onway Logoonway.ch

BYOD and Guest Access: As secure as a bank

Aargauische Kantonalbank was looking for a flexible WLAN solution to set up secure guest access, enable simple self-administration by employees and reduce the administrative workload for the IT department.

BYOD and Guest Access: As secure as a bank

News

Initial situation

The Aargauische Kantonalbank already had WLAN infrastructure for e-Consulting and Bring Your Own Device. To meet the extended WLAN demands, a flexible solution was sought taking into account the following requirements:

  • Secure guest access with traceability and authentication
  • Secure and simple self-administration by employees and authentication of private devices
  • Reduction of the administrative effort for the IT department
Thanks to onway’s flexible and uncomplicated solution, our employees can easily, quickly and independently set up WLAN access for their own devices and guests. The corresponding access rights are assigned and inactive accounts are deleted – this reduces administrative effort considerably.
Bruno RohrerHead of IT Security, Member of the Management Board, Aargauische Kantonalbank

Decision

This is why the Aargauische Kantonalbank opted for a solution from onway:

  • Solution compatible with existing Ruckus components
  • Easy to manage and assign different access authorisations
  • Guest access is simple to set up and new devices can be easily onboarded by the employees themselves
  • No internal login data on private devices
  • Connection to the internal Active Directory infrastructure
  • Traceability of the meta data for actuated connections
  • Individual landing pages with different information per subnetwork

Solution

Software Defined Network Access is a highly flexible and easy-to-use complete solution that meets high security requirements and automates administrative work to the greatest possible extent. It comprises the following components macman, mpp and the Sponsoring Portal.

macman is a RADIUS server that authenticates devices and dynamically assigns them to a network segment (VLAN). The devices can be stored in inventory databases (CMDB), an Active Directory or the firm’s own database. The use of private devices can be controlled individually (permitted number, quality of service, automatic deletion, etc.).

mpp is a captive portal/router/firewall/content filter that is responsible for the web authentication of guest users and compliance with legal requirements.

The Sponsoring Portal is a multi-client web application on the intranet that employees can use to create guest accounts and manage their private devices or the company’s devices.

Aargauische Kantonalbank

The Aargauische Kantonalbank (AKB) is a traditional universal bank for private and corporate clients, as well as institutional investors. It offers comprehensive services in all areas of banking. Its strengths include needs-oriented, personal and comprehensible advice as well as comprehensive and competent support.

The AKB has 32 branches in the canton of Aargau and the neighbouring Olten-Gösgen-Gäu region of Solothurn. The company has around 810 employees (including 77 apprentices and interns) and serves around 230,000 customers. The AKB has been awarded an AA rating by the rating agency Standard & Poor’s.

onway

Since 2004, the team at onway ag has been supporting customers to evaluate, plan, implement and operate their WLAN/Network Access Control solutions, as well as offering ongoing support. To date, the team has successfully completed over 100 projects. We would be delighted to support you with your NAC/BYOD project.

BYOD and Guest Access: As secure as a bank

Here you can download the reference report on the BYOD/Guest Access solution of the Aargauische Kantonalbank.