Practicing Safe Wireless: A Billion Reasons To Plan Ahead

We said we'd raise your wireless IQ. This is the first in a series of posts about key challenges you'll face and ways to make sure you don't flinch when you do. Wireless security is like picking mushrooms in the forest: if you know what's poisonous, they won't ruin your hike. But if you don't, well, read on and learn what's safe to eat.

The topic of security will come up at some point before, during, or after you deploy your mobile solution. The problem is you won't know when, who will bring it up, or what form it will take. We'll address all three.

But first, why is wireless security such a hot topic? Put it this way: change is good when you get a raise or your team wins the Super Bowl after a two-win season. It's almost always bad if you're in IT security. Enter wireless. Just when security got comfortable with VPNs and DMZs and ASPs (oh my!), along come a billion new devices vying for network access from outside the firewall. Talk about a Maalox moment.

Sounds intimidating but it isn't if you uncover the real underlying objection early. The most important tip we have is this: pick the most skeptical member of your security team and proactively invite him/her to join your project before kickoff. Build his/her objections into your planning process. More importantly, you'll need security input when architecting the solution and the most skeptical team member is usually the one most familiar with the right way to get things done.

Wireless objections take three general forms: 1) Is the data sent over the wireless network encrypted? 2) Does the mobile app violate existing firewall or other security policies? 3) How is the data protected on the actual handheld? Yes, no, and carefully - and here's how:

If the first question is security's primary bugaboo, you're set as long as you select a mobile gateway vendor with a built-in wireless VPN. This is fairly standard and it's also the most common objection. All data that leaves your corporate network must be two-way encrypted.

If it's number two, be sure to use pre-approved devices and you won't violate existing security policies. BlackBerry Enterprise Servers, for instance, have a setting called the 'Mobile Data Service' ("MDS") that allows wireless devices to operate on the LAN like laptops. We guarantee you, some VPN-like solution will have already been approved for mobile use.

If it's number three, all data must be encrypted on the handheld. If you require additional security on the device like remote wiping of the memory, there are good third-party device management solutions available like Afaria. In general, though, today's handhelds comply with most laptop-style security methodologies like password timeouts and device locking. If you're using mobile phones (and not smartphones or PDAs), you'll probably access applications via the handheld browser in which case no persistent session data is stored locally.

That is enough to get you asking the right questions. For a deeper dive, email info@aeroprise.com for a free copy of a much more detailed security overview. Click here for another good resource available from BlackBerry.

I'm off to England this week. I'm keenly interested to see how the mobile ecosystem has changed since my last visit. The world is getting smaller (and some would say flatter) every day. Eventually, there won't be as many regional differences in mobile data adoption. But for now, the US and Europe are two separate Petri dishes growing wildly different wireless cultures at different rates. My hypothesis is that they'll look about the same in 2009 when consumer usage yields to enterprise usage and networks and devices converge on one set of standards. Until then, well, I'll let you know when I'm back.