Securing the Corporate Wireless Dream
Six months ago, a friend of ours was discussing his plans to introduce a wireless infrastructure into his Cambridge based offices. “I’m one hundred percent for it” he exclaimed with all the excitement of a ten year old boy on Christmas Eve. His eyes lit up as he discussed his personal vision of wireless work pods, complete with adaptive motivational mood lighting, inspired by an exhibition he’d seen at the Tate Modern. The ability for his staff to work with a new sense of freedom and portability both within and outside the office would, he insisted, promote the birth of fresh ideas and a renewed sense of loyalty and belonging within the organization.
We met up with him again recently and asked him how things were progressing on the wireless integration front. “Actually they’re not” he admitted rather bashfully. “They will of course, but it’s all these security issues. One does have to be cautious doesn’t one?”
Caution and freedom are the dichotomy of wireless adoption it seems.
We are all drawn to the ideals provided to us by the marketing message that is ‘new wireless technology’ but being drawn to an ideal is not the same as embracing it and, in the corporate arena, we find ourselves waiting expectantly for others to show us that there is truly nothing to fear in the brave new wireless world.
One such fear is that of Warchalking. This is where hackers, or warchalkers as they are known, roam city business areas seeking out wireless connectivity. This allows them both free Internet access and, far more worryingly, access to unsecured company information. The company buildings that fall victim to this type of invisible theft are then marked in a kind of ’Twelve Monkeys’ fashion with chalk symbols (hence the name) for easy identification by other warchalkers. Warchalking, it has to be said, has in recent years declined in its prevalence, due to much needed increased wireless security.
Another common security worry that we are hearing a lot about is that of BlueJacking, whereby unsecured Bluetooth devices are discovered by hackers (or jackers as they are called) and their personal data accessed and transferred without the knowledge of the owner.
Not surprisingly, this dark shadow surrounding the corporate wireless dream has deterred the majority of companies from embracing wireless in the way that its founders and promoters had originally anticipated. But, are our fears nothing more than heavily hyped minority reports? Jim Schoenenberger, an Associate Director of Cambridge Consultants believes they are. “Many organizations are unaware of just how easy it is to protect themselves” he says. “In the case of BlueJacking, for example, it’s a simple matter of just switching off a Bluetooth device when it’s not in use and using the appropriate passkeys to protect the user whilst it’s on. It really just comes down to good old common sense”. The Bluetooth Special Interest Group (SIG) similarly state that it is important for users to ensure that Bluetooth connections are always formed via a passkey which is, in essence, a trusted password between two Bluetooth devices.
Schoenenberger also believes that many wireless users are unaware of the inherent protection available within their current wireless products and are thereby unwittingly putting their networked information at risk. Wi-Fi Protected Access (WPA) has recently been developed as a new standard by the Institute of Electrical and Electronic Engineers (IEEE). Manufacturers are encouraged to incorporate the standard into their new generation of Wireless Local Area Network (WLAN) equipment and any IT infrastructure manager wishing to install a Wi-Fi based network can check to see whether or not their proposed equipment incorporates WPA.
Similarly, the Bluetooth Special Interest Group (SIG) is continually making strides towards securing the use of the technology in conjunction with the Bluetooth Security Expert Group (SEG). This ‘taskforce like’ alliance of SIG and SEG, focuses on developing general security architecture models that fall into the identified elements of availability, access, integrity and confidentiality.
So, is corporate wireless integration such a risk after all? As a nation that all too often focuses upon the glass being half empty, we feel that it’s important to put things into perspective from time to time and actually allow ourselves to get excited about the offerings of new technology. Perhaps, instead of letting our caution guide our decision to ‘go wireless,’ it should instead govern the choices we make about protecting the systems we put in place to drive forward our industry.
Follow Sarah-Jayne on Twitter: http://twitter.com/grattongirl