Originating Author: Kaushik Das
In enterprises, Wi-Fi data networks have been growing steadily over the last few years to provide increased mobility for all employees. This technology offers enterprises and its users many benefits like any-where computing, portability, flexibility, and increased productivity. For example, an Infonetics (2005) survey says that more than 60% of enterprises believe that employees increase productivity when enabled with mobile computing. However, there are security risks involved in operating Wi-Fi networks as these networks are open to intruders and hackers who may cause unwanted consequences to an organization’s resources. Enterprises are continuously working to understand the risks associated with this technology so that one can protect against unforeseen threats, delays and unwanted losses.
Typical financial losses (see [1] for a chart from Computer Security Institute), because of security breaches in enterprises (not necessarily only because of Wi-Fi networks), are due to:
- Unauthorized access to information: $10.6m
- Theft of proprietory information: $6.0m
- Denial of service; $0.8m
- Insider abuse of net access: $1.8m
- System penetration by an insider: $.75m
- Abuse of wireless networks $0.47m
In an enterprise Wi-Fi network, the technological reasons for security challenges come from the fact that wireless signals propagate without physical areas and often beyond the physical boundaries of the organizations. Since the data travels freely over the radio waves, it can be intercepted and misused by unauthorized personals by using various freely available tools and techniques.
Whereas the choice of wireless connectivity for enterprises is compelling, the challenges for IT managers are to:
- Ensure WLAN security is in place anytime and anywhere the endpoint is in use
- Secure the WLAN using different ways such as: modify default SSID; use the highest level of encryption techniques available with the hardware; ensure management ports are secured; physically hide or secure access point to prevent tampering; defend against external threats by equipping mobile devices with similar security services as the company internal network (i.e., firewall, VPN, antivirus software etc)
- Use intrusion detection software to identify external and internal threats
- Support both managed and unmanaged nodes. Provide a restricted control to resources rather than just providing access to network resources.
- Allow mobile employees access corporate network only through VPN connections
Capability of a secured Wi-Fi data network
A secured Wi-Fi network can bring several benefits to an enterprise. These are as follows:
- Prevents loss of business due to availability of the required information always and anywhere inside the enterprise premises
- All employees can work in full-scale without fear of stolen infomation or other resource losses
- Savings in legal cost as well as labor cost for IT staff in recovering evidences should there be any breach of enterprise security
- No need for public relations exercises or answering customer queries
- Savings in insurance premiums
- No need to defend the enterprise in any liability suit as the company will be always succesful to deliver services as promised
The capability of an enterprise also increases as there are several intangible benefits such as:
- Increased trust
- Probability of success increases as there is no bad publicity
- Win new accounts because confidential proprietory information deters competitors
- Customers find it safe to do more business
Specific operational goals of enterprise Wi-Fi security
Expected effects on the IT budget
A significant issue for an IT manager is to implement an effective, reliable, cost-effective security solution with low total cost of ownership (TCO). This is particularly true since all the benefits of the system will accrue to business operations, while the IT budget will have to absorb an increase in infrastructure spend.
The TCO includes:
- Initial implementation costs including software, installation and training
- IT management (upgrade, maintenances) and end-user support costs.
For a ball-park estimate of TCO for a mid-size organization, see the table below. These figures assume a Standard Wikibon business model organization with $1 billion in revenue, with 4,000 employees and an IT budget of $40 million per year.
Item | Estimated Total Cost |
---|---|
Deployment cost (Low estimate) | $0.2M |
Deployment cost (High estimate) | $0.8M |
Annual IT management and end-user support costs | $0.5M |
A successful security implementation in Wi-Fi network will:
- Authenticate access points to ensure that it's legitimate and prevent the introduction of rogue APs.
- Seurity threats are minimized by taking into account consideration of security loop holes
- Use intrusion software to identify internal and external threats
- Support both managed and unmanaged nodes, providing a restricted control to resources rather than just providing access to netwok resources.
Employees reap benefits of Wi-Fi networks as follows:
- Provide better service delivery to customers as they (employees) can work securely and while on the move
- Increased trust on the enterprises makes working easier