News Stay informed about the latest enterprise technology news and product updates.

Wireless security: Six steps to success

There is no bigger issue in wireless than security.

That's why you must think "big picture" when devising a security strategy and implementation. That was the topic of my recent keynote address at the Wireless Security Conference in Cambridge, Mass. Although there is no such thing as absolute security, IT professionals can do a lot to improve their overall security plans -- wired and wireless -- to an acceptable level. During the presentation, my message was clear, CIOs must do the following to reach that level:

  • Understand the threats. Professional information thieves are the ones who cause all the problems, and they do not use wireless for their nefarious activities; there are better means mostly related to countering physical security, such as stealing notebooks. All of your mobile devices must have authenticated logins and encrypted storage -- no exceptions!

  • Have a written security policy in place. This defines what is to be protected, and who should have access to what and under what circumstances. This document drives the selection of particular solutions, not the other way around (as is all too often the case).

  • Remember the end-to-end mantra. Most wireless security solutions focus on the airlink, (the connection between the client and the base station or access point), but do not ignore the rest of the value chain, all the way to servers and databases It's end-to-end, not only the airlink. The good news is that common techniques like virtual private networks and authentication (like 802.1x) work equally well on wireless links as they do on wire.

  • Realize security implementations are too complex for most users to understand. This situation is slowly improving as vendors produce products that mere mortals can install and administer.

  • Establish an auditable and verifiable security plan. CIOs must resort to being their own hackers in order to really find out just how good their security solution is. I recommend that larger firms have a chief security officer or equivalent.

Security will always be a cycle of policy-setting, threat analysis, solution definition, implementation, verification and, ultimately, back to square one with new requirements and defined threats. No matter how good we get, the bad guys are always out there looking to cause damage. Ultimately, access to enterprise IT resources via a broad range of wired and wireless links will become the norm, and, indeed, essential to success. It's vital to look at security solutions that cover the entire value chain between client and server, no matter the nature of the various links in between.

Craig J. Mathias is founder of Farpoint Group, an advisory firm specializing in wireless communications and mobile computing.

Next Steps

How 5G wireless tech will dazzle, confuse and be of use for CIOs

Dig Deeper on Enterprise network and wireless management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.