Establishing the balance between effective security and business benefit poses a major challenge for the IT department. Alison Connolly reports
As businesses increasingly take for granted the ability to give employees access to office systems while they are on the move, wireless computing will pose an escalating support and security challenge for CIOs.
Analyst firm Gartner warns that by 2009 there will be a fundamental shift in the economics and value of the voice connection. It predicts that voice over IP and wireless will dominate and 99% of new voice connections and 70% overall will be wireless.
IDC research shows that 66% of the European working population is equipped with mobile devices and predicts that by 2007 there will be 99.3 million mobile-enabled workers in Europe.
The driving forces, however, are changing. Forrester Research analyst Ellen Daley said that 60% of companies have wireless access to e-mail. The trend is for companies to adopt mobile applications more quickly. "Line-of-business applications will become more prevalent," said Daley. "Currently 25% of companies have adopted them and we expect that to increase by 10% by the year-end."
The management and security of devices has become a big headache for IT departments. "The converging capabilities of these different devices means CIOs cannot afford to differentiate in the level of consideration they give to each device," said Mike Small, director of e-trust strategy at CA.
"This will alter perceptions across the board in terms of what constitutes technology infrastructure," he said. "A smartphone or even an MP3 player connected to the network raises security and data management considerations that cannot be ignored. We may not see the total eradication of differentiation between devices until 2007, but this is already a concern confronting CIOs."
RSA Security's annual wireless survey shows the wireless uptake in London has grown by 62% over the past year, but 36% of London's businesses are leaving their Wi-Fi networks open to attack. Wireless devices enter organisations either by sanctioned use or by employees bringing in their own devices. Companies need to have a wireless policy even if their IT strategy does not include going down the wireless route.
Daley shares the concern of many in the industry that the major risk is from employees connecting their own wireless devices to the network. "One company said it had no wireless in the company so therefore had a 'no wireless' policy, but on investigation it was found that 42 access points were placed around the offices."
Managers need to wake up and start managing mobile devices, she said. "This is the trigger year because as line-of-business data gets on to handhelds, IT will have to manage and secure these devices." And it is the smaller companies that are most at risk, she warned. "Typically, companies with more than 1,000 access points have good policies."
Security concerns focus on loss of data, interception of communications via rogue access points, and external access to internal wireless points. Although these threats can be dealt with through encryption, strong authentication and virtual private network connections, the biggest concern for companies should be how to manage mobility, with a clear understanding of the consequences of losing a mobile device.
Wireless computing presents the classic security dilemma. The perceived value to the business is sufficiently high that security specialists will not be able to prohibit its use but they will be expected to find ways to enable it to be used securely. This is largely down to management.
Managed mobility services are available from organisations such as BT, Hewlett-Packard and EDS, with all the devices managed from purchasing through to first-tier support and security. Alternatively, products specifically designed to manage remote devices offer the ability to remotely lock and wipe any smartphones or feature phones if they are lost or stolen.
A survey by Websense which looked at the security risks posed by laptop computers revealed that 86% of workers admitted to downloading "non-work" software while out of the office - a statistic that would worry many IT managers.
Websense said, "Mobile phones and PDAs are advancing at a rapid pace and will soon hold similar value, in terms of information, to laptops. It is important that companies act now to protect remote devices within their IT infrastructures."
Handheld devices can also be infected by mobile viruses. Trend Micro figures show that since the first mobile worm in August 2004 there has been a steady rise in the amount of mobile malware. The Cabir worm and its variants ran natively on the Symbian 60 operating environment, which accounts for more than 80% of the GSM mobile phone market.
But the latest threats target newer technologies such as MMS, and the ability to surf and download e-mail attachments to mobile phones. Trend Micro warns that this threat will grow with new technologies, especially those geared towards high mobile bandwidth, such as Wi-Fi, Edge/GPRS, 3G/UMTS and Wi-Max.
The future of converged voice and data communications is evident in the new products and services offered by telecoms firms and internet service providers.
Last November Intel announced the deployment of Wi-Max networks by 13 carriers with the promise of wireless broadband access. Since then other carriers have joined the group. Airspan is one of the companies providing Wi-Max-based broadband wireless access networks and carrier-class VoIP products.
Its purchase of Finland's Radionet Oy last November confirmed its belief in the Metrozone environment - a mixture of Wi-Max and Wi-Fi technologies - as the most flexible combination of access and backhaul for IP-based voice and data services. Airspan plans to replace BT's Fusion with a Wi-Max offering of converged communications to small firms, homes and enterprises.
As the infrastructure strengthens, the range of hotspot connections available is multiplying. Michael Marsanu, chief technical officer at Funkwerk Enterprise Communications, said, "It is estimated that T-Mobile has more than 6,000 hotspots up and running in Europe alone. And by the end of next year market researchers predict that there will be more than 35,000 hotspots in Europe. With the advent of VoIP technology, the chances are that end-users will want to make or receive VoIP calls in a hotspot."
Joe Brunoli, vice-president of hotspot market development at free-hotspot.com, said, "About 95% of all laptops and PDAs are now being shipped with wireless connectivity included. Adding to this demand for Wi-Fi will be the introduction of Wi-Fi-enabled mobile phones. These will allow users to make free VoIP phone calls in hotspots using Skype or other internet-based VoIP service providers."
Google offers such a service, and has announced an investment with Skype in a new company called Fon, which aims to create a worldwide network of Wi-Fi users who share access to their hotspots.
Free-hotspot.com has launched a free hotspot directory and online advertising network aimed at advancing the use of free Wi-Fi, and plans to provide a free Wi-Fi service throughout Europe. Brunoli said, "Voice over Wi-Fi phones will drive a move toward free hotspots, as people with these phones will want to use them wherever they go."
He warned that a hotspot that is encrypted or requires authentication will not support universal access. "The mobile carriers that have their own paid hotspot networks will allow their mobile subscribers to use their hotspots, but if you have T-Mobile as a mobile phone provider, you would need to find a T-Mobile hotspot. Otherwise you will be subject to roaming fees. A free hotspot will allow anyone to use its Wi-Fi network to make free phone calls."
Jay Saw, hotspot manager at T-Mobile, said there are several ways users can connect to hotspots. "Passes can be bought online that provide a log-in code when the user first accesses a hotspot. These passes can provide connectivity for an hour, a day etc, which are ideal for very infrequent users. For more regular mobile workers it is possible to sign up to pay monthly tariffs with network providers."
A number of train services offer internet connectivity and some petrol stations are also providing hotspot access.
The latest focus for the wireless world remains evolving standards to increase the power and bandwidth of the technology as well as addressing security issues. James Walker, product manager for wireless Lan and security at Zyxel, said, "The move to a standard based on Mimo technology will be 802.11n. This will offer greater throughput and ranges than the existing 802.11a/b/g solutions.
"It will use the same frequency and channel width as existing 802.11a/b/g technologies." Experts predict that by the end of the year we will start to see the first of these products following the publication of draft standards.