In general, running a VPN using IPSec provides better authentication and link security and lets wireless users access almost any application available on the corporate intranet. However, it requires special client software and more infrastructure overhead than SSL. In contrast, SSL is simpler to deploy but limits users to Web browser-based applications.
For KMZ Rosenman, ease of use was the primary concern. "If we used our VPN client, we'd need to use an additional form of authentication, like RSA's authentication Fob," a small hardware authentication device, Wenzel says. The law firm uses just user name/password authentication, although it's considering moving to multifactor authentication.
Sites using the 802.11 family of wireless standards share the same link-level security concern, and mostly the same solutions, as WAN users. The 802.11 standard also offers its own security features, however, that can be used effectively when the 802.11 wireless LAN is in secured areas. The new 802.11 WPA (Wi-FI Protected Access), a security standard that replaces the easily hacked WEP technology shipped with all 802.11b access points and clients, can be deployed to create secure wireless LANs provided care is taken to lock down the promiscuous qualities of 802.11 access points. (For more, see Wi-Fi: Security For The Masses.)
Despite deploying security software and infrastructure, the most direct threat to wireless security may be loss or theft, especially when using attractive hybrid cell-phone/PDA devices. "The stakes are high with hybrid PDA/cell phones," the Burton Group's Kobielus says. "Because more people are using them as their primary personal phone and computer, when these devices are lost or stolen, that's as serious a loss as if someone has stolen the user's wallet and keys."
Businesses should consider using strong, multifactor, authentication as a good first line of defense. The traditional user name and password is a good first step, but that should be supported with a secondary measure. Using a smart card, or biometrics providing voice or fingerprint recognition, to unlock the device provides a much higher level of security than just a simple user name-password combination.
Finally, backing up the data to a desktop PC is a good idea. "Wireless users should have a desktop PC, even a low-end one, in addition to the PDA," Kobielus says. "They should minimize the amount of data that they store persistently on the PDA/cell phone to minimize their exposure to loss and theft, and encrypt the data that's stored on the portable device."
More business-technology managers will be dealing with these issues as wireless technologies gain a greater place in the enterprise. Wireless devices will take their place beside PCs and servers as a major player in a corporate IT infrastructure. Issues of cost, productivity gains, collaboration and knowledge sharing, and the potential to generate new revenue all will be factors in calculating the total cost of ownership and the potential return on investment. But the cost of wireless technologies continues to decline, and more users are becoming dependent on wireless capabilities. Which makes it hard to figure out the TCO and ROI in a conventional manner.
"From a tangible ROI standpoint, we're still assessing the benefits," Emory Healthcare CIO Cantrell says. "From an intangible standpoint, just the ease of access from wherever the physician may be is worth the whole project."
Quite simply, employees are demanding wireless capabilities for both productivity and convenience reasons. Still, a companywide strategy may save time in the long run. Consider the possibility that, without one, each department will deploy wireless technologies in their own ways. Down the road, that could result in competing standards and infrastructures that might be costly to integrate.
Additional resources:
- Open-source SSL site
- IPSec how-tos and standards documents
- Ericsson's MMS (Multimedia Messaging Service) pages
- A 1xRTT CDMA (CDMA2000) news site
- Good coverage of GPRS technology
- The Official Symbian operating system site
- Qualcomm's Brew site
- Sun's J2ME site
- Bluetooth info site
- The Wi-Fi Alliance site
- Windows Embedded developer site
- Windows Pocket PC site
Illustration by Doug Ross