Ben Halpert / May 2007
Mobile Enterprise

My career at the Lockheed Martin Corporation has provided me with broad exposure to information technology and information security. One of my focus areas within the company is to evaluate emerging areas of information technology and determine if the use of such devices, protocols, services, etc., would expose Lockheed Martin’s sensitive information to undue risk of compromise. Unfortunately, few technologies appropriately address security by default from an enterprise perspective, especially at the early lifecycle stages, and must be dealt with by end users and their respective organizations.

No doubt you have experienced, or at least heard about, the first generation of the IEEE 802.11 wireless local area network (WLAN) security known as Wired Equivalent Privacy (WEP). WEP was not designed to be an enterprise-class security solution for WLANs. However, with no other built-in security mechanism, organizations were left to determine how to use WLAN technology to expand mobility and enhance productivity in a secure manner.

The most common solution at the time was to utilize an already proven technology, Internet Protocol Security (IPSec) virtual private network (VPN) solutions, which were being used by remote workers. The use of IPSec VPNs was to compensate for the widely researched and reported vulnerabilities in WEP. Subsequent releases of WLAN security mechanisms include WiFi Protected Access (WPA) and 802.11i (or WPA2), which addressed the initial

security flaws of the first generation IEEE 802.11 WLANs.

The previous high-level look at security evolution in the context of 802.11-based WLANs is one of many examples of a new technological advancement being deployed with less than stellar security attributes. Now think about the latest mobile device you purchased. Does it protect your data from exposure if lost or stolen? Is your answer based on your own assessment or what the marketing literature states?

Like the field of information security itself, determining appropriate controls is both a science and an art driven by business requirements.

Return to Publications >