Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.
There is no doubt that Wi-Fi has many positive effects on the shopping experience and, I would suggest, those effects outweigh the negatives of comparison shopping online in a store. There is also the obvious benefit of making sales associates more efficient and able to serve more customers faster. Anyone who has ever gone into an Apple store near Christmas – and really who has not – has experienced just how fast one can get in and out even in a crowd.
However since retail stores have been late to this party, they need to think about the security implications of adding Wi-Fi and continuing to comply with the PCI DSS wireless scanning requirements. Kopytoff points out that several large retailers added Wi-Fi capabilities just before the holiday season, which is unusual in and of itself since retailers rarely want to disrupt their systems too close to the holidays. In haste, they may have overlooked adding true Wi-Fi security processes to protect credit card data. It will be interesting to see if any problems arise during this season of manic shopping.
smartphones, WiFi Access, Wireless scanning, Wireless security
BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…
802.11n, Best practices, Compliance, smartphones, Wireless gadgets, Wireless security
Wireless PCI Compliance in just 5 Minutes
This new product video from AirTight Networks shows how easy it is to automate your wireless PCI vulnerability scanning. AirTight SpectraGuard Online can be configured and running in as little as 5 minutes and 3 easy steps. AirTight eliminates the need to send staff to remote locations with a mobile analyzer to conduct the routine PCI scan for rogue APs. IT professionals should find this refreshing.
Watch AirTight’s wireless PCI scanning video
Compliance, PCI, Wireless scanning, Wireless security
An interesting survey on PCI DSS compliance was recently published by the Ponemon Institute. There are many interesting findings in the survey some of which I summarize here.
One thing that strongly comes out is that though PCI DSS compliance is perceived as contributing to an organization’s security posture, cost factors are pestering. 60% of the respondents have said that they do not have sufficient resources to manage PCI DSS compliance even though it seems they are spending one third of their security budget on PCI DSS compliance. Another interesting and equally troubling data point that comes out of the survey is that 71% respondents say that their organizations do not have data security as enterprise level strategic initiative. No wonder TJX type breaches happen!
The data security problem is going to only get harder in the future as new networking technologies evolve; most notably wireless and Web2.0. In fact, already 38% percent respondents in the survey have said that that they think the most serious security threats are located in wireless devices. Rightly, PCI DSS has also added wireless scanning control into the compliance pack.
So it is clear that we need low-overhead enablers for organizations to achieve and maintain PCI DSS compliance. At least for wireless PCI DSS compliance, we at AirTight have developed a hosted wireless scanning solution to make PCI DSS compliance cost effective and effortless. Would like to hear from others what they think are the ways to help organizations achieve compliance without much cost and complexity.
Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.
Wireless Threats That Can Compromise PCI DSS Compliance
The key highlights are:
Compliance, PCI, Wireless security
Interesting post on CWNP back in March.
Douglas Haider compares the pros and cons of quarterly wireless vulnerability scanning vs. a full time wireless IPS to satisfy PCI DSS compliance requirement 11.1. Douglas writes:
“This requirement begs me to ask which is “better” option? Quarterly manual scans or a wireless IDS/IPS?
Maybe it’s the former IT auditor in me, but I think the best way to meet this requirement is by deploying a wireless IDS/IPS.
I agree, the goal of PCI is securing cardholder data than quarterly scanning can’t be taken seriously. Cost is obviously the biggest issue for merchants with multiple locations. But surely a hosted wireless scanning services with a low monthly fee would be cheaper AND provide round the clock security, wouldn’t it?
Hmmm… see my post AirTight on “Cloud Nine”.
Best practices, Compliance, PCI, Wireless scanning, Wireless security
Devin Akin wrote a short post about AirTight SpectraGuard Online on CWNP. He likes our hosted wireless IPS service and seems to think we are on to something! Now how can I argue with the man. http://www.cwnp.com/community/articles/on_cloud_nine.html
Compliance, PCI, Wireless scanning, Wireless security