Between that title and the usual nature of this blog, you may be surprised that I'm not writing about all the ways companies can get their wireless network security wrong. Thankfully, our industry appears to have come a long way since the TJX fiasco. Rather, I will post a cautionary tale about measuring results, human nature, and the detours we take on our way to mature IT.
We're going to roll out Wi-Fi company-wide. We've consulted our security team, everything will be OK.
Myths I am learning to avoid when deploying corporate Wi-Fi:
- Productivity will improve. It might... or it might not. An important question is, how will you measure productivity before and after deployment? User surveys are one idea. Another: after Wi-Fi was rolled out in one of our campuses, my CTO and I took note of the number of times we spotted two or more people at a table in a common area (cafeteria, etc.) using laptops. The results were surprising and humbling.
- User experience will improve. An odd byproduct of rolling out Wi-Fi is that the line between "local" and "remote" access suddenly becomes a bit less clearly drawn. PCI requires segmentation of wireless networks; this means that simply undocking a laptop at the office could result in a user transitioning into a new security zone. How far off-campus (think: parking lot*) does someone have to be in order to be thought of as "remote?" If IT leaders aren't careful, they may find themselves trying to explain to their tech-savvy users exactly why they are dealing with three or more distinct strata of "proof" (factors) required to gain access to the same company network:
- traditional "wired" access
- on-campus wireless access
- off-campus VPN access
- tablet or smartphone access for specific applications (email, IM, etc.)
- Collaboration will improve. This is, perhaps, the most ironic and unfortunate byproduct of many Wi-Fi deployments. Bringing your laptop or tablet to a meeting may seem like a great way to take notes or have the latest data at your fingertips, but more often than not, it is an even better way to bring all the trappings and distractions of your office into your meeting. The thing about email and IM is that they're designed to create interrupts: popups, blinking icons, and audio reminders all chip away at our focus and attention. For the vast majority of us, our species has been proven repeatedly to be awful at multitasking.
In the past, I've written about adopting a modified version of the http://five.sentenc.es/ mantra at work: I try to limit emails to one sentence for every level down the recipient sits in the company org chart beginning with the CEO, whose target is... one sentence. That means my CFO and EVP of HR should rarely get more than two sentences from me, three for my SVP of Sales, etc. Confession: yes, I do cheat; using semicolons; but never more than once in any sentence. Lately, I've adapted that rule even further; at the point in an email when I've posed more than two questions, I stop writing and schedule a meeting.
And, even though we have quite reliable Wi-Fi coverage, I don't bring my laptop.
* For the record, the parking lot has been the venue of choice for at least one extremely successful Wi-Fi-related red-team shenanigan to which I've been privy.