Building Walls More security measures and products are becoming available. Still, uncertainty about how to address potential threats is preventing some enterprises from deploying wireless, said Omar Javaid, chairman and co-founder of Mobilocity, which advises enterprises on setting up wireless solutions.Because wireless viruses havent been widespread, many enterprises arent yet concerned about protecting against them. Technicians at Allegiance Telecom, a competitive local exchange carrier, use interactive pagers that operate over the Cingular Wireless network to receive trouble tickets. "We havent heard about viruses, and the people at Allegiance who use the devices say its not an issue," said Jim Synhorst, procurement director of Allegiance. Although the data from those devices passes through the corporate firewall, additional security isnt necessary, because the information wouldnt be valuable to anyone else, Synhorst said. At Final Mile Communications, a professional services company, field service workers use Nextel phones to receive trouble tickets and report status back to the dispatch center. They havent seen any viruses yet, but "when and if [a virus] does present itself, it will be a serious issue to be dealt with," said Kim Dixon-Burrows, dispatch director. Other companies are more concerned about the possibility of data being stolen. The first decision an enterprise must address when implementing a secure wireless system is to define its security model by determining whats acceptable and what isnt, Mobilocitys Javaid said. "Part of the problem is, its ponderous," he said. For example, in the wired world, encryption based on public key infrastructure hasnt taken off because it is difficult to use, Javaid said. An enterprise that wants to give a field service worker access to important data is aiming to make that worker more efficient. "But if security introduces more error and takes longer to use, youve negated the advantage of going after it. You have to take a holistic approach," he said. Products purporting to provide end-to-end security that starts with the device and includes transmission and the software that runs applications are coming to market, giving companies more options that fit their specific needs. One of the simplest problems, though, has not been widely addressed: Few mobile devices have mechanisms for protecting information stored on them should the device be lost or stolen. There are some early products that companies can add to user devices to encrypt stored data so that only the owner can access it, Javaid said. F-Secure has encryption and antivirus software for Pocket PCs, and Palm and Symbian devices. F-Secure also offers antivirus engines for WAP gateways at the operator level. Trend Micro has antivirus software for devices and guards against all entry points, including beaming, synching, e-mail and Internet downloading. Earlier in the summer, a wireless ASP in the U.K. said it would use Trend Micros antivirus technology to protect its wireless applications. Gottwals said that programs similar to those available on laptops could be developed to allow a user whose device is lost or stolen to remotely destroy information or make it useless to anyone else. Such capabilities can be crucial to protecting important information stored on devices. Activity has begun to create virus protection software that lives on devices, although serious threats arent expected for some time. "We think the CE environment will probably be the first to see viruses written on a constant basis," Gullotto said. "But I dont think itll happen on a regular basis for perhaps 9 [months] to 16 months." Creating antivirus software for devices isnt easy. "On phones, the real estate is owned by the operating company and theres a turf battle over what software can do," Entrusts OHiggins said. That patchwork on the phones makes it difficult for a virus scanner to cover all parts of the device; virus protection could be required for each piece of software. F-Secures PDA solution includes antivirus software for PCs that is constantly updated via the Internet and uploaded to PDAs when users synch with their PCs. Software on devices becomes an important component of an antivirus campaign because short-range communications techniques, such as Bluetooth or infrared connections, bypass networks. Users can beam information - and viruses - directly to one another without sending the data through a server. Phones sold by NTT DoCoMo since December incorporate software to defeat viruses like the one that commanded the handset to automatically dial the emergency phone number. I-managers can also protect the devices of mobile workers by buying handsets that have authentication technology built in. RSA Security is one company working with handset vendors to make phones capable of accepting digital signatures. I-managers that send out updates or regular messages to mobile workers could program workers devices not to accept messages unless they have the I-managers digital signature. Such authentication technology is being built into handsets, and phone makers are interested in adding such capabilities, because they represent the potential for additional revenue. A device manufacturer could charge an enterprise per user for the complete authentication platform. In addition to virus protection on user devices, another line of defense is at the servers accessed by mobile workers. Currently, most platforms that support mobile e-mail carry antivirus and antispam software. Trend Micro helps enterprises and wireless operators detect threats as they pass through firewalls using the same technology thats been used to detect viruses in the PC environment. As new threats arise, Trend Micro will give its customers updated tools that can block viruses, usually within an hour, Hansmann said. Trend Micro believes that stopping viruses in the infrastructure is the best way to block their spread. "The device is the last line of defense," Hansmann said. But in the future environment of always-on communications that will come with next-generation packet wireless networks, that type of protection gets more difficult. "Unlike a mail client, applications like IM [instant messaging] and location- or presence-based applications are chatty. So the number of messages and the frequency go up by a factor of 10," said Michael Serbinis, chief technical officer of Critical Path, a company that offers Internet messaging platforms. The sheer number of applications and messages being sent will make antivirus efforts more complicated.
Many companies are still contending with wired security issues. And the fact that both the wired and wireless worlds change quickly makes it difficult for I-managers to stay on top of new developments. "Its a tremendous challenge for them to understand the space and the issues and what are the solutions to address it," Javaid said.