Security is a constant concern of almost every company considering or presently
involved in any type of mobile or wireless deployment. The economy may be
forcing companies to look very seriously at prices, and perhaps cut back a
little on the breadth of planned deployments, but security remains one of those
areas where it is critical to implement better-than-adequate safeguards at
pretty much any cost. This doesn't mean just focusing on eliminating spam or
installing improved virus protection systems -- although these issues are
certainly important.
The big thrust now is to deploy mobile security systems that can not only detect
unauthorized intrusions or the insertion of "bad" data or applications, but can
also identify the intruder and automatically build stronger walls against future
attacks. This involves developing and using "just-in-time" security techniques
that are effective while not creating too many checkpoints and barriers to
authorized users. It also means that vendors and standards-setting bodies should
work together to establish reasonably secure safeguards that are not based on
exclusive and proprietary standards, and that can easily be applied across
multiple mobile applications and multiple wireless and mobile networks.
This last point is key, since multi-wireless network roaming will quickly become
the norm rather than the exception as we move forward. It is counter-productive
to establish separate security rules for each wireless network or operating
environment, and unrealistic to expect that mobile users will adapt to multiple
authentication routines as they go about their daily jobs. Our belief is that if
a mobile system is too demanding, then it is essentially doomed.
Hot topics at the RSA Conference 2003
Handheld systems security was a big topic last week at the RSA Security
conference held in San Francisco. New security solutions ranged from data
encryption software for PDAs to removable media-to-user authentication software
that checks the identities of wireless LAN users within a Windows operating
system environment against a database running in a non-Windows environment.
At the event, the Liberty Alliance Project released two new draft specifications
for creating an open network identity specification (www.projectliberty.com).
The group is dedicated to establishing an open and interoperable standard for
network identity, and is supported by a wide range of computer companies. IBM
and Microsoft are not members, since they are working on their own set of
specifications.
The first phase of the specification was turned over to the Organization for the
Advancement of Structured Information Standards (Oasis), a non-profit consortium
that focuses on e-business standards (www.oasis-open-org).
The idea is to not only come up with a set of standards for security in
information access and mobile business, but to allow these standards to operate
across different operating systems platform and wired and wireless networks.
Companies like Nortel Networks are
also looking into fast-evolving platforms such as voice-over-IP architectures
and other IP telephony solutions, and working on ways to make these systems less
susceptible to unauthorized attacks and viruses, and more compatible with
existing corporate firewalls.
Lower-level security
While all of this activity at the higher levels of the security spectrum is
important, there is also some really interesting stuff happening at the lower
levels of IT as companies look to tighten controls and management on a
departmental basis. A great deal of this is being orchestrated by small yet
innovative companies that have developed secure approaches to wireless
networking and multiple network roaming, or have suddenly found that the "secure
" aspects of their technology has more appeal today than the stuff that is
actually used to pull the plug.
This seems to be the case with Padcom, Inc.,
a Dearborn, MI-based company that has successfully carved out a niche providing
wireless solutions to customers in the transportation, utilities, insurance, and
other fields. A large number of the company's clients are also involved in law
enforcement and public safety, since Padcom's solutions allow these agencies to
make use of multiple wireless networks (cellular, proprietary communications,
and 802.11 hotspots) to lower the cost and improve the reliability of wireless
data communications.
Two of the company's more successful deployments include the Baltimore Police
Department and the Oakland (CA) Police Department. In the case of Oakland,
Padcom developed a system that allowed users to seamlessly hop from a Motorola
RD-LAP private RF network to a variety of other wireless networks (CDPD. 802.11b,
WLAN) without skipping a beat. Padcom's Intelligent Mobile Routing technology
overcomes the wider-area-but-slower speeds of proprietary RF networks to allow
this police department and others to channel less-sensitive information over the
more public airwaves.
We talked with Padcom recently about some recent enhancements to its technology,
including the release of GPRS and Motorola iDen network adapters for its
connectivity suite, and asked them what impact Homeland Security efforts have
made on its business model and activities in the market. Director of Marketing
and Business Planning Mark Ferguson said that most customers are asking for the
ability to prioritize the applications that flow through various wireless
networks. This essentially means transmitting highly sensitive data over more
proprietary -- although perhaps slower and more expensive networks -- and
channeling less-sensitive information over widely available public wireless
networks. This gives users the option to select networks based on their security,
as well as on speed and cost.
Chasing the channel
While Padcom stresses the importance of seamless network-hopping, lowered costs,
and a decreased burden on primary networks, we feel that the ability to channel
the flow of information based on its security level and sensitivity is the
greater asset as every company increases efforts to comply with Homeland
Security measures and mandates. This benefit alone will attract more enterprise
customers, since companies are looking for simple and cost-effective ways to
deploy infrastructure-class security solutions -- especially those like Padcom's,
which are based more in software than hardware and therefore more flexible and
adaptable.
Obviously, Padcom is not the only company that has recognized the "selling point
" of security. Companies like Newbury Networks, NetMotion Wireless, and even
Cisco Systems are pushing the secure aspects of their wireless solutions, and
have even "modularized" the approach by offering separate security packages that
can easily plug into existing networks and be later expanded.
Padcom looks at the public safety segment as the first line of deployment for
such flexible and secure wireless systems, and is seriously investigating other
channels and business segments in which to market their solutions. In fact, the
company plans to formally establish a channel marketing program this year to
help sell into niche segments, which means it will be looking for systems
integration partners in such fields as transportation, insurance, and
manufacturing.
The toughest sell, admits Ferguson, may be healthcare and hospitals since there
is still a lot of skepticism involving 802.11 wireless networks that are
deployed amid all the other systems and electronics in your typical medical
facility. But, event this segment will come around as new security standards for
802.11 are established and issues of network conflict are resolved.
Tim Scannell is the president and chief analyst with Shoreline Research, a
Quincy, MA based consulting company specializing in mobile and wireless
technology and initiatives. Shoreline works with end users, looking to implement
mobile solutions, and vendors, developing new products and seeking business and
customer opportunities. The company also specializes in training and strategic
planning projects. For more information on Shoreline Research and the company's
strategic services please go to www.shorelineresearch.com.
