Tsai of Sunnybrook and Women’s uses protected EAP for his authentication to access the corporate wireless data network. Since he’s a Microsoft shop on the systems side, Tsai is able to take advantage of the controls in Windows XP, which supports EAP.

Another authentication scheme that bridges the wired and wireless worlds is called NAC, or network admission control. This Cisco-led initiative is a network-based policy that ensures that devices looking to hop onto a WLAN are both trusted and free of worms, viruses and spyware. At the University of Portland, Fessler uses NAC to quarantine new devices, run diagnostics and then allow users onto both the wired and wireless LAN; his system also uses an Active Directory database to verify users in the system and grant them access to an ERP system or student database, for example. "It applies the trust-and-verify" line of thinking, he says, that works very well in an open university environment, where students have a notion of many technological freedoms.

Encrypt Well

Authentication and encryption go hand-in-hand, and in March, both received a much-needed boost when the Wi-Fi Alliance announced that WPA2—the strongest encryption specification for 802.11—was now mandatory on all Wi-Fi products. WPA2 stands for Wi-Fi Protected Access 2 and is the long-awaited successor to WPA (which itself supplanted the earlier WEP standard). "WPA has some questions, but WPA2 is pretty darn good," says The 451 Group’s Selby.

Whereas authentication is about ensuring mutual trust between device and network, encryption is about making sure the connection and data transfer is safe, "so that someone with malice couldn’t start looking at the packets," says Tomcsanyi. Laptops and access points with WPA2 inside use the advanced encryption standard to provide the top level of security.

If CIOs want to dive deep into the technical schematics of WLANs and access points, they certainly can. But thanks to the maturing vendor technologies, the encryption plan is fairly straightforward: Just turn WPA2 on. "It sounds like a very complex situation, but it’s not," says Optimus Solutions’ McDonald.

Of course, the base elements of authentication and encryption require industrial-strength user names and passwords—ones where attackers cannot easily guess them (such as eight or more characters and a mix of alphanumeric and other characters). That concept should "almost go without saying" in this day and age, but according to Daley, "you’d be surprised at how many companies don’t do that." That sentiment is backed up by security vendor Kaspersky Labs, which estimates that about 70 percent of Wi-Fi networks do not use any type of data encryption.