Why you need a wireless policy
Experts share how to prepare for potential pirate wireless projects

By David Southgate
TechRepublic.com, January 14, 2002

A new wireless LAN (WLAN) in sales is the talk of your company. But your IS department didn’t install it. Upon investigation, you learn that a well-intentioned sales team leader simply plugged into the network with a $180 D-link wireless access point. Surprised? You shouldn’t be.

Because the equipment is easy to access and install, "pirate" 802.11b rollouts are a growing problem for technology departments, according to Carl Klunch, vice president of Gartner Research. Anyone with a little money and a basic understanding of network cables can hook one up.

Security risks and the increasing demand for PDAs and other wireless devices make supporting wireless networks a critical issue for CIOs this year—one that calls for CIOs to get in front of potential problems by creating a strong wireless policy, experts advise.

In this article, we’ll explain why today’s enterprises literally can’t afford not to create a wireless policy that covers both corporate and personal use needs.

Potential security threats
According to "IT/IS Industry Forecast 2002: U.S. and Europe," a report from CyberAtlas Research, a division of INT Media, 33 percent of U.S. Fortune 1000 companies have already installed wireless communication systems. Another 25 percent plan to deploy wireless systems in 2002, although these initiatives will only account for 5.8 percent of technology budgets in 2002, according to Gartner.

Along with the potential breach issues of an unsecured WLAN, wireless devices can also expose companies to a potential security nightmare. The devices are easily stolen from employees in airports and restaurants, potentially placing proprietary information in the hands of competitors.

Whether it’s to head off pirate projects or to provide guidance for a new deployment or enhancements to an existing system, a wireless policy is a necessity and should dictate everything from the devices and platforms supported to security measures, access privileges, and what constitutes appropriate use.

“When it comes to policy making,” said Patricia Fusco, managing editor of the CyberAtlas Research report, “the first decision CIOs must make is which wireless platform their networks will support—802.11x, Bluetooth, HomeRF, and the like. From there, the remaining major issues are security, security, and security.”

At present, there’s no clear leader among wireless platforms, according to Larry Kinder, global CIO and executive vice president of Cendant Corporation. Cendant’s 31 companies and 21 CIOs, who Kinder directs, have deployed several wireless platforms.

“But we haven’t figured out what’s the best application,” said Kinder, who noted that Bluetooth looks promising because centralized management of the devices is handled at the server level, and appropriate security measures are somewhat dictated by the devices themselves.

Cendant’s employees use wireless devices for everything from low-end Web-clipping services on Palm VIIs and e-mail via BlackBerry devices to helping customers checking in and out of Avis Rent-a-Car.

“With limited deployments, we’ve piloted a lot of the technologies to see if they would catch on,” explained Kinder. What works and doesn’t is then shared between CIOs from the 31 subcorporations to identify best practices. Those best practices then guide decisions for future technological solutions.

One policy doesn’t do it all
In addition to its corporate wireless policy, Cendant has also put personal-use policies in place, something that all companies should do, said Nancy Flynn, executive director at the ePolicy Institute.

“Anytime you allow your employees to access the e-mail, intranet, or Internet system, you’re putting your organization at risk of a broad range of potential and costly liabilities,” said Flynn.

Personal-use policies can protect companies against many liability problems, including those arising from the following: