|
Securing Wireless Communication in the Enterprise
Security Providers, Symantec, McAfee, Roaming Messenger
and Cisco Systems Work to Address the Need for Protection of Enterprise
Data.
By Ann-Marie Fleming,
www.InvestingInWireless.com
October 2005
As mobility becomes a key asset to today’s enterprise, the priority for the
implementation of security to protect the flow of critical information has
become a major focus for businesses. The PC world has taught us that it is
more effective to utilize a proactive approach towards security rather than
a reactive position, therefore while today’s threats may not match the level
of those prevalent in the wired world, small, medium and large business
enterprises are working towards prevention with a sense of urgency.
According to Sarah Hicks, Vice President of Mobile Security for Symantec,
“Everyone has been trained from the PC and wired world that you want to be
proactive rather than reactive, especially these days when there are so many
legislative and compliance issues around how data is protected and stored
and how it can get out and be misused. In other words, the objective is to
get security around data, regardless of where it resides.”
Entering the wireless world with your eyes wide open is rapidly becoming the
approach taken by businesses and security providers. Drew Carter, Senior
Product Manager for McAfee describes, “Hopefully we have learned from the
security risks to the PC world so that in the mobile world mobile devices,
Operating Systems and applications are all security aware.”
Building upon the lessons of the wired world Alan Cohen, Senior Director of
Marketing, Cisco Systems' Wireless Networking Business Unit describes the
position taken by the enterprise in terms of wireless implementation in the
workplace, “Robustly deploying wireless in the enterprise is likely more
secure than wired because you start paranoid – wireless systems are designed
by paranoids for paranoids.”
Protecting the Mobile Environment:
 Cisco Systems, like many companies providing wireless security solutions,
work to incorporate end-to-end solutions for companies in an effort to
ensure enterprise wide protection. “Cisco’s strategy has really been to
lower the threshold for the enterprise IT staff to be able to securely
deploy and manage wireless networks. Through the entrance of our centralized
architecture we call Cisco’s Unified Wired and Wireless Architecture, we
allow for the integration into our greater self-defending networks so
security capabilities are extended from the wired to the wireless network in
addition to unique tools,” explains Cohen. McAfee®’s product Virus Scan
Mobile®, works towards securing the mobile environment. “In the enterprise I
want to facilitate mobile security across the board so when you use McAfee®
Mobile Security your entire mobility environment is fully secure,” states
Carter.
A critical element in the provision of mobile and wireless security entails
system and device management, which has intensified with the diversity of
wireless and mobile devices, becoming a significant differentiator for
enterprises. “The ability to understand and manage these devices in terms of
policy and network permissions is really where companies are starting to
focus their efforts. If an employee wants to have access to the company
network, then their device -- whether it is individually or corporate owned
-- should be touched by IT some how, some way to ensure that the proper
security and policies are in place,” explains Hicks.
Driving the Market:
The use of wireless by consumers in their homes is making the transition
more and more into the workplace. Small and mid-sized businesses are rapidly
deploying wireless technology more so than the large enterprise mainly due
to the higher degree of complexity involved with larger firms; however Cisco
is seeing very large enterprise deployment accelerating.
Another factor driving this market, according to Cohen is the Centrino
effect and the fact that “if you do not provide wireless in your
infrastructure someone else may be doing so making the need to manage and
control your air space a priority.”
The shift in the way that people address the mobile arena and its technology
filters into the way that businesses see its integration into the workplace
and the necessary security that needs to accompany its utilization. “As
people get more sophisticated in the way they think about mobile devices,
the more security makes sense. As people’s attitudes change and device
functionality increases, there is a shift from seeing a device as a phone to
understanding it in the context of a portable PC; this will raise the
awareness of the importance of security,” states Carter.
Jon Lei, CEO of Roaming Messenger, a provider of a unique mobile messaging
technology, sees the movement to mobility for businesses as inevitable. “The
world is going mobile. Mobility is here to stay. People are on-the-go and
business is being conducted outside of the office. Enterprises must comply
and deal with this fact and buy mobility enablement and management software
to ensure their wired and wireless environment is protected,” states Lei.
Critical Threats:
 While the mobile threats have yet to reach the level of the wired world, the
risks are still very real, creating a significant need for preventative
security measures. “What we are seeing today is a relatively minor activity
around the mobile threats compared to the PC world as there are relatively
few out there specifically in terms of viruses, trojans, and worms. Almost
all of them are proof of concept viruses. The means of propagation as of
today is fairly limited; however, the threat is real and we anticipate in
the future that these risks may become more prevalent as more and more
devices are shipped and more of the devices begin to utilize open operating
systems,” describes Hicks.
