You've crafted just the right wireless LAN security solution for your customer, explained how the pieces fit together...
and otherwise come up with a killer proposal. And then you hear those eight words that strike fear in us all: "I have to run it by the CFO." A common reaction at this point is, "Oh no, I've got to explain complex technology to the head bean-counter." Well, you might be right, but a bigger strategy is warranted here.
Contrary to popular belief, financial types aren't only concerned with dollars. Many CFOs have a hand in administration and operations, and often have comprehensive views into the overall workings of their companies. In my experience, most CFOs aren't just bottom-line numbers types; they are full members of the senior management team and think about the big picture.
The first piece of information that is required when your wireless LAN security proposal gets kicked upstairs is a clear, concise executive summary. The summary should contain a statement of both the problem and the solution. That's key to getting senior management buy-in -- the residents of the executive suite really won't understand the wireless security problem well unless it's explained to them without extraneous background explanations or technical jargon.
The way I like to start a discussion of security is with two key points. First, unlike essentially every other part of IT, security is never "done." New threats develop constantly, requiring new strategies and updates to existing countermeasures. An effective solution is not one that simply calls for regular antivirus updates or a new firewall. Solutions need to be flexible and expandable as new threats become clear, and as the organization grows.
The second point is that precautions must be taken even if there is no current, obvious security threat. I love to ask customers if their networks have ever been compromised. Everyone, predictably, says no. But then I ask "How do you know?" and that settles the issue. Whether as a subtle break-in via stolen credentials or the overt theft of a notebook computer in an airport, security threats are ever-present. As a value-added reseller or consultant, being constantly alert to new threats or twists on new ones is the only way to effectively protect your customers.
Wireless LAN security isn't all that different from wired network security. Wireless authentication and encryption -- along with an appropriate and current security policy -- are the basics and prerequisites of secure Wi-Fi access.
Wireless, however, does add a new dimension to network security requirements. Since a user need not physically connect to the network, the old assumption that keeping intruders from touching the network keeps them out of it has to be replaced. Technology is only the beginning, however. Ask the CFO the cost of a break-in, especially if no one has any idea what information might have been compromised. The cost could be astronomical, especially in diminished credibility among shareholders or potential customers.
I know it sounds a bit like I am injecting fear into the process. But a healthy fear is a prerequisite for successful wireless LAN security projects and for closing a deal with the CFO. Ultimately, good wireless security solutions are as much about policies, operations and corporate administration as they are about technology, so use these topics to get the attention and approval of your customer's CFO.
About the author
Craig J. Mathias is a Principal with Farpoint Group, an advisory firm specializing in wireless networking and mobile computing. Founded in 1991, Farpoint Group works with technology developers, manufacturers, carriers and operators, enterprises and the financial community. Craig is an internationally-known industry and technology analyst, and serves on the advisory boards of four industry conferences. He is the author of numerous articles on mobile and wireless topics, and a columnist for Computerworld, SearchMobileComputing.com, and Unstrung.com. As an expert on SearchNetworkingChannel.com, Craig answers your wireless LAN and mobile networking questions. He holds an Sc.B. degree in Applied Mathematics/Computer Science from Brown University.