We know that 802.11n wireless LANs (WLANs) are faster, more expansive and more efficient than earlier wireless standards, but is securing them too costly?
WLAN security gets particularly challenging if you want to accommodate a mobile workforce. Mobile workers push sensitive data out to the network edge with their handheld devices – and this is especially necessary, as well as logistically difficult to secure, in the healthcare industry at hospitals that are subject to strict privacy regulations.
During a network track session at Burton Group's recent Catalyst conference, one attendee stood up and said that he could not make a business case to migrate from wired to wireless Ethernet because the cost of putting a firewall on each access point (AP) would break his budget. With cost avoidance as a main objective in an economic downturn, he asked how he could deploy the latest wireless standard securely at the edge.
The answer wasn't made clear until John Gaede, director of information systems at El Centro Regional Medical Center (ECRMC), presented his wireless 802.11n deployment case study at Catalyst. Gaede found that he was able to secure his wireless LAN at the edge at a lower cost and higher functionality by choosing a vendor that integrated security directly into its WLAN APs.
Buying APs with security built in was cheaper than buying, configuring and supporting a separate firewall solution, Gaede explained.
At ECRMC, a community hospital, not only were cost and limited staff an issue but limited resources, concrete walls, and demands for a high level of service challenged a successful 802.11n deployment. Doctors and nurses needed the ability to roam and bring their handheld devices in front of a patient without worrying that a wireless RF frequency would interfere with the sundry medical instruments in a patient's room (heart monitors, wireless IV pumps, etc.). This meant they needed intelligence at the edge in the way of firewalls at the end of every AP for HIPAA-compliant, secure and reliable wireless.
Choosing a wireless LAN vendor to secure the network edge economically
For Gaede, relying on white papers was not enough when choosing a vendor. So he formed a vendor selection team that performed in-house network tests to measure vendor equipment efficacy over a three-month period. "We looked at packet loss and tested depth and wireless connectivity [of each product]," he said.
Even with federal stimulus dollars pouring into healthcare IT budgets, cost was still an issue, especially for their community hospital. Finding the vendor with the most coverage would mean spending less money overall by buying fewer APs.
"Vendors we ended up choosing were able to penetrate their [concrete] walls," Gaede said. He explained that an AP that could do that equaled a less complicated deployment as well as a less expensive one.
In the end -- against vendors such as Cisco, Aruba and Meru -- the selection team chose Aerohive Networks' cooperative control WLAN architecture as the best solution for the hospital. "Aerohive went at wireless with a different viewpoint," Gaede said. He needed to protect and secure the wireless network at the edge. "We specifically chose a technology that put the firewall at the edge for us."
According to Aerohive's website, its solution puts network control and data forwarding on wireless APs at the edge of the network to make it easier to manage, maintain and create "high availability and mesh redundancy for mission-critical applications." Arguably, all of this was possible at a lower price because Aerohive eliminated wireless LAN controllers and placed the functionality of the controllers at the edge. The demonstrations of these features in Gaede's site survey proved that Aerohive had equipment good enough to deploy in his hospital and four remote clinics.
"Intelligence at the edge has been very beneficial," he said. "We're able to use handheld devices at the bedside, boost productivity, and reduce costs with [this network equipment]."
"Our downtime is very minimal," Gaede said. And in response to a question about distinguishing his Aerohive APs from rogue APs, he replied, "Aerohive helped us. It wasn't really an issue."
"There's really no way to say, unequivocally, one solution is cheaper than another, because price is determined by the market, and if the market is highly competitive, the price will go down," said Craig Mathias, principal and founder of research firm Farpoint Group. In the end, he said, a good look at your network's requirements and configuration with solid negotiation skills might make APs with built-in firewalls the cheaper solution.