Wi-Fi Starts Leaping Security Barriers


Six months ago, Al Fitzpatrick sat at his desk in a skyscraper in Atlanta's Buckhead district and wondered what his wireless-enabled neighbors were up to. He had no evidence that anyone was trying to hack into the wireless networks at the Atlanta headquarters of S1 (SONE), a financial-services software company where Fitzpatrick is chief security officer. With $250 million in annual revenues and thousands of institutional customers using S1 software to manipulate highly sensitive financial data, Fitzpatrick had reason to be cautious.

S1 already used so-called virtual private networks (VPNs) -- encrypted communications tunnels that carry sensitive dataraffic over the company's growing web of wireless networks. So Fitzpatrick knew his wireless data was relatively secure. Still, with "drive-by hacking" and successful break-ins of VPNs becoming more prevalent, Fitzpatrick figured better safe than sorry. "I like to be in control of my network," he says. "It's not knowing what's out there that worries me."

So last August, he purchased a wireless intrusion-detection system from AirDefense. The two-year-old Alpharetta (Ga.) startup sells monitoring devices that can help network-security managers spot break-ins that use wireless antennas as well as "rogue hotspots" -- unauthorized Wi-Fi access points installed by employees whose PCs are on a company's network. If configured poorly, these hotspots can allow anyone within a few hundreds yards to tap into corporate networks, bypassing firewalls and other security systems.

TIME TO BEEF UP. Fitzpatrick didn't find any rogues at work, but he was amazed to find something else: It seems that S1's Wi-Fi signals overlapped with those of another company in the high-rise office building. "We were picking up their transmitters, and they were picking up ours," says Fitzpatrick. S1 promptly moved some of its access points to keep them out of range of the neighboring networks. With AirDefense now set to sound the alarm if a rogue hotspot appears in S1's headquarters, Fitzpatrick feels safer using Wi-Fi.

He's hardly alone in recognizing the need to beef up wireless security: Hospitals, government agencies, banks, insurers, and manufacturers are installing more and more corporate Wi-Fi security systems. The sector remains small, with revenues of pure-play wireless-security companies only $156 million this year, according to networking and security research consultancy Infonetics in San Jose, Calif., which predicts that the tally could swell to $564 million by 2007.

The rise in wireless-security spending will parallel an increase in corporate outlays on Wi-Fi equipment, which Infonetics says should rise from $865 million in 2003 to $1.7 billion in2007.

TREADING CAREFULLY. The fact that those figures, while solid, aren't blockbusters, reflects a delayed reaction. While American consumers have gone ga-ga over Wi-Fi, corporate and public-sector customers have remained more cautious -- because of worries over security. In particular, the health-care and financial-services industries have remained wary, thanks to their legal obligations to protect privacy and maintain the security of customer information.

Their concerns have been compounded by the fact that Wi-Fi developed a reputation for poor security after researchers found serious flaws in its first security standard, called wireless equivalent privacy (WEP). Other early Wi-Fi security efforts from networking giant Cisco Systems (CSCO) and software giant Microsoft (MSFT) failed to pass muster among the paranoid set. As a result, a crop of Wi-Fi startups sprang to life to develop more secure systems -- and chase dreams of wireless riches.

Some of those are beginning to cash in. "We picked up 161 new customers last quarter," says Eric Janszen, CEO of Bluesocket, a 60-person Burlington (Mass.) company that builds hardware and software for encrypting wireless networks. "We nearly doubled our number of customers in a single quarter and did more revenue than we had done in the previous year." The plunging price of commercial-grade Wi-Fi access points has helped boost demand -- and has helped persuade Bluesocket customers like Linda Reino to roll out Wi-Fi that's protected by the new security systems.

"A HIGHER LEVEL." Reino is the chief information officer of Universal Health Services (UHS) a 26,000-employee hospital and health-care company headquartered in King of Prussia, Pa., that posted revenues of $3.6 billion in 2002. Universal had run a number of Wi-Fi pilot projects in recent years but had refrained from a companywide rollout. Now that looks imminent, thanks to falling prices on Wi-Fi equipment and improvements in security.

"In health care, if you're going to get any efficiency in your data collection and distribution, you have to get to the patient's bedside or get next to the clinician," says Reino. "That means wireless. But we felt we needed to have a higher level of security surrounding patient data than you would normally have over a wireless network."

The growing corporate interest in Wi-Fi has also attracted many established security and networking players, which argue that wireless security shouldn't be separate from other network security. "What we're seeing from a lot of organizations is recognition that wireless isn't an overlay but an extension of their networks," says Bruce Friedman, managing director of Sprint's (FON) mobile-computing services. "You're seeing tools and hardware that are more geared to enterprises that want to integrate wireless into an existing network."

LAPTOP HIJACK. The spread of Wi-Fi has also stoked interest in locking down all laptops and mobile devices that come with Wi-Fi cards to prevent a company PC from getting hacked when it's outside the office. This generally has meant installing software firewalls on laptops and personal digital assistants.

"If I can sit near someone whose laptop is on a public wireless network at Starbucks or at a conference and is unsecured, I can install some software on that laptop and control it," explains Mark Kraynak, senior product marketing manager at firewall giant Check Point Software (CHKP) in Redwood City (Calif.). "Now I have control of the victim laptop, and it has access to lots of things that I might want, such as corporate networks."

The pressure for corporations to spend on Wi-Fi and accompanying security will likely increase as more and more employees install their own hotspots to enable roaming from office to office at work. "The users aren't waiting," says John Pescatore, vice-president for network security research at tech consultancy Gartner. "They can hide [Wi-Fi purchases] on expense vouchers, they're so cheap."

Sooner or later, that'll be money in the bank for the wireless security startups as well as for the big networking companies that seek to profit from the Wi-Fi boom. By Alex Salkever, Technology editor for BusinessWeek Online


Best LBO Ever
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus