Motorola says companies neglect WLAN security

The Enterprise Mobility Solutions business of Motorola, has released European research indicating that 64% of companies are neglecting their wireless LAN security. The survey, conducted by Vanson Bourne, found that over half of large companies use the same security measures for both wired and wireless networks.

Although different types of threats and weaknesses confront wired and wireless LANs, only 47% of companies are using WEP or WPA encryption on their wireless networks, and less than a third (30%) are using any form of wireless intrusion prevention system.

Amit Sinha, fellow and chief technologist of Motorola Enterprise Wireless LAN, explained: “Companies would be naive to use the same security mechanisms for wired as well as wireless LANs. It’s surprising that companies today are not using wireless encryption standards like WPA2. The cost of a data breach is $200 to $300 per compromised record, an order of magnitude more than the cumulative cost of security technologies to prevent exposure. Prevention is always better than cure.”

IT teams today face many different security problems for wired and wireless networks, and consequently need to be aware of the need to treat these networks differently. In 79% of organisations, for example, good security practice is promoted by using IT policies across the organisation. However, the research also found that 51% of companies have no way of enforcing these policies across their network.

Furthermore, with employees becoming increasingly mobile, outdoor networks and wireless hotspots in cafes may present a security ‘back door’ into the network. Indeed, 56% of organisations believe that many employees flout security measures by sending corporate data over completely unsecured wireless networks, such as those at wireless hotspots in cafes, rather than using some form of VPN.

“Education is vital to improving wireless network security,” continued Sinha. “Wireless introduced vulnerabilities in the corporate network that traditional security architectures cannot mitigate. A layered approach to securing the airspace that comprises of strong authentication and encryption built on industry standards such as WPA2-Enterprise along with 24×7 wireless monitoring and intrusion prevention is required.”

Many IT teams are wasting time on security activities which could easily be automated, the research stated. With 58% of companies spending over two hours every week, and in 24% of cases over eight hours a week, manually searching for ‘rogue’ access points, they may be missing other security threats on the network. This task could easily be automated, claimed Motorola.

“Companies may be wasting their time carrying out tasks manually which could be automated,” concluded Sinha. “Several industry regulations such as the payment card industry’s Data Security Standard require strong wireless security measures as well as monitoring of wireless networks at all locations for compliance. Manually validating wireless policy compliance is costly, error prone and leaves gaps in security. Companies need to invest in robust WLAN infrastructure with 24×7 monitoring for gap-free security and cost effective regulatory compliance.”

The research was carried out to understand how companies across Europe secure their wireless networks. The survey was undertaken by Vanson Bourne and questioned 400 IT directors at companies with over 1,000 employees across the UK, France, Netherlands, Germany, Italy, Spain and Nordics.