudpath software can help you address the scenarios mentioned above.
You don’t have to switch out your existing wired/wireless infrastructure to use Cloudpath software, either. It works with any vendor’s network infrastructure. If this sounds interesting, contact your WAV rep to learn more.