Multi-Tenant RADIUS for MSPs
Managed service providers (MSPs) have been the focal point of a series of attacks that are starting to draw attention from the public. A study conducted by Vanson Bourne surveyed 200 MSPs across the United States and found that 74% of MSPs have suffered a cyberattack in the past year, with 83% reporting that their SMB customers have suffered one as well.
This increasing threat is a major cause for concern and can only be combated through a stringent focus on cybersecurity. RADIUS authentication is a great first step for securing wireless networks; MSPs often utilize FreeRADIUS as their de facto RADIUS solution. However, while suitable for a lot of organizations, MSPs require certain capabilities that FreeRADIUS simply can’t provide.
Fortunately, SecureW2 provides a turnkey cloud-based solution that allows MSPs to secure user authentication for all their clients’ networks with digital certificates, not passwords. Learn how our customers are using Cloud PKI and Cloud RADIUS services to improve their network security.
In the article, we’re going to explore multi-tenant RADIUS solutions that are more suitable for MSPs.
Is Multi-Tenant 802.1x Authentication Possible?
SecureW2 is excited to announce a whole new way to utilize a RADIUS server with a Dynamic Policy Engine. The defining feature that separates our Cloud RADIUS from other RADIUS is that, due to the dynamic functionality, it actually communicates with the directory directly, even using EAP-TLS.
This allows the RADIUS server to reference a directory entry, both to confirm the entity is authorized for access, and to read any other user information. This functionality is similar to the user lookup feature employed by networks with LDAP-AD infrastructure.
Dynamic Cloud RADIUS has a robust feature suite that enables you to use one RADIUS server for multiple organizations, each kept distinct in their own directory. The new multi-tenant 802.1x server makes runtime-level policy decisions by looking up user information in the directory. In contrast, normal certificate-based RADIUS authentication simply checks the CRL for revoked certificates.
Shared Cloud RADIUS for MSP
MSPs stand to benefit from multi-tenant 802.1X with more than just increased security. MSPs can rarely offer their customers cloud RADIUS options because it’s simply too cost-prohibitive to set up the infrastructure for the small companies that MSPs typically service.
Another key benefit is that a single multi-tenant RADIUS can sort authentication requests by organization (or any other attribute) before accessing any organizational network resources. Each of the clients is insulated from one another, maintaining full privacy and security while still utilizing the same RADIUS server.
With the ability to use a single RADIUS server for multiple clients, while keeping the client networks and resources totally isolated, MSPs can finally offer a scalable, full-featured RADIUS as part of their network security package.
Affordable Cloud RADIUS Servers for Small Organizations
Implementing the infrastructure for RADIUS authentication has historically been quite pricey. Even a managed, cloud-hosted RADIUS setup, while significantly cheaper, is still out of reach for many small businesses.
Multi-tenant RADIUS makes top-quality security more accessible to small organizations that wouldn’t be able to use a RADIUS otherwise. With the help of Managed Service Providers, we hope to extend the protection of RADIUS to a plethora of small businesses that have never had the opportunity before.
SecureW2’s Cloud RADIUS enables MSPs to offer native integrations for any cloud IDP including Azure and Okta. Our unique multi-customer RADIUS allows MSPs to offer affordable, premium authentication security to all of their clients. Click here to see our pricing.