Johnson won’t give specifics, but he admits that the solution was expensive, which was especially painful because the WLAN project was already underway before he knew he’d need to purchase extra encryption. "Obviously we would have liked to use the native encryption within the radio" as planned, he says. "But since that is not doable we have had to incur the cost to put the device into the system."

Wait and see.

The trouble with proprietary solutions is that they are proprietary, and CIOs may find themselves locked into one vendor. Optimists hope that real security can be built back into WLAN devices some day. The IEEE is working on it. Standards currently in draft form would add two more levels of optional encryption: temporal key integrity protocol (or TKIP), a new version of WEP; and advanced encryption system (AES), which committee member Greg Chesson calls a super-scrambler. For WEP to be secure, users need to change the key every 200 packets of data or so, says Chesson, director of protocols at Atheros Communications, a Sunnyvale, Calif.-based company that makes chipsets for wireless LAN devices. In comparison, TKIP would require key changes every 30,000 packets, and with AES, users would need to change the key only every few billion packets.

The standards draft could be ratified by the end of 2002, with products starting to appear several months later, but Chesson is cautious of setting a date. "It’s pretty rambunctious. It’s a lot like the U.S. Congress," he says of the IEEE meetings, describing heated discussions, a bog of details and votes based on party (vendor) lines. Meanwhile, for development purposes, Atheros has already let WLAN hardware vendors get their hands on updated chipsets that incorporate parts of the new AES security protocols. Analysts recommend that before making a purchase decision, CIOs should make sure that a vendor will be able to migrate to the standards once they are ratified, as Atheros promises.

Even then, though, there’s no guarantee that the new security standards won’t eventually be proven as flawed as the first. That’s why plenty of testing and planning is in order. In Atlanta, the United Parcel Service is rolling out a WLAN project that processes nothing more sensitive than tracking information, and using that project as a test bed for how laptop users might also use WLANs.

"If you read some articles, it sounds like everything is solid and all there," says John Nallin, vice president of information services at UPS. "However, they’re not always that solid. If that was the case, we wouldn’t be testing it in our facilities, we’d just be plugging it in. When it’s performing at the level we think it should be, we’re going to utilize it because we do see the advantages."