Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.

There is no doubt that Wi-Fi has many positive effects on the shopping experience and, I would suggest, those effects outweigh the negatives of comparison shopping online in a store. There is also the obvious benefit of making sales associates more efficient and able to serve more customers faster.  Anyone who has ever gone into an Apple store near Christmas – and really who has not – has experienced just how fast one can get in and out even in a crowd.

However since retail stores have been late to this party, they need to think about the security implications of adding Wi-Fi and continuing to comply with the PCI DSS wireless scanning requirements.  Kopytoff points out that several large retailers added Wi-Fi capabilities just before the holiday season, which is unusual in and of itself since retailers rarely want to disrupt their systems too close to the holidays. In haste, they may have overlooked adding true Wi-Fi security processes to protect credit card data. It will be interesting to see if any problems arise during this season of manic shopping.

Della Lowe smartphones, WiFi Access, Wireless scanning, Wireless security PCI, retail, secure WiFi, WiFi, WiFi security

With AirTight Wi-Fi™, enterprises now have a truly secure Wi-Fi solution that is armed to defend your network from wireless threats 24/7.
Join AirTight on September 19 at 11 AM Pacific for a live demo. Find out how easy it is to deploy, manage and secure AirTight’s cloud-managed Wi-Fi. AirTight Wi-Fi Benefits: •Simple to deploy and manage with limited IT resources •Fully user-customizable HTML5 UI to improve IT efficiency •Get your Wi-Fi up and running quickly without the need for extensive training and certifications •Infinitely scalable to grow the WLAN deployment over time •Provides high performance 3×3 MIMO within the 802.3af power budget •Top rated WIPS to automatically detect and block threats •Provides automated BYOD policy enforcement including device onboarding.

Register now: http://airtightnetworks.adobeconnect.com/wifilivedemo9-19/event/event_info.html

Della Lowe Cloud computing, WiFi Access, Wireless security, WLAN networks cloud, secure WiFi, Security, Wi-Fi, WiFi access point, Wireless security, WLAN

What makes network administrators and security professionals tear their hair out – the “cool” employee who is carrying 2 or 3 or more devices and only one of them is actually issued by the company. I admit, I am one of them but not sure how “cool”, just a gadget junkie. There is a lot of advice around these days about how to manage this deluge of personal smart devices entering the enterprise, but I found much of the advice given by Software Advice and CRM Market Analyst, Ashley Furness, very solid in her recent post, “Strategies to Secure Your Enterprise in the New World of BYOD“. Some of it may seem obvious,  but, often the obvious is overlooked for just that reason.  We all know folks who do not change their password from “admin”.  Ashley’s article is a good addition to the body of work out there about the challenges of BYOD in the enterprise. One area which is not mentioned, however, is wireless intrusion prevention (WIPS), which is the natural ally of MDM.  With MDM, employees have to have an incentive to get the agent on their devices. WIPS solves that problem.  AirTight WIPS as an example protects the network from being accessed by unauthorized devices – those which have credentials but are not an authorized device – by allowing administrators to set up rules which will automatically block unauthorized devices (not just rogue APs) from connecting to the network.

AirTight recently concluded a study of IT professionals to understand their attitudes, challenges and methods of dealing with BYOD and it became obvious that there is a lot of concern around this subject. As the BYOD tide rises, organizations will need to embrace various smartphones and tablets for the enterprise applications, while at the same time tackling the security challenges from consumerization. On one hand, it is necessary to ensure that the IT assigned authorized smart mobile devices are free of malware and that these devices and the data on them can be centrally managed and monitored by IT. On the other hand, IT will be required to deal with unmanaged personal mobile devices attempting to access the corporate IT
assets, since such personal mobile devices may not be within IT’s device management reach.

Additionally, increased consumerization of the smart mobile devices may also heighten the risk of rogue Wi-Fi connections on the enterprise premises. As a result, an all-encompassing approach to BYOD security will entail protection of IT assigned devices, gatekeeping the unmanaged mobile devices, and blocking rogue Wi-Fi connections. Security systems are available today which address different parts of the BYOD security problem. (See the tables below) The right combination of these security systems can be useful for a comprehensive BYOD security.

