FMC: new opportunities but security headaches

Fixed-mobile convergence (FMC) will help enterprises save money and boost productivity. First, though, they'll have to address security issues on an unprecedented scale.

The fixed-mobile convergence (FMC) market is about to explode: It's a business imperative for both fixed-line and cellular carriers, and enterprises can realize big cost and productivity benefits.

As with all hot new business technologies, security can get short shrift. Businesses will be eager to start reaping the benefits of FMC; carriers are at a crossroads in an intensely competitive market.

The convergence of IP-based and mobile phone technologies is starting to draw the attention of mainstream information security companies, in addition to a handful of start-up players. Check Point Software Technologies recently jumped into the infant FMC security market, shared with start-up companies like Sipera Systems and Reef Point Systems.

The stakes for carriers are incredibly high. Mobile operators could lose $3.3 billion a year by 2011, according to Indian market research firm iLocus. Fixed-line carriers, eager to reverse the loss of business as customers depend less on land lines in favor of ubiquitous, feature-rich mobile devices, are offering mobile applications from voice to video and music, to email.

"It's the next natural evolution for mobile companies," says Bill Jensen, Check Point product marketing manager. "They need to get more customers and expand services. For fixed-line carriers, it's total survival, a way to expand through agreements with cell carriers."

For enterprises -- and consumers -- FMC technology will offer attractive savings by allowing users with dual-mode devices to switch transparently between cell and WLAN VoIP connections, reducing cell charges. Using Unified Mobile Access (UMA) technology, mobile workers will be switched at a coffee shop hot spot; employees who blithely make international cell calls from the office lunchroom even though their desk unit is down the hall will use cheaper WiFi in spite of themselves.

"A lot of people see it as a cost savings, but the main driver is productivity," says Luc Roy, vice president of product planning for Siemens Communications, which recently announced its FMC solution, HiPath MobileConnect. "It's targeted to any industry, to anyone using mobile phone technology in an area using wireless access. Growth will be exponential in the near future."

Although dual-mode devices can currently run in either cellular or Wi-Fi mode, transparent roaming between the two technologies is as close as a firmware update when it becomes available, and sales of the versatile devices are growing rapidly. While iLocus estimates that there were only 436,000 FMC subscribers at the end of 2006, analyst firm Infonetics Research predicts dual-mode devices will show a five-year compound annual growth rate of 198% between 2006 and 2010.

With this explosive growth, the still-small threat of attacks on cellular devices takes on much greater significance, making them more attractive targets, as FMC gives them access to IP networks.

"The stakes are high for carriers; the same set of services, with the same core network now are also Wi-Fi," says Seshu Madhavapeddy, Sipera president and CEO. "Unless they have strong VoIP security, they are subject to attack that not only damages VoIP, but the core cellular network."

Sipera's IP Communications Security (IPCS) appliances secure unified communications such as VoIP, IM, multimedia and collaboration applications.

"The first security concern is the sheer number of new customers that are entering the IP network through a new medium; particularly worrisome is the introduction of malware through a data terminal now easily connected via GSM or other types of wireless interfaces," says Scott McComas, a senior product manager in the Security & Mobile Connectivity business unit within Enterprise Solutions at Nokia.

Nokia, which provides an FMC solution featuring its Eseries of dual-mode business handsets and Intellisync Device Management software, will deliver Check Point's new VP-1 MASS (Multi-Access Security Solution) FMC security product on its IP560 appliance.

"There's also the rising potential of spreading viruses through peer-to-peer networking, because of customer demand for applications such as online gaming and multimedia services," says McComas. "With mobile connectivity there is no longer any concept of a perimeter. We need to take particular pains to ensure that transactions between mobile terminals are secure."

Traditional security solutions don't scale well for this environment. The sheer number of users, the rich mix of applications and the diverse types of carriers require highly customized solutions. Envision tens of thousands, even millions, of concurrent users tapping into a smorgasbord of services, including voice and text messages, music, video clips -- even transmitting a TiVo'd program to your mobile device, and you get a sense of the complexity.

"UMA puts severe constraints on the security gateway; the cost per tunnel is high," says McComas. "The business case for operators needs to be addressed to be profitable."

That's why the Check Point/Nokia offering, for example, is more than just a Check Point firewall/VPN on a high-performance box. Each box is built to handle up to 35,000 concurrent VPN connections and can be clustered to increase that exponentially. The next release will enable hardware-based encryption acceleration for the AES-XCBC standard adopted for UMA.

"The wide range of access networks now established offer an opportunity and a dilemma for carriers in expanding their footprint to reach more users and enable users to get the right bandwidth for voice service and multimedia services," says David Heyward, director of corporate marketing for Reef Point.

"The dilemma is that each type of access network has QoS service issues," he says. "Legacy security solutions don't lend themselves to work with all those networks. A universal appliance applies to all security networks in one device."

Reef Point offers carrier-grade appliances designed to manage and secure FMC. The Universal Convergence Gateway supports up to 1,000,000 concurrent sessions for a half-million users.

Check Point is banking on its high profile to attract carrier business to its VP1-MASS solution.

"The security in place is mostly directed at the data center; it doesn't cover UMA or VoIP," says Jensen. "They are looking to major players to provide the elements: UMA gateway, infrastructure; for security, they come to players like us."

Sipera, which is trying to carve out market share with its appliance-based VoIP security solutions, sees opportunities among enterprises, as well as carriers.

"As FMC grows, enterprises are becoming more concerned. On laptops, you have all these do's and don'ts and can sanitize what employees are downloading," says Madhavapeddy. "Workers are traveling all the time, downloading ring tones, games. It's much more difficult to enforce policy."

Read more on Voice networking and VoIP