VideoIf you're wondering whether it's time for your company to join the wireless revolution, we have some news for you: it already has, for better and worse. During the past few years, thousands of cell phones, BlackBerry devices, pagers, wireless PDAs, and wireless-enabled laptops have almost certainly made their way into your company — sometimes authorized, but more often not.
Rogue Wi-Fi (wireless fidelity, which can transmit data at relatively high speeds across short distances) access points have been set up on networks without any encryption in place, and right now one of your employees may be sitting in an airport Starbucks checking his E-mail and even downloading company sales figures or other sensitive data. The question is not whether you're ready for wireless: it's whether you can still tame the tiger before it eats you alive.
Luckily, there's still time to regain control. New technologies now make wireless devices just as secure as those on traditional networks — as long as you remember to activate them — and stronger security standards are being introduced each day. That same spirit of innovation is also affecting the cost of wireless, as expenses become easier to rein in. And more-robust management tools can now merge wireless networks into your overall IT architecture more seamlessly than ever.
With a number of interesting wireless applications on the horizon, now is the time to lay a proper foundation so that the convenience and productivity enhancements your employees have already embraced don't hamper your efforts to maximize this fast-evolving technology.
Wireless networks, be they public (as with the Wi-Fi access points available at airports, Starbucks, and many other places) or private (wireless local-area networks, or WLANs, which are gaining ground within the walls of Corporate America as a fast, convenient way to keep everyone connected), are often painted as prime ground for hackers. Security experts claim that anyone with a good understanding of wireless IP networks, a wireless-enabled laptop, and the right software (readily available on the Internet) can pluck precious data from the ether.
Various efforts to better encrypt the contents of wireless transmissions are under way. The IEEE Standards Association, a technology standards-setting body, recently approved a new wireless security protocol, the catchily named 802.11i. The protocol should offer more-robust protection than the existing Wired Equivalent Privacy (WEP) standard commonly in use on most wireless networks.
Meanwhile, the Portland, Oregon-based Trusted Computing Group, a standards body that includes Intel, Hewlett-Packard, and VeriSign, is working on what it calls the Trusted Network Connect standard, which will allow wireless devices and wireless-enabled PCs to be properly authorized and certified as secure before they are allowed to connect to a particular network. That standard is expected to be announced some time before the end of the year and implemented in products beginning next year.
But experts say that the current WEP encryption standard can be effective if it's used properly. Problems crop up when the encryption, which may be turned off on commercial applications, isn't activated or is not updated on a regular basis. "The biggest breaches are people violating policy," versus the limits of the technology itself, according to Al Delattre, a managing partner in Accenture's electronics and high-tech practice.
Executives at companies with extensive wireless implementations agree. Proper encryption and explicit security policies are the key to security at New York-based online grocer FreshDirect. "All of our data is encrypted as it is transferred to and from our data centers," says CTO Myles Trachtenberg. "Even though we rely on the public Internet for transporting customer data, because of the steps we take at either end of the transmission, the data is completely unintelligible as it travels over the Net via our [virtual private network]."
Internally, the company uses handheld devices equipped with Wi-Fi to scan inventory and interact with its inventory control system. It is also looking into rolling out wireless applications in the field to help with delivery confirmations and fleet monitoring. Wireless may even provide the very backbone of the organization: for the past six months, FreshDirect has been using a high-speed wireless network from Middletown, Rhode Island-based TowerStream as a backup to its existing fiber-optic Internet link, which is essentially its connection to the outside world. Trachtenberg says the wireless version is reliable enough to take the place of his wired network at any time.
Paul Cravedi, president and CEO of the Newton Executive Office Center in Newton, Massachusetts, is also a TowerStream customer. "We had concerns about the technology, including security," he says. "But the installation was fast, it's very cost-effective, and so far, everything has panned out as we hoped."
But some experts caution that current standards don't go far enough. WEP implementations, for example, use static keys (encryption formulas) that are the same for every device that hooks into a given network. If a hacker gets hold of that key, he will gain easy access to everything on the network until the next time the keys are changed, a cumbersome and largely manual process that no doubt leads to a certain laziness. Another security challenge involves access: many companies want to let workers log on to the network temporarily — for a day or a week while in the office — or allow only those workers on a certain floor or within a certain department to be able to "see" and sign on to a particular network. Configuring the network and each wireless device for temporary access can be extremely unwieldy and time-consuming, and is prime ground for security lapses.
Reader Comments» Post a comment