Secure Onboarding

Make BYOD and IoT Wi-Fi Onboarding Simple and Secure

Your users have all sorts of shiny new personal devices. And they have high expectations about how easy it should be to use them on your network.

But traditionally, getting all those devices onboarded has been a huge headache for IT. How do you securely connect thousands of user-owned devices without exposing your organization to new security threats? And how can you make the experience a good one, without asking people to re-enter login credentials 10 times a day, or burying your helpdesk in password support tickets?

Ruckus enables an awesome bring-your-own-device (BYOD) experience—for both users and IT. Our secure, no-hassle onboarding solution makes it easy for IT to handle the influx and to ensure those devices have only appropriate network access.

Hassle-Free Connectivity

Ruckus’ Cloudpath Enrollment System makes BYOD simple, seamless and self-service. Use a single point of entry to onboard practically any user-owned device, for any BYOD scenario—employees, students, partners or guests. With certificate-based onboarding, secure access is linked to the device, not just a user account. So people can onboard once and then automatically reconnect in the future—without having to constantly re-enter credentials.

Stress-Free Security

BYOD shouldn’t mean “bring-your-own-security-vulnerabilities.” CloudPath ES brings scalable, standards-based security to any environment, using the gold standard for enterprise wireless encryption. Configure your policies for different types of users and devices, and CloudPath automatically provisions them, without any manual IT intervention. You can even onboard “headless” devices like gaming consoles, printers, and video cameras to your Smart Wi-Fi network just as easily and securely.

Complaint-Free Administration

Thousands of different devices and platforms? No problem. Dozens of different use cases and policy profiles? Don’t worry about it. With Ruckus secure onboarding, it all happens automatically. And you can use it seamlessly within your existing Wi-Fi and security environment, at a fraction of the cost of expensive 802.1x authentication systems. No more trouble tickets for each new kind of device. No more password headaches for your users and your helpdesk. Instead, BYOD just works. And your IT team can focus their time and attention where it’s needed most.

Forest Hills Public School District

Michigan. 10,000 students. 1:1 Chromebooks needed more than 30 devices per AP.

Neumann University

Ruckus Provides Champion-Caliber Wired and Wireless Network

Sunway University

Sunway is a university located in Malaysia that serves 18,000 students and 1,500 staff members

Case Study

Blackpool and The Fylde College

Cloudpath Enrollment System Supports Digital Campus

Case Study

Fairfax County Public Schools

Embracing Bring-Your-Own-Device via Cloudpath Enrollment System

Case Study

Summit Public Schools

Cloudpath Enabling Reliable, Secure Authentication Across Campus

https://res.cloudinary.com/ruckus-wireless/image/upload/ar_16:8,c_fill,g_auto,q_...

Worcester Polytechnic Institute

Cloudpath Meets the Challenge at Worcester Polytechnic Institute

Victor Central School District

Victor, NY. 4,500 students. Replaces Aruba with Ruckus W-Fi for 1:1 learning and secure onboarding.

Ruckus Blog

ESG white paper covers IT security aspects of BYOD onboarding

ESG white paper covers IT security aspects of BYOD onboarding

Vernon Shure

https://theruckusroom.ruckuswireless.com/wp-content/uploads/2018/09/shutterstock...

Three ways to use network access policies beyond IT security

Vernon Shure

Three ways unsecured Wi-Fi can contribute to a data breach

Three ways unsecured Wi-Fi can contribute to a data breach

Vernon Shure

What Is Secure Onboarding, and Why Is It Such a Challenge?

What Is Secure Onboarding, and Why Is It Such a Challenge?

Vernon Shure

https://theruckusroom.ruckuswireless.com/wp-content/uploads/2018/08/blogimage-60...

What Is the Definition of a Data Breach, and Does Ransomware Count?

Vernon Shure

What’s Wrong with MAC Authentication and Pre-shared Keys (PSKs)

What’s Wrong with MAC Authentication and Pre-shared Keys (PSKs) for BYOD and Guest Wi-Fi Access, Part II: User and IT Experience

Vernon Shure

https://i0.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2018/03/th...

Wireless Eyes Are Watching – An Unexpected Benefit of Wi-Fi Security

Wendy Stanton

https://i2.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2018/03/th...

Secure Wi-Fi Access Using Dynamic Pre-Shared Keys

Vernon Shure

https://i2.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2018/01/th...

