Internet Insight: Hot Spots

Mobile users are warming to WLAN 'hot spots,' despite the risk of getting burned on security.

Hot spots are, well, hot. The idea is simple: Business travelers get wireless Internet access thanks to transmitters installed in any of their usual haunts: airport lounges, hotels and restaurants. WLAN operators are betting these road warriors, having become used to high-speed wireless networks at home and in the office, wont be able to resist the lure of plentiful bandwidth, connectivity anywhere and, of course, no wires when theyre on the road.

"The driver is going to be when people use it at work and at home. When they go out, theyll naturally want to use it," said Clark Dong, CEO of hereUare Communications Inc., a San Jose, Calif., developer of eCoinBox, a product that makes it easier for hot spot operators to bill customers. HereUare also operates its own for-pay wireless LAN access service.

There are other forces in play, too. WLAN cards are getting less expensive. Today, they sell for about $80, but just a few years ago, they retailed for close to $400. In addition, 30 percent of laptops sold this year will have WLAN cards built in, said Roland van der Meer, a partner with venture capital company ComVentures, in Palo Alto, Calif. Van der Meer studies the wireless market.

The hot spots being implemented use WLAN equipment based on the 802.11b standard, commonly known as WiFi. Speeds are up to 11M bps, enough for most typical business uses. The total number of remote and mobile workers, according to Cahners In-Stat/MDR, is currently 78 million and will rise to 106 million by 2006. By 2007, there will be 21 million users of public hot spot networks in the United States, up from 600,000 this year, according to findings from Analysys Research Ltd., a Cambridge, England, research company. According to a study by hereUare, the San Francisco Bay area leads with 257 public WiFi hot spots, followed by Seattle with 154.

Service providers are scrambling to get in on the action. For example, EarthLink Inc. founder Sky Dayton launched Boingo Wireless Inc., of Santa Monica, Calif., in late January to unify the myriad WLAN operators by offering users one bill and a single way to sign onto the service. Sprint PCS Group subsequently invested in Boingo. VoiceStream Wireless Corp. gave a vote of confidence to the concept by purchasing bankrupt MobileStar Network Corp., the WLAN operator that built networks in more than 600 locations, including Starbucks Corp. cafes. And these are only the companies that are large enough to grab headlines. There are so many small WLAN service providers that its not feasible to count them all, said Monica Paolini, an analyst at Analysys San Francisco office.

Many observers agree that current WLAN operators should be able to avoid the pitfalls that led to MobileStars problems. Because it was early in the market, MobileStar, in Richardson, Texas, paid high prices for WLAN gear that was not yet available in large quantities. And to make matters worse, the company embarked on an aggressive campaign to build out its hot spots nationwide, then was unable to attract customers fast enough to defray its costs.

In contrast, service providers today are buying standard equipment at prices that have been driven down by volume production and are contenting themselves with modest but sustainable growth rates.

But there are still clouds that threaten to cool interest in WiFi hot spots: The security of WLANs is in question, a fractured market has required business travelers to subscribe to services from a number of different providers and WLAN operators have been slow to offer attractive pricing plans. However, the service providers said they are addressing these issues, and its just a matter of time until they overcome them.

Some IT managers are proceeding full steam ahead. J.D. Edwards & Co. has 2,500 mobile workers and subscribes to a service from iPass Inc. that allows those workers to get online remotely via land-line technologies. The company is ready to do beta tests when iPass begins offering WLAN as an access method. "I want to see any time, anywhere connectivity. Hotels and airports would be great," said Ken Migaki, vice president of IT infrastructure services for J.D. Edwards, in Denver.

iPass, an aggregator of all types of networks that offers business travelers a single bill for accessing the Internet from anywhere, has formed partnerships with WLAN service providers Wayport Inc. and Concourse Communications Group LLC and plans to begin commercially offering WLAN access to U.S. customers next month. iPass, in Redwood Shores, Calif., already offers hot spot access in parts of the Asia-Pacific region and in Australia.

Migakis mobile workers are particularly reliant on high-speed connections when theyre out of the office because they present to customers demonstrations that run from a centralized system. A dial-up connection wont deliver the demo properly. Migaki said it would be ideal if those salespeople could use a WLAN connection in a hotel to display the demo for customers so they wouldnt have to hunt for a port or go through setup procedures that differ from place to place. "If we know the names of hotels that have [WLANs], well look at putting people in those hotels," he said.

But for every company that cant wait, theres another that is sitting on the sidelines due to security worries. Mobile workers in NCR Corp.s Teradata Division, for example, wont be using hot spot networks en masse any time soon, even though the company uses 802.11b networks for some internal applications, said Steven Dipold, CIO of NCRs Teradata Division, in Dayton, Ohio. The reason is that the 802.11b standard includes WEP (Wired Equivalent Privacy) protocols to encrypt transmissions, and WEP has failed in a number of high-profile cases.

