Subscribe

Wireless network security haunts CIOs

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 08 Jul 2015
Insufficient wireless security is a concern for almost all of the surveyed CIOs, says Fortinet's Perry Hutton.
Insufficient wireless security is a concern for almost all of the surveyed CIOs, says Fortinet's Perry Hutton.

Insufficient wireless security is a concern for almost all surveyed chief information officers (CIOs).

So said Perry Hutton, regional director at network security solutions provider, Fortinet, discussing the results of a recent Fortinet survey, which discovered 92% of CIOs are worried about wireless network security.

The study involved an independent survey of over 1 490 IT decision-makers at 250+ employee organisations around the world.

According to the survey, IT decision-makers believe wireless networks to be the most vulnerable element of the IT infrastructure. Nearly half (49%) of respondents ranked wireless networks as most exposed from a security standpoint, in contrast to 29% for the core network.

The networks are ever-expanding and, with the advent of wireless networks, the edge of the network has moved further away from the core, Hutton pointed out.

"When it was just a wired network, it was fairly easy to contain the network - you knew exactly where all your end-points were and nothing could connect to that network unless it was physically connected. So it was very easy to control."

Wireless take-over

He noted when wireless networks were first introduced, they were cumbersome, slow and primitive.

"We are now fast approaching a stage where wireless networks are proving more efficient than wired networks, particularly outside the data centre. In the wide area networks, wireless networks are getting more efficient than the wired networks," said Hutton.

With wireless, he explained, the challenge is determining who gets to connect to the network because there are now many devices that are capable of connecting to a wireless network.

"The challenge is you have to allow people to connect to your network if you want to be competitive, but you need to have the know-how on how to manage them. It gets tricky because people are connecting to the networks using devices of their own and organisations do not have a lot of control over these devices."

He believes organisations have to put in place measures so that when a device is connected to their network, the network is not compromised.

"Implementation of wireless is not about connectivity. If you can't manage it, you are going in the wrong direction. Organisations need to have some level of device control, user control, application control and data control when it comes to wireless networks."

Risky business

The respondents positioned wireless as significantly more vulnerable than core networking infrastructure, with 29% of IT decision-makers ranking this highly. Databases (25%), applications (17%) and storage (11%) infrastructures were considered among the least susceptible from a security standpoint.

In addition, 37% of global decision-makers polled do not have the most basic wireless security measure of authentication in place. A significant 29% and 39% of enterprises respectively, overlook firewall and anti-virus security functions when it comes to wireless strategies.

Other security measures deemed critical to core infrastructure protection, such as IPS (deployed by 41%), application control (37%) and URL filtering (29%), play a part in even fewer wireless deployments.

When considering the future direction of their wireless security strategies, the majority of respondents said they would maintain focus on the most common security features - firewall and authentication, while demand for more security is emerging, with 23% prioritising complementary technologies - IPS, anti-virus, application control and URL filtering - to guard against the full extent of the threat landscape.

Biggest risk

When asked to cite the risks of operating an unsecured wireless network, 48% of IT decision-makers considered loss of sensitive corporate and/or customer data as the biggest risk to their organisation. This was highest at 56% in APAC, in contrast to the Americas at 45% and EMEA at 42%.

The next highest risk, industrial espionage, was cited by 22% of IT decision-makers, followed by non-compliance to industry regulations (13%), with service interruption and damage to corporate reputation ranked equal last (9%).

Wireless infrastructure governed by a premises-based controller is a thing of the past, according to the findings, with on-site wireless controllers the least common form of management (28%).

This trend for cloud-based management looks set to grow further, with only 12% of enterprise IT decision-makers refusing to trust the cloud for such critical management in the future.

Of the cloud-ready respondents, 58% would want to use a private cloud infrastructure for wireless management and 42% would outsource to a third-party managed services provider. Some 14% of those considering outsourcing would only do so provided it is hosted in the same country, leaving 28% happy to embrace wireless management as a public cloud service regardless of geography.

Share