Now more than ever, companies are deploying mobile applications to drive competitive advantage and increase profitability. In the United States, more than 47 percent of today’s work force is mobile, spending more than 8 hours per week away from their workstation or desk. In addition, nearly 75 percent of the American work force will be mobile by 2011.
Organizations need to approach wireless security with the same sense of urgency given to securing their wired infrastructure, and they need to understand the unique challenges of the wireless environment. In today’s mobile world, bandwidth is limited. Connections are unstable. Roaming is common. Battery life is critical. And security is urgent. With all these factors in mind, it is imperative to deploy a solution that stands up to the most demanding wireless challenges.
Of course, in today’s environment, it’s also critical to consider the environmental consequences of a security solution. With more and more mobile technologies entering the market, energy conservation is one factor that should be considered now and in the future.
Determine your security needs
So how does a company go about securing its wireless infrastructure? Where does one even begin? A good place to start is determining if the company needs a specific point solution or an overall complete security platform. As security risks mount and hackers continue to be more sophisticated, a complete security platform is far more protective and, in the end, effective. This means selecting a point solution that provides locks for only the front door could still have the vulnerability of the windows or back door being compromised. The point solution might protect the network from the outside, but what about the data residing on the internal network? These are all reasons to choose an end-to-end security platform versus a point-only solution.
One solution to consider is the mobile VPN. VPNs based on IP security (IPsec) and Secure Sockets Layer ( SSL) have long been used to provide secure remote access to the enterprise network for employees and consultants working remotely. However, traditional VPN technology has its roots in wired computing and does not perform well in a wireless environment delivering limited bandwidth and unstable connections. Fortunately, a new generation VPN based on Transport Layer Security ( TLS), the mobile VPN, has evolved to handle the requirements of both the wired and wireless world.
Pinpointing the Right Mobile VPN Solution
Pinpointing the right mobile VPN solution
Now that we know about the mobile VPN, it’s important for the IT department to know just what criteria to look for when selecting a mobile VPN solution. IT departments should look closely at the following four criteria:
1. The basics: Support for security fundamentals
All software security solutions need to have strong authentication, encryption and data integrity. Strong authentication requires the identity of both the sender and the recipient to be verified before exchanging data-keeping both the data and network security safe. Once authentication takes place, the data must be encrypted, which requires scrambling of transmitted data with a secret key to unlock or decode the encryption for an added layer of data security. To ensure data integrity, a trustworthy security solution must validate that data has not been modified during transit, and it should automatically eliminate any changed data packages.
2. Choose a solution based on a standard security protocol
While several VPN solutions meet the three fundamentals of trustworthy security, it’s critical to select a VPN based on a standard security protocol. Because proprietary technology exposes the company to unknown risks and may increase the risk of a security breach, a VPN that has been tested and validated is preferred.
3. Put your mind at ease with a security solution that enforces compliance
With a growing mobile work force, IT administrators must have the ability to establish, enforce and update mobile device settings to ensure regulatory compliance with regulations such as the Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA) and the PCI Data Security Standard (PCI DSS). A VPN solution should also provide complete records of all network events to comply with audit requirements.
It is also important that the VPN supports Network Access Control (NAC), ensuring that connecting devices are authorized to access the network and are compliant with the company’s security policy. Devices that don’t comply can be quarantined, thereby protecting networks from unauthorized access and virus attacks.
4. Consider total cost of ownership for top-down corporate and compliance strategy rather than short-term tactical approach
In the rush to mobilize, many IT organizations have placed a plethora of aging, single-purpose network and security tools into service-including Wi-Fi Protected Access (WPA2), traditional IP Security VPNs and other underperforming mobile VPNs. Today, the enterprise has begun questioning this “one-step-behind” and reactive mind-set in favor of a balanced approach between the total cost of ownership ( TCO) and the overall business requirements, thus demanding a shift from tactical and short-term decisions to working with a top-down corporate strategy focusing on IT and compliance needs.
Again, one must consider a complete security platform rather than a single-point solution when it comes to total cost and time savings, for the following five reasons: less support costs (fewer help desk calls, less system administration), less maintenance and upgrade costs, lower initial investment, less training, and less complexity.
Six Mobility Must-haves
Mobility in mind: Look for these six mobility must-haves:
1. Roaming and seamless connectivity
Seamless roaming helps users remain connected as they cross network boundaries and use different radio access networks. A mobile VPN allows the user to move around, switch networks and change connection without any interruptions to the application-creating an “always-on” scenario. It also recovers all the data after a lost signal or hibernation mode, ensuring that data is never lost.
