December 21, 2009 /
Effectively Deploying Wireless LANs
Wireless Local Area Networks (LANs) have been around for years, but how can state and local governments manage wireless networks efficiently and effectively from an enterprise perspective? Assuming continued technology changes with budget challenges, what governance strategies can help balance security requirements while ensuring adoption and ease of use?
Rhea Linn, who is our wireless LAN project manager for the Michigan Department of Information Technology's Office of Telecommunication, wrote an excellent article on this topic for State Tech Magazine. The article is offered as a best practice for wireless security and safeguarding wireless LANs.
Here is a brief excerpt:
"Our improved solution has helped us to achieve the following:
· Improved wireless security that matches or exceeds our wired standards;
· Enterprise standards and service capability;
· WAN/wireless integration that allows us to provide a WLAN for wide area customers;
· Integrated wireline and wireless policies and practices that provide a seamless logon experience; and
· Affordable, cost-effective service.
So far, 16 state offices throughout Michigan have WLAN services -- 13 in the Lansing Metropolitan Area Network, where the largest number of state employees are concentrated. We also have wide area WLAN implementation in three counties, and APs are installed and awaiting a security decision in five other counties."
Rhea goes on to describe such topics as the specific technology we used, the guest access process for visitors, the policies required and governance involved. You can read more details about this project by downloading this PDF from the National Association of State CIO's (NASCIOs) award web site.
A few observations:
1) Getting the right balance for any infrastructure project between security and ease of use is usually difficult, and wireless networks are not an exception. Speaking from personal experience, there are almost always different perspectives from the networking staff and the security staff - even if they are in the same organization. The battles can get difficult and even nasty at times.
Back in 2004 when I was Michigan's CISO, I was even in the "no wireless" in government camp. I quoted many experts from the National Security Agency (NSA) and other three letter agencies who said that wireless networks were simply not able to be protected. My boss at the time was Teri Takai, now California's CIO. She challenged us to deploy "secure wireless" following private sector advice from companies like Dow Chemical or the Big Three automakers.
Teri was right. With fast food restaurants and millions of other now offering free wireless access, governments needed to offer workable solutions to our clients and visitors.
I give Rhea and the others who worked on this wireless LAN project credit, because they stuck with it and had the perseverance to get the project working and widely deployed. I have spoken with many people from governments around the country that gave up on secure wireless projects out of frustration.
2) Effective governance and a good billing model are essential. I like Rhea's list of lessons learned. She is so right on each of her points regarding policy, processes and technology. We tested, and tested, and tested. We modified our approach several times. Wireless LAN service offerings require constant tweaking.
3) Finally, you need the right staff to get the job done. Proper execution of a good plan should not be assumed. Many things can set a technology team off track. I am thankful for Rhea, the others in MDIT Telecom who worked on this important effort, other infrastructure staff who helped and our Office of Enterprise Security (OES) staff. While the battles got bruising at times, the proof is in the pudding, and the end product works well.
What are your thoughts or questions on implementing wireless LANs in governments?