It's been a struggle, but after scrambling for months to head off what seems like every virus and denial-of-service threat under the sun, you've finally managed to get a grip on your enterprise's network security. Intrusion detection is in place. Encryption works. Nothing's perfect, but it's finally possible to turn your attention from security to something sexy like rolling out that wireless e-commerce application that marketing's been screaming for. Right?
Not so fast. As IT managers rush to embrace mobile commerce, many are quickly realising that wireless technologies such as PDAs (personal digital assistants) and WAP (Wireless Application Protocol) phones present unique and urgent security challenges, particularly as they are increasingly being used by internal employees and external customers to access critical enterprise data and systems. So, even before they squeeze off their first wireless e-commerce transactions, savvy enterprises like Edmunds.com ,Bar Point.com, VF and Patelco Credit Union say they're dedicating this year to getting a jump on wireless security.
For most, that means integrating wireless safeguards with security processes and technologies that are already in place to protect e-business, steps such as enforcing passwords and selectively defining user access levels.
It also means accounting for the unique security threats posed by wireless devices and access methods. In some cases, e-businesses are restricting not only what users can do but also where they can go with their wireless mobile devices. Some are outsourcing the hosting of wireless applications, largely in order to buy wireless security expertise. Others are delaying the launch of wireless e-commerce transactions until known security holes in WAP and other wireless protocols are fixed.
"Ignoring wireless security now would be a major mistake," said Bob Lonadier, an analyst at Hurwitz Group. "It's always cheaper in the long run to build security in from the beginning. With the increasing use of wireless applications, security will really be the type of thing you won't get a second chance to do correctly."
