It promises better customer data protection, though adoption is limited.
Wireless technology can offer speed and agility in the fast-paced world of financial services, but ensuring the security of customer information and other sensitive data is a challenge. Some financial firms see promise in the emerging 802.11i security specification for wireless networks.
Security and 802.11i were popular topics at last week's "Wireless On Wall Street" summit in New York. "Wireless will allow many more people to get access. But what we need to do in the financial industry is to ensure that data is protected," said Louis Gibaldi, VP of risk management at J.P. Morgan Chase & Co. "That's our No. 1 concern."
Wachovia Corp. employees use wireless and instant messaging extensively, with BlackBerry units being the most popular wireless device. "This adds a lot of productivity to our staff," said Ilieva Ageenko, director of emerging enterprise applications at Wachovia. The bank also offers a wireless service that sends account-related alerts to customers' wireless devices. "We send out about 1 million alerts a month, and our customers love that."
Wireless increases productivity for Wachovia staff, Ageenko says.
802.11i is a security amendment to the 802.11 standard and is designed to replace the existing Wired Equivalent Privacy specification for interoperable security in wireless networks. WEP's vulnerabilities are well known, Gartner analyst Ken Dulaney says.
Within hours, a hacker with the proper equipment and tools can collect and analyze enough data to recover the shared encryption key from WEP on a busy company network. The emergence of 802.11i, which offers enhanced security options, including support for the Advanced Encryption Standard protocol, could let more financial firms develop wireless offerings, Dulaney says. An early limited version of the standard, called Wi-Fi Protected Access, is being used by some companies as an improvement to WEP. "802.11i is still gaining traction," Dulaney says. "There's mild adoption with the number of companies currently rolling it out. It will take time."
AXA Financial Inc., a financial-protection and wealth-management company, is among 802.11i's early adopters. "The implementation of 802.11i and AES encryption is a critical improvement to wireless LAN technology," Julie Gordon, principal architect at AXA's Architecture and Standards Group, said at the summit.
AXA has started letting employees access corporate data stored in Siebel Systems apps, Livelink, Domino, DB2, intranet sites, portals, and other systems from a variety of devices such as iPaqs, Palm Pilots, smart phones, and laptops over the Internet, WANs, and LANs. AXA's goal is to build a low-risk, low-cost, companywide mobile-computing platform. Part of this initiative is improved security, which means better data protection. It also means improving the security architecture and infrastructure through enhanced encryption for wireless WAN and wireless LAN access, which 802.11i enables.
Although 802.11i is designed to fix security deficiencies and to support the use of wireless LANs, it still poses challenges. 802.11i is built around the 802.1X protocol and is used with the Extensible Authentication Protocol, which supports multiple methods for companies to define user authentication. This means interoperability can be a problem because 802.11i doesn't support a single, universally accepted standard for user authentication.
It's still unclear if the financial-services industry is ready for widespread adoption of wireless, given broader security concerns. The consensus at last week's summit is that it's not enough to secure the airspace and the networks surrounding financial-services companies; the physical infrastructure, which includes systems, applications, and employee laptops, also must be better secured.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.