Securing Remote Access

For Strack, one of the largest utility contractors in Georgia, the problem wasn't training field crews to adapt to its newly implemented wireless solution; the problem was finding a wireless solution that would adapt to its field crews. "Our company is focused on completing construction projects," says George Vinson, Strack's director of IT. "Teaching our project managers how to change their network settings and firewall client configurations was not a realistic expectation."

Whether your company is focused on construction projects or financial objectives, mobile technology should facilitate more productive mobile workers, not create new hassles away from their desks. And of course while realizing the benefits of mobile and wireless technology, security must be a top priority.

For Strack, management was aware of the time and money it could save by implementing a wireless solution rather than having workers driving back and forth with project plans and payroll reports. But it wanted to make sure it was keeping company information safe. "It's not like we're guarding the nation's secrets," says Vinson, "but it's important that we keep our company's, and our customers', information secure." And that's where the trouble started.

Connectivity wasn't always reliable from the field, which caused the VPN to crash and information to be lost or duplicated as workers had to reconnect, login and restart the application. Connecting to the backend network also required a lot of bandwidth. Crews using cellular networks to connect found that it ran painfully slow. And finally project managers had to reconfigure the laptop's security settings depending on whether they were in the office, onsite or connecting from home.

Not exactly a time-saving solution.

Though security is one of the most important issues facing enterprises today, Jeff Wilson, principal analyst for network security at Infonetics Research, admits, "Most enterprises don't have a cohesive plan for mobile security."

Luckily, the industry's been working on fixing some of the most common challenges associated with taking corporate-level security out into the field. Here's a short list of the most mature solutions in this space:

Device and Application Interoperability
In 1997 Aventail created one of the first SSL VPNs. As its solution has matured, interoperability has been one of its biggest priorities. "In the beginning customers were mainly dealing with a Windows-centric environment," says Chris Witeck, director of product management at Aventail. "As we saw an increased demand for varied platform support, we expanded our solution to work with any device." Aventail literature says it offers the most complete solution for any type of device, including Linux and Macintosh operating systems, and supports almost all smartphone or PDA browsers. The solution promises strong granular control down to specific users and specific applications; device recognition and authentication; single gateway access for easy sign on; and session persistence for users who roam across networks.

Mobilizing Applications
For Strack, the distressed conractor in Georgia, NetMotion Wireless was a knight in shining security. NetMotion categorizes its solution as "built for wireless." Tom Johnston, senior VP of product and marketing for NetMotion Wireless, stresses this idea that NetMotion's solution is built to enable "line of business applications over wireless networks." While some VPNs can degrade performance, as Strack discovered, NetMotion's Mobility XE works to improve throughput, compressing data and controlling network chatter, whether a user is connecting over WiFi, EV-DO, GPRS, EDGE and even cable or DSL networks. Currently, NetMotion's solution only supports Windows machines, including Windows Mobile devices. Mobility XE offers centralized policy control features, down to which applications are allowable over which networks.

Performance Balanced With Convenience
While many security vendors started with a product built for wired environments, Columbitech started with mobility in mind. Founded in 2000 as a spin-off from Ericsson, Columbitech's solution addresses the hassles of an intermittently connected environment. Featuring single sign-on security, users only need to log in once; as they move in and out of coverage the VPN works in the background reauthenticating automatically. Columbitech's CT Enterprise Mobile VPN also features data compression, and its tiny client works on smaller devices. The company has a number of government contracts, so its VPN is FIPS 140.2 certified. Currently, CT Enterprise Mobile VPN is formatted for any Windows platform or Symbian-based smartphone, but Columbitech says it could create a compatible client for any platform in no time.

Clientless, Scalable Solution
Juniper Networks offers scalable IPsec VPNs and clientless SSL VPN solutions to fit the size and shape of any enterprise's remote access needs. Because there is no client, the SSL VPN is compatible with any browser on any device, for what Juniper boasts is "true anytime, anywhere secure access." The platform supports granular management, allowing the enterprise to control access down to which applications users can access over which networks. Juniper also supports device-level security, ensuring the device meets the appropriate security "posture" before it connects. This transparent process allows for detailed auditing; the solution can track who is connecting when, with what device and from where. Juniper's solution also offers single sign-on access and session persistence.

One Solution, Multiple Security Scenarios
Cisco is a major player in enterprise networking solutions, so it's no surprise that it offers a variety of security products. Mark Jansen, product line manager for secure remote access, calls

the Adaptive Security Appliance (ASA) its "premier" security platform. In one appliance, Cisco offers a traditional IPsec VPN client, a clientless SSL VPN and a thin client SSL VPN tunnel for a single, scalable solution. "We've worked to create one solution that can meet multiple remote access scenarios," says Jansen. Cisco's ASA platform is compatible with any standards-based browser using SSL, and clients can be developed for most devices. The ASA will adapt to the device and any network it connects over--meeting IT's demand for a simple, adaptable solution, as well as meeting users' demands for ease of use.

Finding the Right Solution
Once Strack deployed NetMotion's Mobility XE, its wireless project came off in a cinch. The company was so satisfied, in fact, that it began accessing more information over the wireless network and exploring the use of other mobile devices, eventually rolling out Windows Mobile--based handhelds and smartphones. //

Teresa von Fuchs is a freelance writer in Austin, Texas.