Enabling the mobile worker

TechRepublic contributor Tim Landgrave explains why CIOs should focus on securing wireless networks and why it's prudent and efficient to take action now to protect corporate data.

Soothsayers said during the Internet boom that we would all soon have high-speed, universally available, mobile access to corporate data via cell phones and other devices connected to high-speed 3G networks.

That prediction collapsed with the Internet economy, and the deployment of the high-speed wireless networks has slowed considerably. Yet mobile Internet use is still rising, fueled primarily by the wireless hub market and not by high-speed 3G networks as predicted.

The new “mobile Internet” based on wireless hubs is forcing CIOs to make fast decisions. Should you allow and deploy wireless cards, and how do you control data access when wireless hubs are accessed outside the office?

Starbucks as the off-site office
Ever wondered why that cup of Starbucks coffee costs $4? Part of the income goes to supporting one of the largest wireless networks in the world that will include every U.S. Starbucks by the end of the year.

The wireless Internet isn’t available only at the local coffee shop. It’s wherever business travelers gather, including hotels, convention centers, and airports. What’s made this kind of network possible? Rather than being deployed as a series of cellular towers as first envisioned, it’s been accomplished through the combination of high-speed landlines to common areas with wireless hubs based on the 802.11b standard providing the “last 1,000 feet.” And these are just the legal networks.

As an experiment, I took my laptop, loaded with Windows XP and a wireless card—a poor man’s wireless network sniffer—and drove around my neighborhood. With very little effort, I was able to tap into over 20 wireless networks in just over two hours of slow driving. These are in-home wireless networks set up by individuals with DSL or cable modem access using the default settings provided by the 802.11b hub manufacturers. There is no Wired Equivalent Privacy (WEP) security, and the manufacturer’s name is the gateway name. In many cases, the network users had multiple PCs sharing files with little or no protection. With a little digging I likely could have accessed corporate files downloaded to home workstations.

Review remote support and applications policies
It’s this wireless network scenario that has most CIOs concerned. If employees can take corporate documents out of the building, then what keeps them secure?

Right now a corporation is much more at risk of losing data with a lost laptop than with a home Internet connection. Yet, as more and more homes get wired and workers grasp the benefits of wireless Internet access, the focus of electronic thieves will shift to these home networks. So there’s no better time to begin protecting corporate assets that will be moved over these networks. To do this, you need to evaluate two of your existing practices—support for external network connections and applications exposed over those connections. It’s a good time to publish and support a remote security plan. (Download TechRepublic’s Wireless policy template for help.)

With the original dial-up modems, the most users wanted was access to e-mail. But today’s high-speed access points—whether in the home or at the airport—have spiked users’ expectations. Many corporations have established policies and installation procedures to equip corporate laptops with the software—and provided laptop users with the training necessary—to make secure, tunneled corporate connections using standards like PPTP. But they haven’t taken the next step of defining standards, procedures, and support policies for users who want to connect through a wireless gateway with their own PCs.

Develop guidelines for remote users
CIOs have a real opportunity to be proactive by developing a “work at home” guide for employees that includes all of the necessary instructions for configuring common DSL and cable gateways for use with the corporate network. The same guide should detail how to enable WEP security on home wireless networks and require that it be enabled for any wireless hub used to connect to the corporate network. Most users will appreciate the seriousness of this requirement when confronted with the fact that their own Quicken files are at risk as well. Providing IT guidance for systems outside of the office is also a great way for the entire technical team to get recognition from the rest of the company.

Design multitier applications
Of course, helping users connect to the corporate network but providing access only to e-mail doesn’t make wireless networks very compelling. Tech leaders also should design systems so that they can be remotely extended.

For new applications, consider the remote user’s needs by designing applications that will work in a multitier environment where the presentation tier may be installed on a system with a 256K to 1.5M connection. This strategy is much less constraining than the 28K limitation with which we’ve lived in the past, but it still requires some forethought.

This additional bandwidth makes it more palatable to deliver and execute Windows-based client applications or Web applications with more complex Java or ActiveX controls. And now that .NET allows you to automatically distribute Windows applications through the browser, you can easily deploy and update applications on employee machines.

Many existing applications will work fine in this environment. For example, if you allow home users to access their home directory on a server, they can then load and edit an Excel worksheet or a Word document. This benefit also helps employees understand the value of storing important documents on the server rather than local hard disks—making backups easier. If you want secure access to any application, consider using a product like Citrix Metaframe or Windows Terminal Services. Once users have downloaded the appropriate client, they can run any corporate application remotely, with only the screens and keystrokes passing over the line. With a DSL-speed connection, these systems are very responsive. And you have the added benefit of security. Since no data ever gets placed on the user’s local hard drive, and the screen buffers passed over the line are unintelligible GDI commands to a hacker, your corporate data remains securely stored and managed by servers in the data center.

As the economy continues to tighten, companies need to continue getting more productivity from employees. Allowing them to work from home in the evening or weekends, and from the road when they travel, is another way to increase workforce efficiency. The equipment cost to make this a reality has never been lower. Now is a good time to enable remote corporate access but to do so in an orderly, controlled, supported fashion.

Editor's Picks