As security concerns ease, businesses warm to Wi-Fi

Security fears have kept many large companies on the wireless-networking sidelines for the past two years, but new intrusion defenses are beginning to put the worst concerns to rest, opening the door to renewed corporate Wi-Fi spending.

Wi-Fi gained its reputation as an insecure protocol years ago, when hundreds of network access points were set up without basic security settings turned on. The result was a bonanza of free high-speed public Net access for anyone within range, and alarm on the part of businesses, who worried that such piggybacking pointed to the possibility of more serious breaches. Adding to the problem, Wi-Fi's original security standard used weak 40-bit encryption that's easily overcome by unsophisticated attacks, even when it's enabled.

"We have been making headway with...colleges, health care, warehouses and, more recently, retail and government," said Carl Blume, director of product marketing at Colubris Networks, which sells Wi-Fi gear to corporations. "We've been waiting for major Fortune 500 companies, but the perception that there is a security problem with Wi-Fi has been a problem."

The tepid response by large businesses stems from the failure of early security specifications to protect against unauthorized access. But increasingly, corporate information technology managers see the perception of Wi-Fi as a security problem as just that: a perception.

Industry groups such as the Institute of Electrical and Electronics Engineers (IEEE) and the Wi-Fi Alliance, as well as manufacturers, have been working on new security specifications and making them available in products and as free downloads. As a result, Wi-Fi network managers already have access to potent replacements for the original flawed security standard, known as Wired Equivalent Privacy (WEP).

Security experts have long pointed out that WEP's 40-bit encryption key can be broken easily using readily available software. Network managers who use the protocol routinely recommend changing WEP passwords monthly as a safeguard against potential security breaches.

Specifications such as Wi-Fi Protected Access (WPA) and 802.1x are meant to encrypt data and securely transmit it from a network to a client. Gradually, those specifications will become part of the 802.11i standard, which is currently in development by the IEEE and is expected to be available to gear makers by the middle of next year. Although it will likely take a few months beyond that before 802.11i finds its way into products, manufacturers say that standard is already helping to ease security concerns.

Among other things, the 802.11i standard will incorporate a new encryption technique known as the Advanced Encryption Algorithm (AES), which is considered to offer greater security than formulas used in earlier Wi-Fi security standards, including WEP.

Signs of growth
Wi-Fi sales to big business are projected to increase nearly 19 percent in 2004 as more companies begin selling and buying devices that come with security and network management capabilities, said Aaron Vance, an analyst with Synergy Research Group.

The uptick follows a trend that's been building since the second quarter of this year, after months of slipping corporate Wi-Fi sales.

		Get Up to Speed on... Wi-Fi Get the latest headlines and company-specific news in our expanded GUTS section.

Sales for wireless networking gear nearly quadrupled in 2002, to $280 million, compared with 2001, according to retail market tracker NPD Techworld. The high sales trend continues as the latest Wi-Fi standard, 802.11g, begins to gain popularity and manufacturers look to retrofit old products with Wi-Fi capabilities.

But the boom has so far been limited to specialized businesses and the consumer market.

In the fourth quarter of 2001 to the first quarter of 2002, worldwide sales to big business dipped nearly 12 percent, from $237 million to $208 million, after security experts flagged WEP's weaknesses. Yearly sales in 2002 dipped 8.5 percent compared with 2001, according to research firm Synergy Research Group.

Meanwhile, worldwide sales into the consumer, small and midsize business market--which tends to be less concerned with security issues over wireless networks--increased 11 percent in the first quarter of 2002 compared with the fourth quarter of 2001, to $204 million from $183 million. For the year, the sector jumped nearly 79 percent.

Although sales in the big-business market for Wi-Fi gear picked up in the second quarter of 2003, they are expected to end the year with a paltry 7 percent gain over the previous year.

After years of disappointment, some Wi-Fi gear makers are beginning to sound an optimistic note for the lagging corporate market.

Large companies are dipping their toes into wireless networks and testing access with noncritical data. Already, about 57 percent of companies surveyed are using Wi-Fi networks to some degree, according to Jupiter Research.

Gear makers take this as a positive sign and hope that as more businesses test Wi-Fi networking technology and use available security specifications, the perception that Wi-Fi is insecure can be changed.

"Over the last 12 to 24 months, enterprise has been using Wi-Fi in niche applications, but it's gradually moving into the general office space," said Walter Gintz, director of wireless enterprise marketing at Intel.

All unwired, with nowhere to go
The establishment of 802.11 wireless networking standards, known as Wi-Fi, over the last couple of years has helped to bring down pricing for products and makes setting them up easier. The standards, as well as the use of unlicensed radio frequencies, have helped to create a popular and common foundation for product development. The result has been a boom for a technology that has been around for nearly two decades.

With the standards, data can be transferred wirelessly from a network to a client at varying rates, depending on the standard--54 megabits per second for 802.11g and 802.11a standards and 11mbps for the 802.11b standard. The range of the networks varies as well, depending on the environment and obstacles, such as walls and areas of interference, but the maximum range is up to 300 feet.

In a survey conducted this year by Jupiter Research, 90 percent of business executives asked said improved security solutions would have an impact on their decision to install wireless networks. The increased need for wireless access was another reason to install networks, according to 70 percent of those executives.

Although the new specifications do provide what some might call sufficient protection, analysts said there is a learning curve, and it will take time for these tools to find their way into products. Still, the trend appears promising for Wi-Fi gear makers hoping to court reluctant corporate buyers.

"It's still a fairly new technology, and part of the problem is that some businesses aren't using the (security) tools that are out there now," Gintz said. "But companies are starting to learn and realize that if they implement some simple tools, they're going to be OK."