That's the gist of a recent survey of enterprise IT and security managers by Information Security magazine. (The magazine, it should be noted, is a publishing division of managed security services provider TruSecure Corp.) Nonetheless, the survey of more than 1,200 IT pros regarding wireless LANs and security still serves as a reality check for any CIOs involved in deploying such a network.
According to Information Security, 74% of respondents to the poll, conducted in November, said they are "very concerned" and 20% are "somewhat concerned" about the security of their corporate wireless networks.
At the same time, when it comes to being comfortable with their knowledge about security, only 24% of respondents said they felt "very knowledgeable" about their wireless technology and security, and 54% said they were "somewhat knowledgeable" about it.
Insecurities regarding Wireless Equivalent Privacy (WEP) protocol and handheld network access devices "continue to plague wireless LANs for both business and home networks," according to Andy Briney, Information Security's editor-in-chief. "Wireless connectivity will continue to be a major risk until more robust protocols and better administration practices are adopted."
A common threat cited by experts: Hackers who search for and pluck wireless signals from the air and download sensitive corporate data off unsecured networks. (Read "Driveby Hacking on the Go") Often the threat is unknown to network administrators, particularly in cases where employees set up their own wireless networks to let them hook into their corporate networks, but neglect security feaures.
Despite the risks, WLANs are finding fans among enterprise CIOs and network managers as their multiple benefits come to be embraced. Experts cite the benefits of allowing employees to access the network from many places outside the office (in airports, on the road, on the factory floor), as well as the low costs and ease of deployments of WLANS.
Wireless LANs in the enterprise are projected to grow rapidly . In a survey last summer of IT execs at 180 North American corporations, the Wireless Ethernet Compatibility Alliance (WECA) found that 72 companies (40% of respondents) said they already have wireless LANs, with laptops accounting for 90% of the access devices. Additionally, 56 companies (31%) plan on rolling out WLANs within 18 months. Fifty-two companies said they have no plans for using them. However WECA found two concerns of IT executives that could limit the deployment of WLANs: security and cost.
Among other findings of Information Security's survey:
- The top three access devices for wireless networks are: laptops (48%), PDAs (29%) and handheld computers (19%).
- 20% of those surveyed said their companies plan to spend $100,000 or more on wireless networking and security technology and products over the next year. The majority of the respondents (27%) said their companies plan to spend less than $10,000.
- Only 51% of financial services firms allow wireless access to their corporate networks.