Wireless Compliance - Page 2
September 23, 2004
Rasch, however, believes this situation really is more of an opportunity rather than a threat.
"You can look at it as a problem, but it's really an opportunity," Rasch said. "It means that, if you spend a lot of money creating information assets, you're taking the effort to protect them."
What's a CIO to Do?
"You need the resources to do it properly," Rasch said. "That has to come from management because the technical people will see this as a technical problem and it's not just a tech problem."
As a result, CIOs must be involved, for instance, in the risk analysis stage of compliance, a need that is magnified with wireless data applications. Plus, there are three other key things a CIO must do to make sure that strategic wireless initiatives don't threaten regulatory compliance.
First, CIOs must support and help enforce wireless security policies. That means, among other things, creating clear policies involving not just network architecture but also relating to end users, Rasch said. The case of the doctor installing his own access point is hardly a rarity, so users must understand how their actions can compromise security and compliance efforts.
Second, technology executives must make sure their company has the right skill sets available to insure security of wireless access to data. Finally, adequate financial resources must be made available to secure the enterprise's wireless infrastructure.
All these issues are on the table for virtually all technology initiatives, the experts agreed. However, they are particularly important when it comes to wireless access to enterprise data because of both the potential risks to that data's integrity and to your organization's compliance efforts.
However, with proper leadership from an organization's top technology executive, the strategic benefits of wireless access can be achieved without compromising compliance efforts, they agreed.