Security is a constant concern of almost every company considering or presently involved in any type of mobile or wireless deployment. The economy may be forcing companies to look very seriously at prices, and perhaps cut back a little on the breadth of planned deployments, but security remains one of those areas where it is critical to implement better-than-adequate safeguards at pretty much any cost. This doesn't mean just focusing on eliminating spam or installing improved virus protection systems -- although these issues are certainly important.
The big thrust now is to deploy mobile security systems that can not only detect unauthorized intrusions or the insertion of "bad" data or applications, but can also identify the intruder and automatically build stronger walls against future attacks. This involves developing and using "just-in-time" security techniques that are effective while not creating too many checkpoints and barriers to authorized users. It also means that vendors and standards-setting bodies should work together to establish reasonably secure safeguards that are not based on exclusive and proprietary standards, and that can easily be applied across multiple mobile applications and multiple wireless and mobile networks.
This last point is key, since multi-wireless network roaming will quickly become the norm rather than the exception as we move forward. It is counter-productive to establish separate security rules for each wireless network or operating environment, and unrealistic to expect that mobile users will adapt to multiple authentication routines as they go about their daily jobs. Our belief is that if a mobile system is too demanding, then it is essentially doomed.
Hot topics at the RSA Conference 2003
Handheld systems security was a big topic last week at the RSA Security conference held in San Francisco. New security solutions ranged from data encryption software for PDAs to removable media-to-user authentication software that checks the identities of wireless LAN users within a Windows operating system environment against a database running in a non-Windows environment.
At the event, the Liberty Alliance Project released two new draft specifications for creating an open network identity specification (www.projectliberty.com). The group is dedicated to establishing an open and interoperable standard for network identity, and is supported by a wide range of computer companies. IBM and Microsoft are not members, since they are working on their own set of specifications.
The first phase of the specification was turned over to the Organization for the Advancement of Structured Information Standards (Oasis), a non-profit consortium that focuses on e-business standards (www.oasis-open-org). The idea is to not only come up with a set of standards for security in information access and mobile business, but to allow these standards to operate across different operating systems platform and wired and wireless networks.
Companies like Nortel Networks are also looking into fast-evolving platforms such as voice-over-IP architectures and other IP telephony solutions, and working on ways to make these systems less susceptible to unauthorized attacks and viruses, and more compatible with existing corporate firewalls.
While all of this activity at the higher levels of the security spectrum is important, there is also some really interesting stuff happening at the lower levels of IT as companies look to tighten controls and management on a departmental basis. A great deal of this is being orchestrated by small yet innovative companies that have developed secure approaches to wireless networking and multiple network roaming, or have suddenly found that the "secure " aspects of their technology has more appeal today than the stuff that is actually used to pull the plug.
This seems to be the case with Padcom, Inc., a Dearborn, MI-based company that has successfully carved out a niche providing wireless solutions to customers in the transportation, utilities, insurance, and other fields. A large number of the company's clients are also involved in law enforcement and public safety, since Padcom's solutions allow these agencies to make use of multiple wireless networks (cellular, proprietary communications, and 802.11 hotspots) to lower the cost and improve the reliability of wireless data communications.
Two of the company's more successful deployments include the Baltimore Police Department and the Oakland (CA) Police Department. In the case of Oakland, Padcom developed a system that allowed users to seamlessly hop from a Motorola RD-LAP private RF network to a variety of other wireless networks (CDPD. 802.11b, WLAN) without skipping a beat. Padcom's Intelligent Mobile Routing technology overcomes the wider-area-but-slower speeds of proprietary RF networks to allow this police department and others to channel less-sensitive information over the more public airwaves.
We talked with Padcom recently about some recent enhancements to its technology, including the release of GPRS and Motorola iDen network adapters for its connectivity suite, and asked them what impact Homeland Security efforts have made on its business model and activities in the market. Director of Marketing and Business Planning Mark Ferguson said that most customers are asking for the ability to prioritize the applications that flow through various wireless networks. This essentially means transmitting highly sensitive data over more proprietary -- although perhaps slower and more expensive networks -- and channeling less-sensitive information over widely available public wireless networks. This gives users the option to select networks based on their security, as well as on speed and cost.
Chasing the channel
While Padcom stresses the importance of seamless network-hopping, lowered costs, and a decreased burden on primary networks, we feel that the ability to channel the flow of information based on its security level and sensitivity is the greater asset as every company increases efforts to comply with Homeland Security measures and mandates. This benefit alone will attract more enterprise customers, since companies are looking for simple and cost-effective ways to deploy infrastructure-class security solutions -- especially those like Padcom's, which are based more in software than hardware and therefore more flexible and adaptable.
Obviously, Padcom is not the only company that has recognized the "selling point " of security. Companies like Newbury Networks, NetMotion Wireless, and even Cisco Systems are pushing the secure aspects of their wireless solutions, and have even "modularized" the approach by offering separate security packages that can easily plug into existing networks and be later expanded.
Padcom looks at the public safety segment as the first line of deployment for such flexible and secure wireless systems, and is seriously investigating other channels and business segments in which to market their solutions. In fact, the company plans to formally establish a channel marketing program this year to help sell into niche segments, which means it will be looking for systems integration partners in such fields as transportation, insurance, and manufacturing.
The toughest sell, admits Ferguson, may be healthcare and hospitals since there is still a lot of skepticism involving 802.11 wireless networks that are deployed amid all the other systems and electronics in your typical medical facility. But, event this segment will come around as new security standards for 802.11 are established and issues of network conflict are resolved.
Tim Scannell is the president and chief analyst with Shoreline Research, a Quincy, MA based consulting company specializing in mobile and wireless technology and initiatives. Shoreline works with end users, looking to implement mobile solutions, and vendors, developing new products and seeking business and customer opportunities. The company also specializes in training and strategic planning projects. For more information on Shoreline Research and the company's strategic services please go to www.shorelineresearch.com.