I recently came across an article from the Journal. It goes into great detail talking about the various means of having your data compromised when using a public Wi-Fi network. The article makes valid points discussing the means of using evil twin and man-in-the-middle attacks to compromise data and network resources access by an 802.11-enabled PC.

This article reminded me of an anecdote regarding a US Government agency. The agency, citing its need to maintain high standards of data security in its role as a standards bellwether for many other US Government agencies, has begun trialling cellular data network access for its laptops, eschewing Wi-Fi due to data security shortcomings, presumed inherent risks of the technology. Cellular data networks, in use by close to 30% of enterprises in North America according to Forrester data, most definitely have their place. However, using these networks as the sole solution for wireless connectivity is not a reasonable solution to avoid security risks. More than 50% of North American enterprises have made an investment in Wi-Fi and it's hard to imagine these investments are made in a security vacuum.

In this example, what has been accomplished by this trial is a move closer to de-facto wireless connectivity relying on expensive, closed networks often subject to limited availability versus an investment in Wi-Fi infrastructure with appropriate security tools such as Wireless IPS/DPS and a robust remote access solution. A similar approach to that which the Journal article takes, blaming security woes on a technology's shortcomings versus recognizing Wi-Fi as an element in a well-designed (read: secure) mobile data access solution. With FUD like this making its way into venerable publications such as the Journal, it's not hard to see why companies like Aruba Networks and Bluesocket are focused, sometimes almost myopically to the external observer, on security.

By Chris Silva.

Check out Chris' research