By Helen Gallagher E-Commerce Times
02/17/04 7:39 AM PT
The flexibility of being virtually anywhere is the draw of wireless networks, but the back end of that benefit is the need for security.
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
Although companies are tightening the security of Windows-based servers, they face some unknown risks when corporate data takes to the streets. After all, wireless Internet connectivity on notebook computers and PDAs carries all of the risks seen within corporate walls, but the dangers are magnified when security is lacking.
"Portable devices have become highly productive," said Amry Junaideen, a principal in the Deloitte & Touche Security Services division. "Several years ago, their functionality was basically calendars and addresses, but now they are production-strength devices that contain a number of corporate applications."
Protecting corporate assets is more difficult on laptop computers, PDAs and memory devices, such as portable USB drives. "Those become extremely susceptible," Junaideen told the E-Commerce Times. "If the data is not encrypted, the loss can be substantial.
"Portability and wireless access open the door to risks including device theft, interception of information, unauthorized access, even being sniffed by the guy sitting next to them in an airport lounge," he added.
Wireless Policy
Of course, corporations are not sitting idly aside while their data flows out the door.
The solution starts with a top-down policy that addresses why wireless is being used by a corporation, what the business objectives are, and what policy governs the entire company in this area, according to Junaideen.
"A policy should require strict adherence to standards and contain specific information on what people should do to protect their devices once wireless has been deployed," he said. "This might include safeguards against loss and notification to IT when a device is lost, with devices that store the most sensitive data receiving the highest protection. For critical data, if a PDA or memory stick is lost, the files clearly need to be encrypted."
Junaideen suggested the gamut of technology used to protect wireless devices can range from virtual private networks (VPN) to firewalls, quarantining devices, data wipe technology and file encryption. Encryption can be expensive but is essential. He added that a relatively old wireless encryption standard called Wired Equivalent Privacy (WEP) has been compromised and should not be used as a company's sole line of defense.
Sniffer Solutions
Corporations are not alone in their fight to secure data over wireless networks. Network Associates (NYSE: NET)' McAfee Sniffer Technologies division is geared toward enterprises that need to lock down systems on mobile devices. Sydney Fisher, its director of product marketing, told the E-Commerce Times that many of the benefits of wireless also create risk.
"The flexibility of being virtually anywhere is the draw of wireless networks, but the back end of that is the need for security," Fisher said. "It's important to have appropriate security so data is stored properly, travels properly and is protected from people who shouldn't get it, but [is] accessible to those who do need it.
"Sniffer products function in a wireless environment like LANs, WANs or ATM networks," she added. "The same kind of technology -- a wireless sniffer card in a laptop -- can detect and verify that your encryption protocols are being used and can find rogue access points, so you can shut them down."
Safety Measures
"It's so easy to use wireless, but people need to be just as vigilant as they are within a corporate network," Fisher noted. "Wireless devices shouldn't be set to use the defaults that come with the equipment. Wireless infrastructure is in a growth curve, so the technology is not necessarily there to make it reliable yet.
"You don't need a PhD in physics to be able to use wireless technology efficiently and securely, but you do have be vigilant and treat it seriously," she added.
For his part, Junaideen recommended: "If sniffer technology senses a device has been compromised, shutting down the wireless connection immediately is the safest step to take. If someone tries to compromise a lost device, data wipe software can detect activation and wipe all data from the unit. Users need some understanding of what the device is doing -- and what their responsibilities are to protect data."
Gartner Casts Doubt on MS Security Commitment February 13, 2004
Noting that personal firewalls did a good job of thwarting worms like MS Blast, Gartner vice president Richard Stiennon told the E-Commerce Times that Gartner is recommending firewalls for all computers, including desktops.
Related Stories
WiFi Standards Compete for Market Dominance January 28, 2004
While networking vendors were a bit slow to support 802.11a products, consumer manufacturers were not. "Home entertainment devices from companies like Sony are coming out with integrated high-speed connections, and they were designed to work with 802.11a, not g," said Michael Disabato, a senior analyst at the Burton Group.
Deepening the Firewall: Exclusive Interview with NetScreen Executive Officer David Flynn January 08, 2004
"Historically, the two primary competitors we see are Cisco and Check Point Software, but as this new smarter firewall comes along, we're seeing some of the antivirus companies, like Symantec and Network Associates, trying to move in this direction," NetScreen's David Flynn told the E-Commerce Times.
Is Wireless Security a Lost Cause? December 18, 2003
"WPA is better than WEP, but we still have a way to go before true wireless network security," Robert Moskowitz, senior technical director of ICSA Labs at TruSecure, told the E-Commerce Times. "A lot of cryptologists don't like WPA because it's based on older ciphers."
WiFi Security, Complexity and Future Debated December 05, 2003
In response to concerns over complexity and security, wireless industry experts promised new standards that should begin appearing in products throughout next year.
Passphrase Flaw Exposed in WPA Wireless Security November 06, 2003
Users of the WPA protocol might have a false sense of security because the wireless security standard is perceived as the latest proven defense. But the use of weak passphrases renders the protection inadequate.
Related News Alerts
More by Helen Gallagher
Healthcare CRM in 150 Days June 15, 2004
Blue Cross-Blue Shield of Rhode Island made its final decision to use Pegasystems for its integrated CRM application because of Pegasystem's knowledge of the healthcare industry. Pegasystems already had developed more than 30 workflows for BCBS's sister company in Massachusetts.
Why Customers Are Still Angry May 20, 2004
The first step in pushing toward true customer happiness is simple: The "company has to want to change," Forrester vice president Erin Kinikin said. "A 360-degree customer view by itself doesn't magically change the customer experience. The first step is being able to answer the phone, address basic questions and get the right answer quickly."
Change Management Made Easy? April 14, 2004
Guy Gagne of Textron, which has implemented Rev-Trac, told CRM Buyer that his audit team appreciates the "down-to-earth key reporting requirements feature of Rev-Trac. When someone makes a change, they have to sign their name to say they did it and that they accept this change, which is a very strong piece of accountability."
Headline Feeds
Talkback: 
