What Is Guest Wi-Fi?

Internet access for visitors is essential for enterprise networks

What is guest Wi-Fi for enterprise networks, and why is it needed?

Enterprise networks see a variety of users and devices that need to connect to the wireless network. Visitors to any enterprise environment–short-term contractors, vendors, partners, and others–arrive in the enterprise environment expecting internet connectivity with a minimum of hassle. Guest Wi-Fi for the enterprise is a means of providing this connectivity for guest users. Guest Wi-Fi can also be a way to keep guest traffic off of the enterprise network, isolating guests from internal resources and each other, which improves network security. A system for guest access is an extension of other security measures that support a zero trust security strategy.

How does enterprise guest Wi-Fi work today?

How guest access works varies from organization to organization. A coffee shop may be content to provide an open SSID for guest users, or they may use a passphrase that they provide to paying customers. Hotels will present a captive portal, often with a requirement to pay for internet access, to let guests self-serve to gain internet access. Typically enterprises seek to provide guest users with internet access only. Their status as guests means that’s the level of access that makes sense. Lacking a system for providing guest Wi-Fi, enterprise organizations typically will deploy duplicate infrastructure to support guest users–for example, they will manage a separate DHCP server for guest users and deploy an anchor controller in the network DMZ. Guest traffic passes through the firewall, which applies rules that govern access. IT must define those firewall rules to provide the right level of access. Unfortunately, it’s easy to misconfigure these policies, which can leave sensitive data exposed to guest users. All of this also increases infrastructure costs and administrative overhead. So the usual method of providing guest access, lacking a system for this purpose, has some very serious drawbacks.

Are there any other options for delivering guest internet access?

Organizations focused specifically on providing guest access that enhances their security posture, while also offering superior ease of use, may seek out a more modern and simpler approach–one delivered as a cloud service. Ideally, such a service isolates guest users from internal resources and from each other, to prevent malware from propagating horizontally (east-west) among guest users.

With such a service, guest users get internet access by accepting terms and conditions, and the organization may also require sponsor approval as part of the onboarding workflow. The service tunnels guest traffic to an off-site point of presence (PoP), from where it goes directly to the internet. Traffic passes through the firewall without filtering and IT does not have to define firewall rules for guest users. Such a service also removes the need for redundant infrastructure in the form of DHCP servers and anchor controllers. Internet access should last for only a defined period–the duration of access is not indefinite.

What are the risks, threats, and problems of not having a separate guest access system?

As mentioned above, lacking a system for providing guest access, the traffic generated by guest users is subject to firewall rules that must be defined by IT administrators. There is a risk that they will configure these rules incorrectly, allowing guest users access to sensitive internal IT resources. In addition, if guest users are not isolated from one another and internal users, malware can propagate between them. The administrative overhead and additional infrastructure costs associated with the traditional means of providing guest access are also a problem for many organizations.

Why is it important to have guest Wi-Fi? What are the benefits of having guest access?

Visitors arrive in the enterprise environment for a specific purpose related to the organization’s business. They have a legitimate need for internet access to help them have a successful visit and conduct whatever business they have with the organization. But lacking a system for delivering internet access, there are security risks, administrative burden, and infrastructure costs associated with providing that access. To avoid these problems while granting guest users the internet access they need, an organization should have an efficient and secure means of providing that access.
A platform for guest Wi-Fi confers the following benefits:

• Gives IT an effective way to deliver internet access for guest users.
• Increases network and data security.
• Simplifies life for IT.
• Reduces infrastructure costs.
• Deploys quickly and easily.

What are some best practices for guest access?

Following are some best practices for providing guest access for visitors:
Provide internet access only for guest users.
Isolate guest users from sensitive network resources and each other.
Provide self-service workflows that avoid having to involve IT to get guest users connected.
Choose a platform for guest access that reduces administrative burden and infrastructure costs.
Provide access for only a limited period.

Summary

Enterprise organizations and their visitors have a mutual interest in those visitors having internet access during their time in the enterprise environment. IT teams should take steps to protect against the security risks related to guest access as part of a zero trust security strategy. They should also adopt mechanisms for doing so that decrease–not increase–administrative burden and infrastructure costs.