Securing BYOD and 1:1 Network Access in Primary and Secondary Schools

Staff

https://i2.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2017/11/47...

What’s Wrong with PSKs and MAC Authentication for BYOD?

Staff

https://i0.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2017/08/bl...

Heading into The Golden Era of Education Technology Solutions

Wendy Stanton

https://i2.wp.com/theruckusroom.ruckuswireless.com/wp-content/uploads/2017/08/fe...

Making Wireless Access and BYOD a Reality at your Agency

Chris Collura

Videos

Secure Guest Access

Wired and Wireless Network Security

What it means:

Visitors to any environment—schools, colleges, government agencies, retail, hospitality, offices or practically anywhere—arrive expecting easy and secure connectivity for their devices. Secure guest access means allowing visitors (vendors, partners, consultants—visitors of any kind) a way to securely access the internet and/or local network resources services over the wireless or wired network.

Why you should care:

When done right, guest access is a win for both the end-user and the organization providing it. Guest users are more productive when they can get online quickly and easily. Internet connectivity helps the visitor conduct whatever business or activity brings them to your environment, which also benefits the organization. Modern guest access systems let visitors securely self-provision their devices for internet access without IT involvement, avoiding costly and labor-intensive help desk tickets. These systems let IT teams customize network onboarding workflows, which may be sponsor-initiated, sponsor-approved, or entirely self-service. Guests receive their individual login credentials via SMS, email or printed vouchers.

IT teams can customize the onboarding portal so that the look and feel supports the organization’s brand. They can grant access for a specified period depending upon how long the user will remain on site. Guest users typically get internet access only—they don’t see internal network resources. IT gains visibility and control over devices on the network, with the ability to revoke access at any time. An up-front security posture check with remediation further enhances security. 

Related Products and Solutions

Secure Network Onboarding

Wired and Wireless Network Security

What it means:

Network onboarding is the process by which a BYOD, guest or IT-owned device gains access to the network for the first time. Secure network onboarding means doing this in a way that enhances security for users, devices, data, and the network.

Why you should care:

BYOD and guest users often incur frustration with default methods for network onboarding. Default methods such as MAC authentications and conventional PSKs are not intuitive for users, leading to numerous help desk tickets. Default methods of onboarding and authentication are also not secure. An effective system for secure network onboarding improves end-user experience for BYOD users and guests. It relieves IT of the burden of excessive help desk tickets related to network access, and improves IT security as part of a layered protection strategy. Ruckus offers Cloudpath Enrollment System software/SaaS for this purpose.

Related Products and Solutions

Certificate Management

Wired and Wireless Network Security

What it means:

In computer networking, a digital certificate is a document installed on a device that provides the basis for authenticating the device onto the network. Certificate management is the process of managing these digital certificates. This includes processes such as creation, storage, distribution, suspension and revocation. Certificate authorities (CA) are responsible for certificate management and serve as a registration authority for subscriber certificates.

Why you should care:

Digital certificates installed on the device as part of an automated network onboarding process streamline network authentication and make sure that every connection is secure. Users who have installed a certificate on their device during initial onboarding no longer have to take any action to re-authenticate on future connection attempts—the device connects automatically in a process that is transparent to the user. The certificate persists on the device until revoked by IT administrators. Default methods of network onboarding and authentication, such as conventional pre-shared keys and MAC authentication, do not provide the security or user experience benefits of digital certificates distributed via a secure onboarding platform.

Related Products and Solutions

Dynamic Pre-shared Key (DPSK)

Wired and Wireless Network Security

What it means:

Dynamic Pre-Shared Key (DPSK) is a Ruckus-patented technology that delivers secure network access by providing each device and user with a unique login credential. Users access the wired/wireless network using their own personal key, which is provided as part of the network onboarding process. In contrast, with conventional pre-shared keys (PSKs), multiple, or even all, users share the same key.

Why you should care:

Traditional pre-shared keys create a security hole in network defenses because multiple users access the network with the same key. Conventional PSKs do not give IT teams visibility and control over devices on the network or the ability to map access policies to specific users and devices. Users readily share conventional PSKs with others, and IT cannot revoke them for one user without revoking access for all. DPSKs address the security flaws of conventional PSKs to make users, devices, data and the network more secure.

DPSKs are an alternative to digital certificates that provide similar security benefits. They are appropriate in cases where user experience considerations make it impractical to install a digital certificate on the device. This applies in cases where the user will only need network access for a limited time—for example, in the case of guest users.