Although wireless protocols such as wap may not be as secure as most IT managers would like, vendors are rapidly closing holes. But how do you know when a wireless platform is finally safe for mission-critical applications?
One way is to get actively involved with the growing number of industry groups, standards committees and vendor alliances vying to set standards for securing wireless transactions. These groups include the WAP Forum, Radicchio, the Bluetooth Special Interest Group and the PKI Forum.
“We support many wireless devices, and we want to make sure our voice is heard on issues that will affect our wireless implementation,” said Chuck Davis, chief technology and chief privacy officer at BarPoint.com Inc., in Fort Lauderdale, Fla. “Because these organizations are developing legislation and standards, we thought it was important for us to participate.”
BarPoint.com is actively involved in the WAP Forum. While the forum does not concentrate solely on wireless services security, it sets the framework for how security features such as PKI (public-key infrastructure) are implemented into WAP (Wireless Application Protocol).
Davis said his involvement in the WAP Forum allows him to promote the wireless issues hes concerned about.
For example, hes interested in the organizations work to close the security hole created when the WAP gateway translates data from the Wireless Transport Layer Security protocol into a secure IP such as SSL (Secure Sockets Layer).
The WAP Forum has more than 200 members, mostly vendors, including such wireless leaders as Ericsson Mobile Communications AB, Nokia Corp. and Qualcomm Inc.
As wireless heats up, Davis said, BarPoint.com will join other forums, including the PKI Forum. That organization hopes to accelerate the adoption and use of PKI and PKI-based services for both wired and wireless devices. The PKI Forum is composed of almost 100 companies, most of them software developers.
For IT managers focused on wireless security, there are lobbying organizations such as Radicchio, which works to persuade international organizations and government bodies to take into account mobile security when drafting legislation. Radicchio has some 50 members, including wireless operators, certification authorities, systems integrators, handset manufacturers and software companies.
Enterprises interested in Bluetooth may choose to follow the Bluetooth Special Interest Group. Comprising telecommunications, computing and networking companies such as IBM, Intel Corp., Microsoft Corp. and 3Com Corp., the group is working on security issues attached to the de facto standard.
Even if IT managers dont actively participate in these organizations, theyll do well to follow them closely “Eventually, a standard will be set,” Davis said. “With so many people using our wireless service, we want to be prepared.”
IT managers can learn more about the groups at the following Web sites: www.bluetooth.com, www.radicchio.org, www.wapforum.org and www.pkiforum.org.