May 16, 2005 (Computerworld) --
As wireless computing gains mass acceptance in the marketplace, vertical industries such as health care and the government are increasingly transitioning to a mobile workforce and, in doing so, are being confronted with a multitude of wireless security risks.
A recent report released by RSA Security Inc. reveals that one-third of businesses with wireless networks are susceptible to intrusion.
The potential for security breaches has many companies scrambling to implement wireless safeguards. Some vertical industries, particularly the governmental and health care sectors, have taken extra precautions to address wireless security concerns by developing unique compliance regulations.
Federal Information Processing Standard (FIPS) 140-2, which pertains to government entities, and the health care industry's Health Insurance Portability and Accountability Act (HIPAA) both address wireless security concerns and mandate specific security requirements for wireless networks in their respective industries.
What FIPS 140-2 Means to PC Vendors
FIPS 140-2 describes federal requirements that IT products with cryptographic capabilities must meet for protecting sensitive but unclassified information. FIPS 140-2 prohibits the use of unvalidated cryptography for the protection of sensitive or valuable data within federal systems.
Unvalidated cryptography is viewed by the National Institute of Standards and Technology as providing no protection to information or data. Therefore, if a government agency specifies that its information or data must be cryptographically protected, FIPS 140-2 is applicable.
PCs must be FIPS 140-2 certified for wireless use by federal government organizations. Recently, 3e Technologies International Inc., the first company to offer FIPS 140-2 validated access points and infrastructure, released a 3eTi Centrino client, the first non-VPN client software that enables Intel Centrino mobile technology systems to meet the government's stringent requirements for wireless PCs.
The 3eTi Centrino client supports either the Intel PRO/Wireless 2200BG or 2915ABG adapters and enables PC vendors to develop FIPS 140-2 certified wireless-enabled notebook PCs. This gives PC companies the opportunity to contract with government entities seeking PCs with secure wireless LAN access.
Complying with HIPAA
Designed to address wireless security risks, HIPAA lays out a set of requirements for health care facilities and authorizes criminal and civil penalties if hospital personnel compromise the privacy of sensitive patient information. HIPAA addresses administrative procedures, physical safeguards, and technical security services and mechanisms.
Technical security services must balance the need for timely access to needed health information with the need to protect its confidentiality and integrity. Among the technologies and data systems that may be considered are biometric authentication devices such as fingerprint readers that come embedded on notebook and tablet PCs.
Desktop systems can use peripherally attached keyboards with integrated fingerprint readers. According to Gartner Inc., fingerprint scanners are the most commercially successful biometric devices and comprise nearly half of the worldwide biometric market. Fingerprint readers can be used to identify authorized health care personnel and allows them to gain secure access to protected health care data. The technology can also help eliminate the need to remember passwords, thus reducing password-reset costs and enhancing the user experience.
The second major issue for PC vendors is technical security mechanisms, which are measures that health care facilities should implement to protect patient data from unauthorized users over a wireless network. Needed measures include tools that enable full hard-drive encryption, virus-protection technology and virtual private networks (VPN). A multilayered hardware- and software-based security system can also be helpful.
Impact of Compliance Regulations
It's expected that the effectiveness of wireless security compliance regulations will be seen in vertical applications such as government and health care as organizations in each sector continue to work towards complete compliance. As wireless technology continues to evolve, so too will new standards and compliance requirements.
It will be the responsibility of PC vendors and other wireless equipment vendors to offer reliable security systems to combat threats and to provide wireless users with secure wireless connections that meet mandated requirements.
Adam Wong is responsible for wireless solutions marketing at IBM's Personal Computing Division. He can be reached atadamwong@us.ibm.com.
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
See your link here
or
Other Mobile and Wireless Stories
See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S.
After weathering layoffs or pay cuts, your IT staffers may need some help getting motivated. Try these strategies for employee renewal.
No Windows geek or PC support pro should be without these must-have utilities -- and they're all free.
Get the latest news, features, opinions and more on key technology issues.
Get the latest news, reviews and more about Microsoft's newest desktop operating system.
General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list.
Computerworld
