It wasn’t too long ago that security for wireless LANs was in shambles. The
first rendition of WLAN security, WEP, was easily
cracked and, therefore, useless to corporate users — as many found out to
their chagrin.
“It really didn’t pass muster and it stalled the deployment of wireless for
a while because people could not trust it,” said Kevin Walsh, director of
product management for Funk Software, which makes authentication severs for
WiFi networks. “(Crackers) could compromise information in minutes you
really wanted protected for years.”
Today, however, the advent of the more robust WPA-2 security standard and
other ways of securing WiFi networks, has cleared the way for corporate
deployments that won’t be cracked in minutes, hours or days, said Walsh.
This means all the benefits WiFi promised in the early days can start to be
realized: employees no longer shackled to workstations, conference rooms
free of expensive network nodes and cables, the freedom to lay out offices
and factory floors without having to worry about cable runs, reduced real
estate costs, etc.
At Sun Microsystems, for example, CIO Bill Vass has set up 17,000 remote
employees in the company’s iWork program. They work flexibly by using WLANs
that utilize tried and true SSL-VPN technology. A big benefit of this
approach is it allows him to leapfrog the need to even think about the WPA-2
standards.
By sharing resources, Sun’s iWork program saves the company $70 million in
real estate costs and $3 million in annual electricity costs, he said, and
it couldn’t have been done without WiFi.
“We’ve mirrored our remote-connectivity wired network with our wireless
network,” he said. “It works extremely well because you are managing only
one security infrastructure.”
To accomplish this, Vass simply deployed an open wireless Internet
connection throughout his facilities; in essence becoming a de facto ISP for
his employees.
By using smart-card technology called JavaBadge employees simply log onto
the open connection, which is no more secure than a Port 80 connection, and
swipe their J-Badges through a reader. All the authentication necessary to
log on the corporate network is contained in the card and the person’s
sign-on password.
Once
logged in, employees can access Sun’s corporate network from anywhere by
initiating a SSL-VPN session. And since all of Sun’s applications are hosted internally, its employee’s desktops are accessible no matter where they log on.
“I would definitely agree with the Sun approach,” said John Meyer, vice
president of Engineering for VelociTel, a WiFi network design firm,
“particularly for corporate users. If you really want protection, you need
to set up a VPN. If you’re worried about security, using a VPN —
particularly for remote locations — is the way to go.”
For CIOs concerned just with protecting an office environment and not
hosting their employees’ applications, WPA-2 is fine, said Meyer, since it
protects the edge of the network and keeps unauthorized personnel from
accessing your WLAN.
“If you’re really only worried about mobility within your location, it would
do the trick,” he said.
Another plus of WPA-2 (and one just being explored today) is it can be used
to secure hard-wired networks as well since it requires users
to authenticate before being granted access to any aspect of the network,
said Walsh.
Now that the security issues around WiFi have been dealt with effectively,
said Vass, the potential savings that WiFi can bring to companies can start
to be realized — even for companies with well-established wired networks.
By switching over to a WLAN, companies can save on port management costs,
for example. One access point that feeds 20 employees eliminates 19 ports.
Or, in a production facility, for example, changing production lines can be accommodated much more easily,said Walsh.
“I’ve spoken with customers who are just thrilled to use wireless because
they don’t have a construction crew cutting through their network cables,”
he said.
Another plus your network admins will thank you for is they no longer have
the same concerns about laying out floor space or expanding facilities. By
using WiFi, CIOs can also earn the affections of employees in general
because it makes their jobs easier, said Walsh. But WLANs do raise a new set
of problems.
“The nuisance is, in the same meeting, now people are reading their email
and doing something else while you are trying to keep their attention,”
Walsh said. “So there are some pros and cons to it.”