In today’s world, wireless connectivity is ubiquitous. Universities, enterprises, large public venues (stadiums, shopping malls, airports), hotels, points of sale, healthcare institutions and smart cities are examples of places where, today, accessing Wi-Fi has become commonplace in serving users on the lookout for an always-on experience.
With the will of the EU to harmonize Data Protection across Europe, any business providing Wi-Fi will have to make some changes in the way they are providing Wi-Fi to their customers or users.
What is the EU data protection regulation ?
Earlier this year, the European Commission communicated a first draft of the future European Data Protection Regulation to replace the previous Data Protection Directive. The goal of this law is to harmonise Data Protection Regulation across the EU countries and it will be directly applicable to all EU member states without going through the process of implementing national legislation.
This will mean big changes to come for any European venues or organisations that offer access to the Internet, as well as for their providers who handle the data and traffic on their networks.
Ultimately, it means that any organisation will be responsible for what is done on their network. This means that they will have to monitor the use of their network in terms of connections and also ensure they will have to provide a secure network to prevent any data breach.
Whatever your business, you will need to protect your network users from data breaches and comply with the law.
With the new regulation, any business will have to cope with IT problems whether they have an IT team (their own or outsourced) on site or not.
Security becomes imperative
Building a wireless infrastructure that not only meets fast connectivity and performance requirements but also addresses security concerns is attainable by focusing on some simple questions.
Who is connected to the network?
Being able to identify who is using the next-door restaurant Wi-Fi seems at first easy – and it can be if a captive portal is in use. Providing user authentication means that the venue gets at least the MAC address of the connected device. Not all, but many guest access solutions incorporate a full server for authentication, which checks user identities. Authentication by the web portal is particularly suited to visitors through its ease of use, and providing continual engagement for repeat visitors (via social accounts when logging in, targeted splash pages and geo-tagged promotions & communications) increases visibility.
Who can access to what?
Rigorous management of access rights is the key to answer that question. Each user is characterised by his/her profile, which accurately describes the user’s rights (Internet connectivity, messaging, and applications). The profiles are applied dynamically during user connection periods, and apply equally to guests, BYOD users and corporate devices.
It also helps to include web security, as filtering can be applied at user profile level. Several URL categories are available (Adult, Aggressive, etc.) allowing different policies, which can be assigned to different profiles (age, employee/guest, territory, etc.). Providers are also responsible for the sites that visitors access, so this filtering is essential to protect the host.
What about the obligation to store connection data?
As soon as an organisation provides guest access, it has a legal obligation to keep connection data for those guests who connect to the network. Session logs (who is connected and when?) and activity logs (who did what?), are an indispensable mechanism for meeting the legal requirements laid down by law.
To learn more about how to provide secure connectivity and on-boarding while increasing customer engagement, contact-us.