News Stay informed about the latest enterprise technology news and product updates.

'No wireless' mandate enforced at Blue Cross

Blue Cross of Idaho had a "no wireless" policy on paper but never really enforced it -- until a team of auditors said the company had better do something.

It's not necessarily for security reasons that Blue Cross of Idaho has a strict "no wireless" policy. And it's...

not really the additional costs generated by a wireless network that keep that policy in place.

Actually, the reasoning behind Blue Cross' antiwireless policy is simple: It just doesn't need wireless.

"We have not found a real business need to support wireless," said Jan Marshall, Blue Cross of Idaho's manager of technical and network services.

More on security policies

Employee monitoring facts every CIO should know

CISO banking on security checks and balances

It's been that way for years. No wireless, no worries.

While Blue Cross of Idaho makes a conscious decision not to deploy a wireless network and to bar the use of wireless within the company walls, other companies may see benefits from it. For example, a company where end users are not confined to desks and bounce from room to room may want the seamless connectivity of WLANs. For Blue Cross, however, the cost and potential security risks don't make a WLAN a worthwhile venture, Marshall said.

But a recent audit found that in order to enforce the no-wireless policy in its three buildings, Blue Cross of Idaho needed something that would monitor the wireless spectrum 24/7. Essentially, the auditors determined that a no-wireless policy was worthless if it was only on paper.

"The auditors said, 'You have a no-wireless policy. How are you enforcing that?'" Marshall said.

At the auditors' suggestion, Blue Cross of Idaho deployed a wireless threat detection and prevention system. The product it settled on was RFprotect Distributed from Network Chemistry, which ensures that no wireless access points or other devices are on the network.

But wrapping in RFprotect created some interesting conundrums. First, Blue Cross of Idaho had to make sure it wasn't shutting down neighboring buildings' wireless networks, Marshall said. The Starbucks nearby certainly "wouldn't appreciate that."

Marshall stressed that RFprotect is not a jammer or blocker, but it instead lets his team see what wireless devices are popping up on the network and track them to a specific location.

Being able to track the location of a wireless network has made for an interesting game within Blue Cross of Idaho. Since a number of users have personal digital assistants with wireless settings, some have had a few laughs tracking the whereabouts of those users within the building -- kind of a Big Brother situation. Marshall said it's all in fun.

And if someone came in with a laptop or PDA and wanted to hop onto Starbucks' hot spot, the user wouldn't be able to see it from inside Blue Cross' walls.

"We have to have a secure network for keeping outside people from getting into it for whatever reason," Marshall said, adding that Blue Cross of Idaho must comply with Health Insurance Portability and Accountability Act regulations because it handles medical billing. "A hard-wired network contained within the walls of the company is just more secure."

So far, Marshall said, no real wireless threats have been found since RFprotect was deployed. No one has tried to set up rogue access. In some instances, however, visiting vendors and other guests have had their wireless cards enabled. Marshall said it gives a little peace of mind to know what is on the network and when.

"This was all a proactive project to make sure we don't have any problems going forward," he said.

This article originally appeared on

Dig Deeper on Enterprise mobile strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.