The reaction an individual has to the latest RSA findings on Wi-Fi deployments and security likely will depend on whether he or she is an optimist or a pessimist. The upbeat viewpoint is that security overall is better than last year. The less rosy assessment is that it still is quite weak.
Regardless of whether somebody thinks the news is good or bad, it's difficult to suggest that RSA's findings aren't interesting.
The study, which outlined a drastic upswing in the number of overall hotspots, looked at public and corporate Wi-Fis in London, New York City and Paris. The big security winner was London, which had an increase in business networks protected by the Wired Equivalent Protocol (WEP) or more advanced approaches of 7 percent (74 percent to 81 percent). New York grew 1 percent (to 75 percent), while Paris ticked up 2 percent to 80 percent.
The second interesting slicing of the data was a look at the use of Wi-Fi Protected Access (WPA) and 802.11i, which have superceded the discredited WEP. Forty-nine percent of businesses in New York City take this prudent approach. In London, the number is 48 percent, while Paris reports in at 41 percent.
Finally, RSA (now is a division of EMC) looked at the percentage of networks that were deployed using the factory -- or default -- security settings. This is an important issue, since these settings are child's play for hackers to evade. It's interesting that London did worse than in 2006. This year, 30 percent of business and consumer wireless networks lit up with default settings, versus 22 percent last year. New York improved from 28 percent to 24 percent. Paris improved the most -- and had the best overall score. Only 13 percent used default settings, compared to 21 percent last year.
The optimist, of course, will focus on the general attention to security. Pessimists will say that what has happened to date simply isn't good enough.
We side with the pessimists, which isn't our normal approach to life. The first thing the numbers say is that about 20 percent or more of hotspots are totally unprotected. That's not good. Moreover, only about half (and 41 percent in Paris) use an approach that actually secures anything. Beyond basic technology, we don't like what these middling numbers suggest about people's use of best practices when using access points. There are a great number of security tools available, and folks who run corporate and commercial networks are supposed to know about and deploy them. While we are glad to see an improvement, the headlines of the past few years should have driven more organizations to do the right thing -- especially in an era in which Wi-Fi is used to traffic an ever-greater amount of sensitive data.