[My friend and colleague Robert L. Gezelter has contributed an interesting article on the security and accessibility implications of pervasive workplace Internet access. The following is his text with minor editorial changes. - M.E. Kabay]

Over the last decade, laptop computers and network technology have become almost universal in workplaces. Many or most of the employees toting laptops are not field personnel; indeed, most of them rarely leave their office buildings. So why are companies spending extra money to pay for laptops?

In a recent speech, Intel Chief Financial Officer Andy Bryant stated that issuing employees laptops instead of desktops was a reasoned business decision based upon costs of business operations, not on employee convenience. His staff found that meetings were pausing, or failing to reach answers, because of the absence of information normally available on employees’ personal computers. Bringing laptop computers to the meetings closed the information gap.

The next logical step has been to access the corporate network using wired Ethernet or wireless LAN connections, bringing additional information into the decision-making process.

However, this scenario raises major security issues.

Protected facilities with wired connections for each machine, where everybody has the same access to the corporate network are the simplest - and admittedly, the least interesting - example.

More illuminating is the common situation where the network is wireless, the attendees are a diverse group, and the access to the corporate network is different for different classes of attendees. Some meeting attendees will be outsiders with no access to their hosts’ intranet, yet requiring access to their home company intranets. Sometimes outsiders may be friendly - for example, members of the project team from other participating companies. In other situations, the outsiders may be less than friendly - for example, customer technical and managerial representatives, government regulators or inspectors.

We need to provide secure access to appropriate information for both employees and visitors. We can do so by implementing a hierarchical security system. The solution is to treat network access as a digital dial tone available to residents and visitors but with security restrictions enforced after the users have connected to the first layer of the network services.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.