infoTECH Spotlight Magazine

infoTECH Magazine

Feature Story

April 01, 2011

The CIO's Guide to Mobile Security

This article originally appeared in the April 2011 issue of InfoTECH SPOTLIGHT

The demanding needs of the mobile workforce have established a clear set of challenges for IT. From service to security, IT is now charged with ensuring that the user experience on the wireless network is as reliable as that of a wired network. It’s a pretty tall order.

The widespread adoption of smartphones, tablet computers and other unified communications-enabled devices has essentially eliminated all barriers to constant connectivity for mobile employees in the enterprise. Workers can now video chat, IM and make VoIP calls from a singular device – wherever they are in the world.

“Moving from traditional wired-only to mixed or wireless-only environments requires assurance of service and security, which is more than just an SSID in the air,” Mike Leibovitz, product manager, of Enterasys (News - Alert) Wireless, Siemens Enterprise Communications. “IT must be able to ensure that user experience on the wireless network matches that of the wired network. This requires a dynamic mapping of VLANs, QoS, and Security Rules in the form of role-based policies.”

To that end, Leibovitz says, the greatest challenge for IT is finding a management solution that can provision and manage access across wired and wireless infrastructures with automated controls to provide seamless mobility without impacting the end user experience.

Businesses and CIOs in particular are now charged with implementing effective enterprise wireless security strategy. Leibovitz says enterprises looking to build a wireless security strategy need to address the following:

  • Wireless (RF) security;
  • User Security; and
  • Visibility/Monitoring.

“From a wireless perspective 802.11i is the standard that defines association and authentication on a network. A strategy must be formed on the type of association/encryption/authentication that will be deployed,” Leibovitz tells InfoTech Spotlight.

Currently the strongest form is found coupling WPA2-Enterprise/AES with 802.1x security. Once the user has been authenticated the real consideration is what traffic to allow and where to allow it.

“This is the second strategy: User security. Role-based access should be deployed to bind the authentication to the security policy for automated access control. Finally, the last security strategy must entail some form of visibility and monitoring to ensure compliance,” Leibovitz  adds. “Typical solutions include wireless IPS (WIPS) and sensors watching the air. Using these three levels of security, an enterprise can build an effective security strategy to ensure maximum uptime and service assurance without risking security and confidentiality of their corporate network.”

Siemens offers to small and medium-sized enterprises a wireless solution set that’s fully equipped out of the box

“We offer a single management console that not only reduces CAPEX, but significantly lowers OPEX (News - Alert). The management console, known as NMS, provides the solution components discussed above including role based policy management, wireless infrastructure configuration, and visibility/monitoring of the environment,” Leibovitz explains. “We offer pricing that is effective for smaller companies, while providing scalability to upgrade the infrastructure as required with our software licensing model.

Of course another key area related to mobile security is the Pandora’s (News - Alert) Box that is known as “social media,” which disrupts the long-standing rules of business in many ways.

“Social media offers tempting opportunities to interact with employees, business partners, customers, prospects and a whole host of anonymous participants on the social Web," said Carol Rozwell, vice president and distinguished analyst at Gartner. "However, those who participate in social media need guidance from their employer about the rules, responsibilities, 'norms' and behaviors expected of them, and these topics are commonly covered in the social media policy.”

According to Citrix officials, a new approach to an old challenge for the IT organization is required: resolving the conflict between providing a computing infrastructure that facilitates access to corporate assets, and maintaining a high degree of security.

Gil Stevens, CEO of Sipera, recently told TMC CEO Rich Tehrani (News - Alert) that authorized or not, more and more workers are using computing tablets and smartphones in the workplace and on the road.

“This leaves enterprises struggling to secure and support these devices, internally and externally, which is critical as these devices present unique security challenges that dramatically differ from traditional data security methods that rely on firewalls, user authentication, and encryption,” Stevens says.

And while cloud computing is giving businesses more flexibility in terms of communications, it also presents a host of security considerations for businesses.

“Enabling new UC applications while maintaining the required enterprise security posture ensures cloud-based applications can be accessed in line with corporate information security policies, that untrusted networks (like the Internet) can be used in UC deployments, and new collaboration applications with external parties do not introduce new risk,” says Stevens.

The cloud is enabling a new breed of flexibility for business communications, agrees Siemens’ Leibovitz.

“In wireless terms, businesses can use the cloud to enable a cost effective rollout of wireless LAN technologies across many sites. The key is finding a solution that offers intelligent access points that operate in a decentralized fashion with comprehensive resiliency,” he explains. “To that end, our solution offers this level of flexibility as we've designed our technology to be decentralized across the cloud. This provides flexibility for our customers that want to deploy WiFi (News - Alert) at every site, without the burden of deploying and managing costly controllers everywhere. Combining centralized provisioning and management, not only lowers capital and operational costs but provides seamless mobility across every site as the workforce moves.”

One of the biggest problems that companies face is that mobile applications do not run on their own networks, meaning the information that is transmitted over them is highly unsecure.

As the Wall Street Journal reported in March, a major software attack on mobile phones has put pressure on Google Inc. to do more to secure its online store for smartphone applications. The company came under fire after computer-security experts uncovered more than 50 malicious applications that were uploaded to and distributed from Google's Android Market.

From a security standpoint, mobile network data growth is a major game changer, according to Rakesh Shah, director of product marketing, Arbor Networks (see sidebar on page XX). Shah says hackers look for opportunity and they see plenty in mobile networks – from the infrastructure itself, to the ubiquity of connected devices, to users who load them with personal and sensitive information.

Peakflow is one of Arbor’s solutions to the mobile security issue whose benefits include:*Optimize availability by proactively detecting and mitigating network-wide anomalies caused by Distributed Denial of Service (DDoS) attacks, botnets and other threats.*Enhance operational efficiency by modeling traffic across the entirenetwork.*Increase profitability by delivering new secure managed network security services .*Improve capacity planning and simplify compliance via real-time network analysis and historical reporting.  Specifically to mobile security, Arbor's Peakflow SP and Peakflow SP Threat Management System (TMS) provide a comprehensive threat detection, mitigation and reporting solution that can be deployed on the Gi/SGi interfaces of the GGSN/PGW -allowing you to protect your mobile infrastructure from threats such as Internet-sourced DDoS attacks.

“Businesses can protect themselves by gaining needed visibility inside the mobile packet core and into mobile security threats. From there, they need tools to actually mitigate the attacks,” Shah says.


Erin Harrison is Executive Editor, Strategic Initiatives, for TMC, where she oversees the company's strategic editorial initiatives, including the launch of several new print and online initiatives. She plays an active role in the print publications and TMCnet, covering IP communications, information technology and other related topics. To read more of Erin's articles, please visit her columnist page.

Edited by Stefania Viscusi