A consensus amongst industry insiders in terms of present day security
challenges surrounds the risk and threats associated with loss or theft of
the device itself. As discussed by Hicks, “One of things we are hearing in
terms of overall security is outside of the traditional malware threats that
we see, but in terms of the general theft and loss of the devices. From this
perspective there is a whole level of security that needs to be implemented
in the areas around encryption, and authentication. In addition, these
devices are typically becoming more Wi-Fi enabled so you want to ensure that
as you connect to these different types of networks, whether they are
controlled by a carrier or not that there is protection on the device to
ensure a secure connection to enterprise networks.
According to Lei, theft and loss of mobile devices is representing a trend
in mobile data security. “Office computing security has some physical
security barriers like building walls, stationary computers, and the weight
of computers that makes enterprise data naturally secure. But the same data
in a small mobile device that can be stolen or lost is harder to secure.
Mobile data adds a new dimension to the security puzzle.”
 Companies working towards securing the enterprise against the real threats
associated with the loss of a device have resulted in innovative security
technology. Roaming Messenger is addressing this issue with PIN based
authentication, whereby the user must enter a code before seeing the content
of a message and interacting with it. Future development plans for the
Company’s technology include ‘self-expiring messengers’. As Lei explains,
“These are smart messages that can be pushed to a device for user
interaction, reception, etc. The user can save it on their device for later
review or it may be kept open during the course of a particular action.
Depending on the content of the messenger, an expiration time can be set so
that after a certain time the messenger deletes itself off the device.”
Innovation and Challenges:
As mobile devices and wireless technology become more sophisticated,
combined with the growing level of comfort in its use, the level of
vulnerability increases as more data is stored and transmitted, as usage
rates and adoption levels increase, and as businesses in general establish a
combination of wired and wireless operations. “Additional sophistication
increases the vulnerability because the more data you have on your phone,
the more important it is to keep that secure. Regulatory compliance is a an
area that is demanding security measures as sensitive data is transmitted
and stored, therefore advancements increase productivity dramatically, it
also alters the vulnerability of this data,” states Carter. However as
described by Amy Feng, Managing Director and Senior Analyst, Infrastructure
Software for JMP Securities LLC, “It does represent serious obstacles on the
protection side, but this in turn provides a significant opportunity for
companies that can address these challenges.”
With innovation and larger adoption as explained by Hicks, “What you are
starting to see is that there is not just the corporate data, there are now
corporate applications as well that may access back to the corporate
network.” Stemming from this Feng describes opportunities in the security
arena as revolving around ensuring that the information that is passed from
the server is truly encrypted to the handheld devices, as well as making
certain that data transmission through emails and text messaging are secured
through encryption. “A hot area for corporations will revolve around
stronger authentication for access to Virtual Private Networks that work
harder to ensure that users are truly who they say they are,” explains Feng.
Working with applications to ensure maximum security in communications,
Roaming Messenger utilizes government-standard 128-bit 3DES encryption and a
platform that provides end-to-end security for applications to communicate
critical information to the mobile world, according to Lei. “By simply
integrating into the RM Gateway, applications automatically inherit a robust
set of secure messaging capabilities. This way they don’t have to build
their own or worry about security when adding their mobile messaging
extension.”
A Wireless Future:
As innovation continues, many speculate as to direction that wireless and
mobile technology will take in terms of enterprise integration and
utilization. According to Cohen, “We have recently made announcements with
Nokia and Motorola for dual-mode phones so I think you are going to see
these things start to emerge at the end of this year and into early next
year, where voice over Wi-Fi is going to be very large in driving
application from penetration and usage. Location tracking using network
tracked assets, people and phones are going to be a very compelling driver
of this. There will be an emergence and acceptance of more real-time
applications such as Instant Messaging. The real interesting paradigm for us
is that we have seen an acceleration of real time communications
permeating.”
Looking towards opportunistic advances in authentication, Lei sees an
integration of mobile technology and biometric identification. “In the
future we will see smart devices and phones with hardware authentications
mechanisms such as fingerprint and biometric scanners. With those devices,
messages based on RM technology can first request that the user authenticate
themselves using a fingerprint scanner prior to seeing the content of the
messenger. This will allow very sensitive operations to be performed in the
field,” states Lei.
Overall, the consensus seems to be that wireless and mobile business
operations are here to stay and will become a significant part of the future
for many enterprises. “This is a very exciting time, we see a very large
adoption cycle growing faster and faster in the enterprise market,”
describes Cohen.
Ann-Marie Fleming
Ann-Marie Fleming completed her MBA in the United States, where she attended
Webster University. She also holds an Honors B.A from the University of
Toronto. She has over fifteen years of experience within the financial
industry to include retail banking and brokerage, investment banking, and
mortgage brokerage within the United States and Canada, with a firm
background in corporate research.
Disclaimer:
www.InvestorIdeas.com/About/Disclaimer.asp,
©Copyright InvestorIdeas 2005
|
|
