Ready? Set. Go!
November 02, 2004
For corporate deployment of WiFi networks, security has been the biggest hurdle to overcome and one of WiFi's biggest cons. Today, all that has changed.
"It really didn't pass muster and it stalled the deployment of wireless for a while because people could not trust it," said Kevin Walsh, director of product management for Funk Software, which makes authentication severs for WiFi networks. "(Crackers) could compromise information in minutes you really wanted protected for years."
Today, however, the advent of the more robust WPA-2 security standard and other ways of securing WiFi networks, has cleared the way for corporate deployments that won't be cracked in minutes, hours or days, said Walsh.
This means all the benefits WiFi promised in the early days can start to be realized: employees no longer shackled to workstations, conference rooms free of expensive network nodes and cables, the freedom to lay out offices and factory floors without having to worry about cable runs, reduced real estate costs, etc.
At Sun Microsystems, for example, CIO Bill Vass has set up 17,000 remote employees in the company's iWork program. They work flexibly by using WLANs that utilize tried and true SSL-VPN technology. A big benefit of this approach is it allows him to leapfrog the need to even think about the WPA-2 standards.
By sharing resources, Sun's iWork program saves the company $70 million in real estate costs and $3 million in annual electricity costs, he said, and it couldn't have been done without WiFi.
"We've mirrored our remote-connectivity wired network with our wireless network," he said. "It works extremely well because you are managing only one security infrastructure."
To accomplish this, Vass simply deployed an open wireless Internet connection throughout his facilities; in essence becoming a de facto ISP for his employees.
By using smart-card technology called JavaBadge employees simply log onto the open connection, which is no more secure than a Port 80 connection, and swipe their J-Badges through a reader. All the authentication necessary to log on the corporate network is contained in the card and the person's sign-on password.
Once logged in, employees can access Sun's corporate network from anywhere by initiating a SSL-VPN session. And since all of Sun's applications are hosted internally, its employee's desktops are accessible no matter where they log on.
"I would definitely agree with the Sun approach," said John Meyer, vice president of Engineering for VelociTel, a WiFi network design firm, "particularly for corporate users. If you really want protection, you need to set up a VPN. If you're worried about security, using a VPN -- particularly for remote locations -- is the way to go."
For CIOs concerned just with protecting an office environment and not hosting their employees' applications, WPA-2 is fine, said Meyer, since it protects the edge of the network and keeps unauthorized personnel from accessing your WLAN.
"If you're really only worried about mobility within your location, it would do the trick," he said.
Another plus of WPA-2 (and one just being explored today) is it can be used to secure hard-wired networks as well since it requires users to authenticate before being granted access to any aspect of the network, said Walsh.
Now that the security issues around WiFi have been dealt with effectively, said Vass, the potential savings that WiFi can bring to companies can start to be realized -- even for companies with well-established wired networks.
By switching over to a WLAN, companies can save on port management costs, for example. One access point that feeds 20 employees eliminates 19 ports. Or, in a production facility, for example, changing production lines can be accommodated much more easily,said Walsh.
"I've spoken with customers who are just thrilled to use wireless because they don't have a construction crew cutting through their network cables," he said.
Another plus your network admins will thank you for is they no longer have the same concerns about laying out floor space or expanding facilities. By using WiFi, CIOs can also earn the affections of employees in general because it makes their jobs easier, said Walsh. But WLANs do raise a new set of problems.
"The nuisance is, in the same meeting, now people are reading their email and doing something else while you are trying to keep their attention," Walsh said. "So there are some pros and cons to it."