Part 1 of our report on InformationWeek's 2012 State of Mobile Security focused on the effects of bring-your-own-device policies on enterprise networks. In Part 2, we explore how CIOs should respond to the BYOD trend.
CIOs need to put the brakes on BYOD initiatives, shore up Wi-Fi polices and bolster encryption to secure corporate data, according to InformationWeek's 2012 State of Mobile Security.
Michael Finneran, author of the report, notes that while giving employees a green light to use their own devices might provide a morale boost, it's a potentially costly one if corporate data falls into the wrong hands.
The survey found that there's much to be done to secure enterprises as more devices and more platforms connect to the organization. A good place to start is Wi-Fi policy. Surprisingly, the survey found that 32% of respondents cite penetration of Wi-Fi networks as a top concern, while only 5% worry about penetration of users' home Wi-Fi networks.
The encryption is available--the IEEE 802.11 standards committee has developed an excellent encryption mechanism in WPA2, which has been a required element in all Wi-Fi-certified products since 2006. However, only 64% of respondents use it, while 24% still use WEP and another 24% still use WPA2's predecessor, WPA.
Rogue access points and radio frequency intrusion must be monitored more than ever. For example, if someone has installed an unauthorized access point and connected it to the wired LAN, there's a good chance that person will not have activated the required security features, creating a serious vulnerability.
To better secure Wi-Fi, enterprises should make the following policy changes:
- Standardize on WPA2 across all access points; absolutely no WEP.
- Mandate a VPNor other secure connection if allowing access through home Wi-Fi networks or public hotspots, which are inherently problematic as they offer no encryption.
- Regulate guest access via a portal and manage levels of access, as well as duration.
- Specify regular scans for unauthorized access points and sources of interference.
- Employ a wireless intrusion-detection system that specifically looks for Wi-Fi transmissions.
- Unify WLAN and BYOD/mobility teams; often the people managing Wi-Fi are different from those managing cellular services.
Next: Mobile Security Risks and Responses