Della Lowe BYOD, mobile device management, smartphones, Wireless security

Only two weeks left – take AirTight’s One Minute Survey – BYOD: Love it? Hate it?
Click the link – take the survey – enter to win an 8GB iPod Touch.

https://www.surveymonkey.com/s/ATNBYODsurvey2012

Corporate users (e.g. employees, contractors) are accessing enterprise network and data, and bypassing corporate security controls using their personal Wi-Fi devices. This uncontrolled access can open wireless backdoors into the enterprise network, malicious activity, leakage of sensitive data, and exposure to malware.

Click the link to take the BYOD survey and enter to win an 8GB iPod Touch.

https://www.surveymonkey.com/s/ATNBYODsurvey2012

Della Lowe Wireless security

Take the BYOD survey and enter to win an 8GB iPod Touch.

The BYOD trend is causing new security concerns for enterprise network and data security. Corporate users (e.g. employees, contractors) are accessing enterprise network and data, and bypassing corporate security controls using their personal Wi-Fi devices. This uncontrolled access can open wireless backdoors into the enterprise network, malicious activity, leakage of sensitive data, and exposure to malware.

Click the link to take the BYOD survey and enter to win an 8GB iPod Touch.

https://www.surveymonkey.com/s/ATNBYODsurvey2012

Phones are increasingly becoming portals to the outside world, with their own networks that can bridge WiFi security and provide an unauthorized laptop access. AirTight would like a minute of your time to understand how pervasive these devices are in your organization and if they have affected the way you address network security.

As a thank you for helping AirTight with this short survey, two names will be drawn at random to win an 8GB iPod Touch. To be entered in the drawing please submit your contact information at the end of this survey.

Della Lowe BYOD, Wireless security BYOD, data security, smartphones, Wi-Fi access, WIPS, Wireless security

This month, AirTight Networks’ flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).

 These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details.

Simultaneously, AirTight’s SpectraGuard Server passed TIC tests for inclusion on the DISA UC APL. The DISA UC APL is the single consolidate list of products that have completed interoperability (IO) and information assurance (IA) certification. Use of the DoD UC APL allows DoD Components to purchase and operate UC systems over all DoD network infrastructures.

AirTight’s products are deployed worldwide in many of the most security sensitive United States government and defense organizations to assure security and compliance with requirements such as DoD 8420.01, FISMA and guidelines from the National Institute of Standards and Technology (NIST). Because AirTight products are always kept up-to-date with certifications such as FIPS 140-2, Common Criteria and DISA; government and defense agencies can take advantage of the powerful wireless security technology provided by AirTight.

Della Lowe 802.11n, Compliance, DISA UC APL, Federal Government, FIPS 140-2, Wireless security, WLAN networks 802.11n, DISA, FIPS, WIPS, Wireless Intrusion Prevention, Wireless security

Join AirTight wireless and security experts to learn how deploying a cloud-based Wi-Fi solution can meet your  business objects with the fastest deployment, lowest cost and minimal management overhead, while maintaining the security of your network and meeting PCI wireless scanning requirements.

AirTight can show you how to be up and running with a Guest Wi-Fi network and captive portal in a matter of minutes.

Be sure to visit AirTight at booth 2227 at the NRF 101st Annual Convention & EXPO, January 15-18, 2012 at the Jacob K. Javits Convention Center in New York City. We will have experts and top executives on hand to answer your questions.

Monday, January 16, 2012: 9:00am – 6:30pm
Tuesday, January 17, 2012: 9:00am – 5:00pm 

Featured Product:

AirTight Cloud Services™ – AirTight Cloud Services for Wi-Fi Access and Security is the first and only VVi-Fi solution managed from the cloud that offers VVi-Fi access PLUS full time rogue detection and prevention for wireless security and PCI compliance in a single device.

If we have your interest, contact us at sales@airtightnetworks.com to set up a meeting with our wireless experts.

