Posted by John Kindervag on July 14, 2008
As a security guy, I’ve spent a lot of time thinking about the security ramifications of wireless connectivity. Wireless has evolved from a single protocol, 802.11b, to a veritable alphabet soup loosely defined as "Mobility." We now have 11a/b/g and maybe n, Bluetooth, RFID, CDMA, Wi-Max, and a bunch of other stuff that all provides wireless access, often without even a thought of security. As people scramble to have the latest, coolest, most connected devices in the company, they are tossing security right out the window.
I once was working on a project to install a robust wireless network for a company. I asked the guy I was working with why they were doing it. This company had a general attitude of paranoia where security was concerned, so the drive to fast-track an expensive wireless network seemed out of place. It turns out, this company’s president had been playing golf with the president of another company. The president of the other company started bragging about his company’s new wireless network and how he could take his laptop anywhere in the building and get on the network. Embarrassed, the president came back to work and immediately told his IT staff to install a WLAN so that he would never again suffer such indignation. Halfway through the project, cooler heads pointed out to the president that since his company focused on critical infrastructure, the security risks of wireless were too great for them to bear.
This new push for mobility has created a hierarchy within companies. The important people get the coolest phones and PDAs. I once discovered a disturbing trend during a policy review related to mobile devices: when a new phone or PDA came out, a rash of dropped, damaged, and broken phones were turned into the person in charge of handing out mobile devices. Many "accidentally" fell into the toilet. Real money was being lost here, as employees jockeyed for status brought by the flashiest new phones. Yes, this does really happen. I guess I shouldn’t have been shocked by this. The mobile phone folks figured it out long ago…