Provided by |
analysis META Trend: During 2003, campus-LAN initiatives that focus on increasing network availability will receive priority over emerging applications (e.g., VoIP). However, network intelligence will enable convergence of voice, video, and data, while increasing the ease of wireless LAN deployments. By end-2003, wireless LAN standards will converge into dual band, with enterprises relying more on wireless technologies to cut costs and increase productivity. By the second half of 2004, wireless LAN security will be standards-based and interoperable, as market focus shifts to management and service ubiquity across wired and wireless networks.
Network connectivity to access corporate resources, collaborate, and provide more timely exchange of information is increasingly becoming a requirement not only for mobile employees, but also for various visitors with a looser affiliation to the enterprise. Yet, providing access for consultants, contractors, or other guests in a manner that complies with internal security requirements is a challenge.
Many enterprises provide Internet connectivity through wired Ethernet jacks within conference rooms or lobby areas while restricting network access in other areas of the building. Emerging technologies like wireless LANs, new standards such as IEEE 802.1x, and a host of emerging vendor products will simplify the way in which IT organisations restrict and permit network access to all classes of users (internal employees and guests).
Although providing guest access to the network will increasingly become an additional service provided by the IT organisation, it is nonetheless complex from both a security and a support perspective. Security-conscious organisations will still prefer to maintain precise control over which guests obtain access to the network, implying strict authentication controls. However, other organisations will take a more relaxed approach (e.g., by building a network segment that is connected directly to the Internet).
Through 2004, we estimate that 30 percent of enterprises will leverage their wireless LAN to provide guest access. As wireless LAN architecture migrates to a systems approach, 60 percent of enterprises will add guest access capabilities (2005/06). The pressure to provide network connectivity to non-employees will gradually become too great to ignore, and enterprises will be forced to provide this service.
Wireless LANs will emerge as the dominant guest access medium of choice because they are relatively easy to deploy. By 2005, IEEE 802.1x port-based authentication will mature as a means of asserting policy and access rights within the switch or wireless infrastructure creating a single framework across wireless and wired domains. Third-party gateway/appliance solutions providing access control and Web-based authentication will provide the best means of guest control. Guest services will ultimately be managed by wireless LAN systems as they mature (2006/07).
From wired to wireless
Before the advent of enterprise-class wireless LANs, guest access to the wired Ethernet network was largely either denied or granted on a controlled basis. Long-term guests are given a network identification similar to that of employees, under a more restrictive profile but without device-level controls. Alternately, short-term guests are more likely to connect to the Internet in public areas (e.g., conference rooms), with traffic being contained by virtual LANs (VLANs) and routed at the IP layer to the demilitarised zone (DMZ). Device and user authentication limit access rights once on the network. However, while the latter example requires much less user management and support, enterprises generally have limited control over guests' activities, potentially opening them to liability in the case of inappropriate use.
