That's because making enterprise applications and data available to mobile and wireless users is becoming a strategic initiative in an increasing number of enterprises. Such applications range from making e-mail available in real-time via BlackBerry devices to more complex applications like nurses wheeling wireless laptops into patient rooms in hospitals to record healthcare data on the spot.
However, wireless and mobile applications also open up a beehive of security concerns that didn't occur when using traditional networks. These concerns not only could compromise enterprise data but also threaten compliance with regulations like HIPAA (Health Insurance Portability and Accountablility Act), Sarbanes-Oxley and Gram-Leach-Bliley.
"If CIO's aren't worried about wireless security, it will never filter it's way down," added Mark Rasch, a senior vice president and chief security counsel for Solutionary, a vendor that provides security consulting and services.
Wireless transmission is inherently less secure than standard wired network transmissions because it involves data flying through the air where it is easier to intercept. As a result, enterprises have been wrestling with WLAN security since the technology first emerged several years ago.
Solid, standardized security solutions, such as equipment that supports the recently-approved 802.11i standard, are just now becoming available. But that doesn't mean that enterprise wireless networks are uniformly secured.
"We've seen cases where a doctor will run to the store and install a wireless router in his office just so he can have wireless access," said Wayne Haber, also a vice president for SecureWorks. "That opens up the hospital's entire network." Haber recalled one case in which somebody walked into a hospital and surreptitiously installed a wireless access point and gained access to the network.
Both cases, of course, threaten protected health information (PHI) as specified by HIPAA. Superficially, these sorts of security breaches might seem like an opportunity to apply best practices, but cases such as these mean that may not be enough.