Meanwhile, the IEEE, which developed 802.11b and is working on upgraded versions of the standard, has a working group dedicated to beefing up security on all the 802.11 standards. Those efforts, which will be released as a security standard called 802.1x, center on strengthening WEP and adding authentication processes. However, a report released recently by University of Maryland professor William Arbaugh and his graduate assistant Arunash Mishra has already cracked the 802.1x security standard, a fact that is bound to keep plenty of companies from buying into WLAN hot spot technologies.

There are other security issues, some of which are being addressed. For example, service providers and aggregators say that its a given that security-minded corporations have a VPN (virtual private network), which protects data transfers over the wire-line portion of a communications connection. "The challenge is in the open air communications," said Mike Moore, director of business development for iPass. Companies want to make sure that when a user logs on for access to the corporate network, their user name and password cant be stolen, Moore said.

To plug that hole, iPass has enabled a Secure Sockets Layer link between the clients device and the access gateway of the WLAN service provider. When the user logs on, the authentication transaction is encrypted. Once the user is authenticated, the enterprise launches the VPN tunnel, which protects the rest of the communication.

GRIC Communications Inc., a Milpitas, Calif., aggregator that offers Internet access around the globe to business travelers, includes intrusion detection as part of its package. When GRICs system notices that someone is hacking into a transmission, it automatically shuts down the connection, said John Rasmus, vice president of business and corporate development at GRIC. In April when GRIC upgrades its software, the system will also be able to detect "sniffers" on the wireless link and will tear down the connection if a sniffer is detected.

Network Patchwork

Until recently, no company had emerged to unify the many operators building hot spot networks. "There were so many operators, IT organizations were burdened with establishing multiple business and technical relationships so users could get access across different networks," Moore said. "Initially, enterprises were seeing this as far too burdensome. They didnt want to have to get to know the ins and outs of the MobileStars and Wayports and dozens of others."

In addition to the more well-known service providers, so many other small operators exist that researchers have found it essentially impossible to count them, said Analysys Paolini. Last month, WiFi Metro Inc., in Palo Alto, launched service in 40 locations in the San Francisco Bay area with another 50 planned across the country this year. Others have even smaller operations with, in some cases, only a handful of locations in a single metropolitan area.

Enter Boingo. "Were taking fragmented, scattered services and creating a single high-speed wireless network accessible through our software," said Christian Gunning, director of product marketing for Boingo. Boingo said it hopes to attract customers with a user interface that "sniffs" an available network, allows users to get authorized with single sign-on and receive a single bill even though they may use services of a number of operators.

Pricing Problems

In addition to the fragmented nature of the market, WLAN service providers havent generated a stampede of customers because theyve sold the service much like a consumer offering, said Moore. "Because it was business-to-consumer pricing, enterprises werent able to use their volume as a corporation to drive down costs," he said. Typically, pricing plans were available on a per-hour or per-day basis.

Wayport, a WLAN operator that offers service in hotels and airports, has begun crafting subscriber plans aimed at attracting the regular traveler and now offers corporate discounts for bulk users. The operator recently introduced a pricing plan that offers unlimited use for a monthly per-user fee of $19.95 for organizations that sign up at least 50 users. Boingo offers three pricing plans for the individual user and discounts on a case-by-case basis to corporate customers that approach the company looking for a bulk rate. Boingos three plans are as follows: $24.95 per user, per month, including 10 connect days; an unlimited usage plan, for $74.95 per user, per month; and a pay-as-you-go option at $7.95 per day that the service is used.

But most corporations have not yet turned matters over to IT. Typically, companies ask users to sign up for the service themselves and expense the cost, rather than have it centrally managed, said Dan Lowden, vice president of marketing and business development for Wayport, in Austin, Texas. Once mobile workers start independently using WLAN networks to access corporate databases, however, IT departments may grow more likely to centrally manage the capability, said NCR Teradatas Dipold. "The CIO communities that are accountable for security tend to have more of an insistence on making sure that if theres a sanctioned way to access the network that its done in a way the corporate organization feels is secure. Central control will be the norm," he said.

That progression would follow the path that wireless personal digital assistants, cell phones and even the PC itself followed to penetrate the enterprise.

But unless IT does take charge, its iffy that hot spot adoption will achieve the rapid growth that Analysys predicts. In addition, IT wont fully buy in until security is adequate, aggregators offer a single point of contact for nationwide services and pricing hits the sweet spot for corporate purchasing. But with work in progress on all these fronts, road warriors may soon have reason to smile.

Nancy Gohring is a free-lance writer based in Seattle. She can be reached at [email protected]