Not All in Mobile Industry Are Under OATH

Reporter's Notebook: The mobile security industry, led by a group formed by vendors called OATH, is working to keep cyber-criminals at bay. But not all vendors support OATH, and continue to push for proprietary standards.

CHICAGO—Cyber-criminals are eyeing mobile phones and PDAs as their latest playpen, but the industry is stepping up its collaborative efforts to stop the chaos.

One of the most popular pavilions here at this weeks 2005 Mobile Business Expo at the Navy Pier conference center was sponsored by OATH, where companies like Aventail, Diversinet, Gemplus, Identita Technologies, Inc., PortWise, Spyrus and Verisign discussed—and debated—an open authentication standard for use on all mobile devices, from PDAs and laptops to mobile phones and Wi-Fi hot spots.

OATH—an acronym for open authentication—is an industry-wide collaboration, seeking to create a "reference architecture" for authentication for all networks and devices.

"As mobile devices continue to expand the edge of corporate networks, powerful two-factor authentication is a critical requirement for mobile users seeking to securely access business critical data, and applications, remotely," said Colleen Kulhanek, the marketing chairman of OATH, and the director of business development for SafeNet, Inc.

The goal is to create technology standards that are "royalty free," which will allow all wireless companies, and users, to solve business problems related to wireless security more quickly than would otherwise be possible, said Kulhanek.

/zimages/6/28571.gifCareless users challenge mobile security. Click here to read more.

The greatest risks posed by increased business use of mobile technologies remain identity theft and loss of intellectual property.

"The inability to share data over mobile devices because of security concerns severely limits a companys ability to conduct business efficiently," said James Smith, general manager of the 2005 Mobile Business Expo.

Members of the OATH forum, like Aventail, also used the show, and the pavilion, to announce new products.

Among the technologies that debuted, there were several of note:

  • Aventails secure mobile access solution for PDAs and smart phones.
  • Bluesockets enhanced suite of WLAN services, which make it easier for IT administrators to secure, and differentiate, access on a wireless network.
  • Xirrus announced a partnership to bolster its XM-3300 management platform to enable IT administrators to streamline management of enterprise Wi-Fi networks.

"Market leaders are still emerging," said Steve Wylie, chairman of the conference.

But not every company in the mobile industry is embracing OATH. Some are still pushing proprietary standards.

One firm, Intellisync, a wireless e-mail software vendor, has developed a mobile device management software for enterprise and carrier customers, enabling IT management to "remotely update, patch or lock down a variety of devices from a central location," a spokesman told Ziff-Davis Internet.

Mobile carriers are apparently interested in the concept too. "Sprint PCS is one of several Intellisync carrier customers that use this mobile device management technology to manage customers devices for a service fee," the spokesman added.

Another firm, Pointsec Mobile Technologies, has developed its own automatic data encryption technology for mobile devices.

"By securing sensitive information stored on laptops, PDAs, smart phones and removable media, enterprises and government organizations can protect and enhance their image, minimize risk, shield confidential data, guard information assets," a spokesman for the company told Ziff-Davis Internet.

The CIO forum here on Tuesday provided plenty of insight into what enterprise IT managers are doing, on their own, while the industry gets up to speed with a security standard and new technologies, however.

"Putting together policy and procedures to add security for a device like this (Blackberry) is becoming a real challenge," said Larry Hardin, director of communications at Sysco Corp., a $30 billion food services distributor, which recently deployed 500 Blackberry devices into the field.

/zimages/6/28571.gifClick here to read about the difficulty of securing mobile phones and PDAs.

The one industry that seems to have figured out exactly how it wants to use wireless technology is health care.

The Northeast Medical Center Hospital is using Treo 650s to deploy patient data to doctors—in real time—and has rolled out its own security standards.

"Physicians dont want to type or deal with desktops, so mobile devices are perfect for them," said Carla Maslakowski, the chief information officer at the hospital, based in Bonham, Texas.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.