This won’t be a gradual evolution. It is being driven by users and will be a fundamental change, similar to some of the other seismic shifts in computing such as the arrival of PCs, which freed users from the dominance of mainframes.
A key driver behind these developments is the introduction in 2013 of the new wireless standard 802.11ac, followed in the next couple of years by 802.11ad. These standards will fuel the increase in mobile devices and BYOD, leading to wireless becoming the status quo instead of wired.
There are many elements supporting this change. 4G with faster and bigger data-handling capabilities will drive expectations in the office. The growing deployment of mobile IPV6, with its significantly enhanced capabilities, enables better roaming. Cloud and virtualisation shift both the perception and the very nature of company boundaries, making mobility even more relevant.
The real dilemma is how do you secure, implement and manage what you don’t know? Already developments such as learning apps, Google Glass, payments from mobiles, Tizan 2.1 (multi-device operating system) and CloudOn (which allows users to run business apps on their mobile in the cloud) are all throwing up new areas to be defined and incorporated into security policies. Over the next few years, there will be many more innovations that will directly impact organisational structures and security.
One major challenge for IT managers is how to navigate their way through a fluid and fast-evolving situation where network infrastructures are changing rapidly and where it’s very hard to predict what the changes will be.
Questions arising include how to develop the network so users can get the best productivity and other benefits from existing and new mobile devices. How do you go about moving to wireless in a cost-effective way, with the least disruption to the business? How do you track and manage the growing number of mobile devices? How do you maintain control of the network? And how do you keep the network secure in this rapidly changing environment?
The move to wireless
The new wireless standard 802.11ac provides initial WLAN throughput of at least 1Gbps and up to 7Gbps in the future. 802.11ad, with multi Gbps throughput, will provide up to 7Gbps when it is ratified and introduced. And 4G will provide up to 100 Mbps mobile. This gives the potential for radically improved wi fi performance over what is available in the workplace today.
Many wireless deployments to date have been tactical, with more access points added, often unstructured, to meet increasing user demand or deal with cold spots. Usually, they have been neither fully pervasive nor capable of handling multi-media, high-volume and high-density traffic. Of course, they are based on the higher range of the old 2.4 GHz access points.
802.11ac will deliver the unfulfilled promise of 802.11n, but with a focus on 5GHz rather than 2.4GHz. With 5GHz providing shorter range but higher throughput, existing access point (AP) - based systems will be inadequate for the new requirements.
Migrating to 802.11ac will require entirely new APs, new antennas, upgraded or replaced controllers and new switches or power over ethernet (PoE) injectors. Similar to the evolution of 802.11n, there will be multiple versions and phases of 802.11ac. For some organisations, this will mean a rolling deployment, with the associated configuration and security risks.
An increasingly popular alternative to the AP approach is the modular array approach. With this method, an array can hold multiple, directionally tuneable APs. Unlike traditional broadcasting, directional focus minimises interference and enables clear control over geo overspill.
This is particularly relevant given the challenges that 5GHz and beyond will create for the old AP-based approach to coverage. With 2.4GHz, providing more coverage typically involves adding more APs. However, that has been shown to be increasingly self-limiting because interference between APs reduces coverage, rather than increasing it.
A major benefit of an array-based or directional-based approach is that it can be easier to upgrade as traffic usage and capacity evolve, allowing companies to react swiftly to changing circumstances. Key to success in adopting or extending wireless networks will be deployment pre-planning, risk assessment and determining the applicable policies.
Of course, a major consideration for IT managers is how to secure, control and manage a rapidly evolving wireless network, with a steadily growing number of mobile devices. And how do you protect the growing volume of data, which is a company’s most valuable asset?
There are some security problems on a wireless network that are not generally well known, such as issues around IPv6 mobility and 4G.
IPv6 will bring many benefits (and security challenges), but IPv6 mobility operates with location-independent routing, i.e. a home address and a forwarding address. For organisations using BYOD, an interesting question is ‘Where is/who owns the “home” address?’
4G isn’t just 3G with go-faster stripes. It will drive change with its major speed enhancements, but this will bring a range of additional management and security threats, both around communications and around the carrier networks.
Security history is littered with the challenges of trying to deal with the corporate response of ‘draw, fire and aim’ to the business deployment of technology. It can be hard in many organisations to get risk assessment and security deployment built in at the beginning of projects, rather than back fitted two years later.
Security should involve:
- risk analysis and acceptance of the level of risk;
- embedding security;
- education and staff involvement;
- monitoring and feedback loop;
Many security policies will be behind the curve and seen as well intentioned, but hampering business and imposed from above. The real experts in this scenario are the techies, power users and the younger members of staff. They are often the ones using the latest apps and technologies, as well as finding ways around limitations, so it is a good idea to co-opt them onto your policy-making team.
Multiple mobile devices necessitate multiple security solutions. These should include mobile device management (MDM), tracking and radio frequency (RF) management, encryption, authentication and behaviour management, as well as basic security measures on mobile devices. These basic measures would include running antivirus on smartphones and treating them with the same level of data leakage protection as PCs.
Mobile device management
Managing mobile devices is critical. MDM solutions can provide features such as ensuring device usage complies with company security policies, allocating access rights, managing configuration, updating policies, dealing with data leakage issues and with lost or stolen devices.
However, MDM is only one component of security, which will eventually be subsumed into broader security solutions.
Encryption and authentication
Amazingly mobility is still underserved by two basic and critical security solutions; Encryption and authentication are absolutely essential in the changing network infrastructure.
Encryption should be used for data stored on the network, data stored on mobile devices and data in transit. There are many useful solutions in this area ranging from the ‘PC on a secure stick’ encrypted flash drives, encrypted external hard drives and encrypted optical discs, as well as encrypting data on SAN devices.
The first essential authentication method for smartphones is that employees use PIN or passcodes instead of the default factory settings. Secondly, two-factor authentication should be used, rather than insecure passwords.
Mobility brings a multitude of challenges, but it also brings great advantages. There is such a groundswell of demand for mobility that it will be unstoppable. Securing data is key to benefitting from this change, with device security being a major element. However, perhaps more importantly, there is the need, as well as the opportunity, to educate staff and change their behaviour towards mobile security and protecting data.