IT Policy Enforcement
Security category No. 3: IT policy enforcement Protecting an enterprise wireless network is not an easy task, but IT security policies mean little if they are not being properly controlled and enforced by the IT department. It's not uncommon for those removed from IT at a company to believe that the IT department always has the knowledge and ability to enforce policies and maintain the necessary level of security in an enterprise wireless network. Unfortunately, this is not the case. There are many companies-large and small-set up for serious security risks, regardless of how strong their IT departments are.The truth is that it's not always possible for an IT department to properly enforce IT policy. In the average company, there are few IT professionals on staff, and chances are they do not have the time or targeted expertise to ensure that policies are up-to-date and correctly put into place. In this situation, it is not a luxury for an IT manager to invest in outside help from a wireless support provider-it's essential. A partner company can act as a wireless security consultant to ensure that IT policy is on the mark, while the IT department can go about its day-to-day tasks. Dan Croft is founder and CEO of Mission Critical Wireless. Dan has been a leader in the wireless telecommunications industry for more than 25 years. Prior to founding Mission Critical Wireless, he was senior vice president of Marketing and Business Development at Motient, where he oversaw the company's rollout of the BlackBerry and eLink service. He has also held senior positions in marketing and general management for Motorola, U.S. Cellular and Centel. Dan holds an M.B.A. from Northwestern University in Evanston, Ill., and a B.S. in Business Administration from the University of Illinois at Urbana-Champaign. He can be reached at Dan.Croft@missioncriticalwireless.com.
There is a formidable list of considerations involved in managing IT policy. The first challenge, of course, is establishing a security policy that is both effective and accommodating to the needs of users. This in itself is difficult, but to make matters worse, IT departments are expected to keep up with and enforce the policy's nuances-such as network access control, vulnerability assessment, patches, execution controls and configuration. IT departments are expected to do all this usually while wearing a number of other hats. As a result, policies often become outdated or ignored.