“If you follow best practices, you’re only getting rid of 95 percent of the risk,” said Jeff Hall, a director in the Technology Risk Management Services group of RSM McGladrey. “If somebody really wants to come after you and sets your organization in his sites, there are hundreds of ways to get you.”
Rasch, however, believes this situation really is more of an opportunity rather than a threat.
“You can look at it as a problem, but it’s really an opportunity,” Rasch said. “It means that, if you spend a lot of money creating information assets, you’re taking the effort to protect them.”
What’s a CIO to Do?
Lower-level IT managers, who traditionally focus on the nuts and bolts of issues such as wireless security, typically can’t marshal the resources needed to handle the combination of strategic and compliance issues posed by wireless access to data.
“You need the resources to do it properly,” Rasch said. “That has to come from management because the technical people will see this as a technical problem and it’s not just a tech problem.”
As a result, CIOs must be involved, for instance, in the risk analysis stage of compliance, a need that is magnified with wireless data applications. Plus, there are three other key things a CIO must do to make sure that strategic wireless initiatives don’t threaten regulatory compliance.
First, CIOs must support and help enforce wireless security policies. That means, among other things, creating clear policies involving not just network architecture but also relating to end users, Rasch said. The case of the doctor installing his own access point is hardly a rarity, so users must understand how their actions can compromise security and compliance efforts.
Second, technology executives must make sure their company has the right skill sets available to insure security of wireless access to data. Finally, adequate financial resources must be made available to secure the enterprise’s wireless infrastructure.
All these issues are on the table for virtually all technology initiatives, the experts agreed. However, they are particularly important when it comes to wireless access to enterprise data because of both the potential risks to that data’s integrity and to your organization’s compliance efforts.
However, with proper leadership from an organization’s top technology executive, the strategic benefits of wireless access can be achieved without compromising compliance efforts, they agreed.