IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Wireless networks major security weakness for enterprises
Wed, 3rd Jun 2015
FYI, this story is more than a year old

Wireless network security is causing sleepless nights for CIOs worldwide according to a new Fortinet survey, which found 49% of respondents believed wireless networks were the most exposed part of enterprise IT infrastructure.

And Asia Pacific respondents were the most concerned about their wireless security, with 44% saying they're very concerned their existing wireless security wasn't sufficient, in contrast to 30% in the Americas and 20% in EMEA.

Interestingly the report says that concern comes despite Asia Pacific IT decision makers deploying the highest level of security of all the regions surveyed.

John Maddison, Fortinet vice president of marketing products, says the survey shows that despite the growth in mobility strategies, wireless security has simply not been a priority for enterprises to date.

“As advanced persistent attacks increasingly target multiple entry points, and the cloud becomes more prevalent, it's not an oversight organisations should risk any longer,” Maddison says.

He says while its positive that IT leaders are beginning to recognise the role wireless security plays in protecting critical business assets, ‘there is more to be done'.

“As IT strives to balance the need for strong network security with ubiquitous connectivity, wireless must be considered as part of a holistic security strategy to ensure broad and consistent protection for users and devices over wired and wireless access.

The global survey of more than 1490 information technology decision makers shows 82% were concerned their existing wireless security is not sufficient, with CIOs most concerned at 92%.

That concern may be warranted, with 37% admitting they don't have even the most basic security measure of authentication in place.

A significant 29% and 39% of enterprises respectively overlook firewall and antivirus when it comes to wireless strategies.

Other security measures deemed critical to core infrastructure protection, including IPS (deployed by 41%), application control (37%) and URL filtering (29%) play a part in even fewer wireless deployments.

When it came to future plans, the majority of respondents said they would maintain focus on the most common security features – firewall and authentication, while demand for more security is emerging with 23% prioritising complementary technologies such as IPS, antivirus, application control and URL filtering, to guard against the full extent of the threat landscape.

Forty-three percent of ITDMs polled provided guest access on their corporate wireless networks, with 13% doing so without any controls whatsoever.

The most common form of guest security access was a unique and temporary username and password (46%), ahead of a captive portal with credentials on 36%.

Risk of data loss key concern

When it came to what respondents considered the main risks of operating an unsecured wireless environment, 56% of APAC respondents cited loss of sensitive corporate and/or customer data, compared to the global figure of 48%.

Industrial espionage was cited by 22% of ITDMs, followed by non-compliance to industry regulations (13%), with service interruption and damage to corporate reputation ranked equal last at 9%.

The report says wireless infrastructure governed by a premise-based controller is a thing of the past, with on-site wireless controllers the least common form of management at 26%.

The trend for cloud-based management looks set to grow, with only 12% of enterprise ITDMs not trusting the cloud for such critical management in future.

Of those who were cloud-ready, 58% said they wanted to use a private cloud infrastructure for wireless management, while 42% would outsource to a third-party managed services provider.

Of those considering outsourcing, 14% said they would only do so if it was hosted in the same country, with 28% happy to embrace wireless management as a public cloud service regardless of geography.