Many of our CloudVO partners have asked us about best practices when it comes to network security. What is the best network architecture for a flexible office space? How do we ensure data security for coworking members who make up diverse groups of startups, professional firms, remote workers, corporate users, and work-from-home professionals?
Cost and resources come into play as many space operators don’t have massive budgets to spend on their IT infrastructure. Things can get complicated fast when dealing with hardware, software, cloud services, and everything that goes into setting up a network. Here are some basic best practices to consider when configuring the network security in your coworking space.
The general concept of data security is putting in place protective measures to reduce the risk of cyber attacks or theft of digital information. Note there are some differences when considering wired versus wireless data security which we outline below.
In the wired world, you want to have different Internet Protocols or IP subnets per office (i.e. separate networks for each office). This makes it so printers and computers in one office cannot see and access these devices in another office. Without this security set up, businesses in the financial industry, enterprise corporations, or any type of industry that handles sensitive information will likely see a barrier to choosing your space as they must comply with government sanctions for financial institutions.
Without private security, you can suggest to your member to set-up a Virtual Private Network (VPN) on their end which does provide security, but there are complications and limitations. For instance, on your shared network, everyone would have to use a VPN to gain that privacy, which is more cumbersome and slows down your computer. There are also limits to how many VPN clients you can have on the same network. Our sister company, Pacific Workplaces, uses the proprietary Yardi Data Appliance to create different subnets per office.
Wireless networks are inherently unsecure and the idea here is that your coworking space can offer more security to its users than if they decided to work in a coffee house. Make sure you have Wifi Protected Access (WPA 1 or WPA 2). This is a set of security standards that includes encryption. But, traditionally, all wireless users have access to anybody on the same wireless network. This is why when you put a printer on wifi, others on the same wifi network can access it. Therefore, you want the ability to have a solution that will place the wireless user in a different subnet.
One solution is to create a MAC-based Virtual Local Area Network (VLAN). A VLAN is another word for an IP subnet. A LAN is created when you have a router that creates a different subnet. A Virtual LAN is where you can create a subnet within a switch and add different switch ports to that same subnet. A Media Access Control or MAC-based VLAN is where you can create a subnet over the wireless network and assign MAC Addresses to those different VLANs. The Mac Address is basically the network adapter ID of any device (i.e. kind of like a unique fingerprint for any device). So whenever a device connects to wifi in your shared space, the system will place the wireless device on a secure office network. This makes it so your wireless device is secured similarly as if it were plugged into a wall jack. There are products out there that help you manage MAC-based VLANs. Providers like Essensys and Yardi are familiar with our industry and can help.
For a flexible office space operator, firewalling can be tricky. A firewall gives you control on what traffic can come through your network. When you have members who make up a multitude of businesses and industries on your network, it’s hard to limit access. For instance, one member wishes to limit certain types of websites, but another member wants to access them, making it difficult to centrally limit traffic. For those members that need additional security, consider an architecture that includes firewall access, which gives the member control over what comes in and out of their subnet. Members can also install their own firewall to limit traffic that comes in and out of their subnet.
You can’t have slow internet. It’s a deal-breaker. Don’t get anything less than 100 megabits up and down. One Gig is ideal, and even with that said, in the next couple years, we will surpass the gig.
You also have to make sure your data infrastructure can support the faster speed (i.e. cabling, data switches, and wifi access points all have to be able to handle faster speeds). If you want to offer fast internet but don’t have the infrastructure to support it, it’s like having a super-fast highway, but the on-ramp to get on the freeway has one lane with potholes.
While these guidelines are general, they should be useful to space operators as a starting point on what to consider when planning your network infrastructure. All of this can get very complicated to do on your own. If network security isn’t top of mind, then maintaining your network is pretty easy, but if you need more security, or are trying to market to Enterprise clients and specific industries who really care about security, you should consider hiring an IT consultant to help you get set-up and be available when problems arise. As your infrastructure gets more complicated, you are going to need technical expertise. Once your network is in place, you can put IT consultants on retainer for support to help with maintenance and troubleshooting.