Securing Remote Access
For Strack, one of the largest
utility contractors in Georgia,
the problem wasn't training field crews to adapt to its newly implemented
wireless solution; the problem was finding a wireless solution that would adapt
to its field crews. "Our company is focused on completing construction
projects," says George Vinson, Strack's director of IT. "Teaching our project
managers how to change their network settings and firewall client
configurations was not a realistic expectation."
Whether your company is focused on
construction projects or financial objectives, mobile technology should
facilitate more productive mobile workers, not create new hassles away from
their desks. And of course while realizing the benefits of mobile and wireless
technology, security must be a top priority.
For Strack, management was aware of
the time and money it could save by implementing a wireless solution rather
than having workers driving back and forth with project plans and payroll
reports. But it wanted to make sure it was keeping company information safe.
"It's not like we're guarding the nation's secrets," says Vinson, "but it's
important that we keep our company's, and our customers', information secure."
And that's where the trouble started.
Connectivity wasn't always reliable from
the field, which caused the VPN to crash and information to be lost or
duplicated as workers had to reconnect, login and restart the application.
Connecting to the backend network also required a lot of bandwidth. Crews using
cellular networks to connect found that it ran painfully slow. And finally
project managers had to reconfigure the laptop's security settings depending on
whether they were in the office, onsite or connecting from home.
Not exactly a time-saving solution.
Though security is one of the most
important issues facing enterprises today, Jeff Wilson, principal analyst for
network security at Infonetics Research, admits, "Most enterprises don't have a
cohesive plan for mobile security."
Luckily, the industry's been working
on fixing some of the most common challenges associated with taking
corporate-level security out into the field. Here's a short list of the most
mature solutions in this space:
Device and Application Interoperability
In 1997 Aventail created one of the
first SSL VPNs. As its solution has matured, interoperability has been one of its
biggest priorities. "In the beginning customers were mainly dealing with a
Windows-centric environment," says Chris Witeck, director of product management
at Aventail. "As we saw an increased demand for varied platform support, we
expanded our solution to work with any device." Aventail literature says it
offers the most complete solution for any type of device, including Linux and
Macintosh operating systems, and supports almost all smartphone or PDA
browsers. The solution promises strong granular control down to specific users
and specific applications; device recognition and authentication; single
gateway access for easy sign on; and session persistence for users who roam
For Strack, the distressed conractor
NetMotion Wireless was a knight in shining security. NetMotion categorizes its
solution as "built for wireless." Tom Johnston, senior VP of product and
marketing for NetMotion Wireless, stresses this idea that NetMotion's solution
is built to enable "line of business applications over wireless networks."
While some VPNs can degrade performance, as Strack discovered, NetMotion's
Mobility XE works to improve throughput, compressing data and controlling
network chatter, whether a user is connecting over WiFi, EV-DO, GPRS, EDGE and
even cable or DSL networks. Currently, NetMotion's solution only supports
Windows machines, including Windows Mobile devices. Mobility XE offers
centralized policy control features, down to which applications are allowable
over which networks.
Performance Balanced With Convenience
While many security vendors started
with a product built for wired environments, Columbitech started with mobility
in mind. Founded in 2000 as a spin-off from Ericsson, Columbitech's solution
addresses the hassles of an intermittently connected environment. Featuring
single sign-on security, users only need to log in once; as they move in and
out of coverage the VPN works in the background reauthenticating automatically.
Columbitech's CT Enterprise Mobile VPN also features data compression, and its
tiny client works on smaller devices. The company has a number of government
contracts, so its VPN is FIPS 140.2 certified. Currently, CT Enterprise Mobile
VPN is formatted for any Windows platform or Symbian-based smartphone, but
Columbitech says it could create a compatible client for any platform in no
Clientless, Scalable Solution
Juniper Networks offers scalable
IPsec VPNs and clientless SSL VPN solutions to fit the size and shape of any
enterprise's remote access needs. Because there is no client, the SSL VPN is
compatible with any browser on any device, for what Juniper boasts is "true
anytime, anywhere secure access." The platform supports granular management,
allowing the enterprise to control access down to which applications users can
access over which networks. Juniper also supports device-level security,
ensuring the device meets the appropriate security "posture" before it
connects. This transparent process allows for detailed auditing; the solution
can track who is connecting when, with what device and from where. Juniper's
solution also offers single sign-on access and session persistence.
One Solution, Multiple Security Scenarios
Cisco is a major player in
enterprise networking solutions, so it's no surprise that it offers a variety
of security products. Mark Jansen, product line manager for secure remote
the Adaptive Security Appliance
(ASA) its "premier" security platform. In one appliance, Cisco offers a
traditional IPsec VPN client, a clientless SSL VPN and a thin client SSL VPN
tunnel for a single, scalable solution. "We've worked to create one solution
that can meet multiple remote access scenarios," says Jansen. Cisco's ASA
platform is compatible with any standards-based browser using SSL, and clients
can be developed for most devices. The ASA will adapt to the device and any
network it connects over--meeting IT's demand for a simple, adaptable solution,
as well as meeting users' demands for ease of use.
Finding the Right Solution
Once Strack deployed NetMotion's
Mobility XE, its wireless project came off in a cinch. The company was so
satisfied, in fact, that it began accessing more information over the wireless
network and exploring the use of other mobile devices, eventually rolling out
Windows Mobile--based handhelds and smartphones. //
Teresa von Fuchs is a freelance
writer in Austin, Texas.