Della Lowe Cloud computing, PCI, WiFi Access, Wireless security, WLAN networks

We are really excited here at AirTight.  AirTight achieved a rating of “Strong Positive” in Gartner’s 2011 Marketscope Report for Wireless LAN Intrusion Prevention Systems. published this week.  “Strong Positive” is the highest possible rating in a Gartner Marketscope. The July 2011 report was authored by John Girard, VP, Distinguished Analyst, John Pescatore, VP, Distinguished Analyst and Tim Zimmerman, Research Director at Gartner.

2011 Gartner Marketscope On Wireless LAN IPS matrix

If you are concerned about wireless threats to your enterprise, including unapproved personal smart devices, this report outlines the key highlights and limitations of each solution as well as feedback from real customers of each vendor.

The 2011 MarketScope report evaluated vendors on five criteria – customer experience, offering (product) strategy, overall viability (business unit, financial strategy, organization), marketing execution, and product/service.

The report notes in part, “Wi-Fi support is a standard extension of corporate networks, and enterprises must ensure the vulnerability management and intrusion prevention processes be extended to cover wireless and wired networks. WLAN security monitoring in the form of wireless intrusion prevention systems (WIPS) is required to ensure that supported WLAN performance is not impeded by interference or denial-of- service attacks, WLAN traffic is kept private and secure, users are prevented from installing unauthorized WLANs, and unsupported/unauthorized WLAN technologies are barred from operation.”***

***MarketScope Disclaimer

The MarketScope is copyrighted 2011 by Gartner, Inc. and is reused with permission. The MarketScope is an evaluation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MarketScope, and does not advise technology users to select only those vendors with the highest rating. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Della Lowe PCI, smartphones, WiFi Access, Wireless scanning, Wireless security, WLAN networks

This article in Information Week  by Mathew J. Schwartz is well worth reading. It is time that security came first and compliance second IMHO. Click on the link below and I would love your feedback on the article and my comments.

———————————————————————————————————————————————–

What Do IMF, Citigroup, And Sony Hacks Share?
Mathew J. Schwartz,

“Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.”

———————————————————————————————————————————————

I believe this article by Mathew  is right on the money.  Compliance does not equal security.  It is time for organizations to understand that security is not just some incessant fly they can swat away and then forget until the next time it comes back.  Many of these organizations are dealing with data so sensitive that release of it can bring down governments or ruin individual lives. 

Security is not a once and done.  It is an ongoing, layered process that must take into account all current and emerging threats, such as smartphones, iPhones, iPads and droids – all of which come Wi-Fi enabled – meaning they can create bridges into your network even if you have not rolled out wireless.

Information Week also has a great slide show of the ten largest breaches you might find useful:

10 Massive Security Breaches

Della Lowe Wireless security

When: Tuesday 26 April 2011, 11:00 AM – 12:00 PM
Time Zone: (GMT-08:00) Pacific Time (US and Canada); Tijuana

Description: Are iPhone, iPads, Smartphones and Droids outsmarting your network security perimeter? The consumerization of smart phones is now perceived as top threat to the enterprise network security. In a recent ComputerWorld article – “Security consultants have identified six holes that are often wide open in corporate IT systems,” and listed the number 1 threat to address NOW as, “smart phones attaching to your network”. AirTight CTO, Pravin Bhagwat, will describe the threat scenarios posed by the proliferation of smartphones and discuss strategies you can use today to keep tabs on their usage in your network. He will layout the threat scenarios posed by Wi-Fi enabled devices and discuss the three things you need to know to protect your network. Learn how to: 1. Monitor the smart phone usage 2. Define the smart phone usage policy 3. Enforce the smart phone usage policy Join AirTight for this interactive Webinar about this important and increasingly common threat to your network.

Host: Della Lowe

To register for this event, please go the following link:
http://airtightnetworks.acrobat.com/smartphones4-26/event/registration.html

If you’ve never used Connect Pro, get a quick overview:
http://www.adobe.com/go/connectpro_overview

Adobe, the Adobe logo, Acrobat and Acrobat Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

Della Lowe Wireless security