2. Session persistence
Unstable connectivity is common in the wireless environment, and mobile devices will sometimes lose the connection or hibernate to save battery power. Session persistence with transaction recovery allows users to continue working without the need to reauthenticate or restart the application after a lost signal, change of network type or hibernation mode. Mobile workers improve productivity with a persistent and secure connection to enterprise applications as they roam between networks, or move in and out of coverage.
3. Data compression
With limited bandwidth available, advanced data compression is an important feature that increases the performance of the applications over low-bandwidth networks. Data compression minimizes the amount of data being transferred, allowing organizations to lower their data rates-which can be a potential large cost savings for a company with hundreds or thousands of employees.
4. Limited CPU power
Because mobile devices are equipped with smaller processors than desktop computers or laptops, it is critical that the security solution require minimal processor power so it doesn’t slow down other applications running on the machine. With less processing power, users benefit from improved speed and extended battery life.
5. Memory footprint
With limited memory space available, memory footprints on mobile devices must be small to ensure there is memory dedicated to business-critical applications. Ideally, a mobile VPN solution will have memory footprint requirements as low as 70KB to conserve valuable storage space.
6. Battery consumption
To conserve battery power without losing the VPN connection, it is critical for a mobile VPN solution to provide session persistence and data recovery, allowing the device to hibernate when it isn’t being used. This extends the operating time from each battery charge to the next, giving mobile workers access to mobile devices for longer periods and boosting productivity.
Beyond the Hype: An Eco-friendly Security Solution
Beyond the hype: An eco-friendly security solution
IT departments would be remiss to ignore opportunities for green technology initiatives. Besides decreasing energy usage, eco-friendly technology also saves significant IT costs, lowering the TCO. Keep these five features in mind:
A software-based solution presents many advantages for the environment. Implementing a software security solution prevents the need for “rip and replace” scenarios that add expensive, energy-draining hardware appliances. All remote access devices should be secured by a single solution, resulting in considerably lower management and maintenance costs while only requiring one open port in the firewall.
2. Energy and memory
A mobile security solution should have a small server footprint without any additional hardware requirements. The software should be available for existing servers with full support for virtualization and advanced data compression. With advanced data compression, organizations can lower data traffic with up to 60 percent increased throughput over wireless networks. In addition, companies can benefit from a solution that uses less battery power to prolong the operating time from each battery charge, as well as the lifetime of the battery.
Regardless of an organization’s current size, it’s important to ensure that the field mobility platform can scale with an organization’s needs whenever users are added or need access to new applications. Organizations should select a solution that provides transparency without any required software modifications. This will provide flexibility to scale as new business demands access to more applications and systems, and it will do so without sacrificing security needs.
4. Support for standard-based deployment tools
With field mobility users spread across many different locations, it is important to make sure that the VPN solution supports standardized, easy-to-use deployment tools, and that it supports MS certificate storage for efficient distribution of certificates. Some security solutions require the use of proprietary deployment tools, which will add complexity and, in most cases, raise the cost for the deployment.
5. User-friendly and seamless
Finally, it is important that the VPN is user-friendly and seamless to the user. This simplifies the deployment by eliminating time and money spent on user training and help desk calls.
Ready, Set, Secure!
Ready, set, secure!
With so many security solutions available, companies must choose wisely to deploy one that fits the needs of the IT department. As with weighing any decision, there are many aspects to consider, especially if mobility is the key factor in selecting a solution. If mobility is important to an organization, a standardized security solution that offers true mobility features such as session persistence, advanced data compression and seamless roaming is necessary.
And as with any purchase decision, total cost of ownership must also be considered. Finally, in today’s environment, energy conservation and green initiatives in a solution should also be evaluated. A solution should be scalable and application transparent to future growth needs in terms of adding more users or applications.
Once you’ve made your decision, you’re on your way to complete, seamless mobile security for your company and its remote workers.
Asa Holmstrom is president of Columbitech. Asa is responsible for the company’s day-to-day operations in the United States. As part of this role, Asa spends time on-site helping retailers secure their wireless infrastructure. Asa joined Columbitech after more than 15 years of executive leadership in the IT industry, most recently as the CEOof the technology consultancy firm Kvadrat.
Asa has also worked as a management consultant at Cap Gemini, focusing on sales, business development and leadership within global technology companies such as Ericsson and Siemens. She can be reached at [email protected].