Interop 2011: Video Interview with Joanie Wexler

At the show, we had the chance to speak to Joanie Wexler, a regular contributor to Network World’s Wireless Alert column. We talked to Joanie about mobile device management issues that are emerging at this year’s show, including the confusion surrounding the influx of diverse mobile devices into the enterprise.

Mobile Security: Q&A with Peter Brockmann, Tech Analyst, Part 2

VPN Haus talks to Peter Brockmann, tech analyst and president of Brockmann & Company. In the second post in this two-part series, Brockmann weighs in on the security of mobile devices. See Part 1 of the Q&A here.

VPN Haus: The Blackberry is no longer the default mobile device for organizations. Now that different people within a  single organization could be using a Blackberry, iPhone, an Android device and more, how can organizations manage mobile security with so much variety? Are there any security advantages of having employees on different kinds of devices?

Peter Brockmann: Despite the noise surrounding Android, our research shows that this is mostly hype so far.  North American enterprises are more likely BlackBerry with iPhone.  We believe it is this state of affairs because Android has potential, but has yet to make a sizable dent in the business user market with the right combination of network, devices and software.

Mobile security professionals have begun to realize that it is a diverse, user-driven world we live in.  Historically, they have always validated policies regardless of the device or device vendors.  They typically recommended technologies and implemented policies that address the very real concerns about eavesdropping and theft of mobile devices, the access they enable and the data they have onboard.  For them, it was supposed to be a simple method of validating a device’s compliance with these standard policies and accepting or rejecting the device.  However, real life isn’t always so simple.

Today, users have enormous power over their IT environment and user convenience is now a major factor in determining device support.  The old axiom that “complexity kills” has to be set aside from infrastructure decisions so that users can extract the productivity benefits they seek. One of the downsides to a multi-device, multi-vendor world is that the administrator needs to access different tools to perform the same service for different users. IT might need to have the same app developed for multiple devices. The firm might need different client software to perform the same function on different devices. All of this complexity introduces costs and the potential for error by administrators, but if it simplifies the users’ life and increases their productivity so they can win more business faster, so be it.

VPN Haus: How would you rate Mac’s built-in VPN? Would you suggest corporate networks use external VPNs, rather than relying on the Mac’s built-in function? Or In what cases would you suggest using an external VPN rather than Mac’s built-in feature?

Brockmann: I’ve used the Mac’s (and iPhone’s) built-in VPN to access my corporate network when traveling.  It can be a reliable, simple-to-use and unobtrusive security feature.  However, there are places, such as my mother’s home, some hotels and a few airport lounges, where the locally provided Internet service supports only a few TCP/IP ports such as port 80 (http) or port 443 (https) which causes a timeout on connection attempts, leaving me frustrated and my Mac stranded.

An external VPN client is better to enable useful features not supported by the ‘built-in’ client.  For example, the NCP Secure Entry Client for Mac can overcome the port-limiting challenge with its unique PathFinder technology.  It uses the appropriate ports to attempt a service  connection and should that fail, it can attempt a connection over port 80 or 443 and thereby increase the possibilities of doing business in these places.  Something mother may not appreciate, but my boss will.

Also, if my enterprise supports a number of OS’ on devices expected to be mobile—Windows, Linux, Mac, iPhone, Symbian, BlackBerry, WebOS, Windows Mobile—it might be more appropriate to implement a common client and common remote access server across all these devices.  That way, we can enable a unified support service, common features such as PathFinder or a non-RSA two-factor authentication service and a consistent experience (or nearly so) on a users’ mobile or on a users’ laptop.

[tweetmeme source=”vpnhaus” only_single=false]

Mobile Security: Q&A with Peter Brockmann, Tech Analyst, Part 1

This week, VPN Haus talks to Peter Brockmann, tech analyst and president of Brockmann & Company. In the first in this two-part series, Brockmann weighs in on the security of mobile devices.

VPN Haus: How are connectivity security issues different for iPhone OS mobile devices vs. the Blackberry or Palm devices?

Peter Brockmann: Modern smartphones are really pocket computers. As such, they exhibit each of the same security risks as their larger computing relatives. They have passwords, sensitive emails, files and critical business applications in their multi-gigabyte on-board flash storage. They can be easily lost; easily stolen. They support WiFi and, as such, can be vulnerable to eavesdropping and Access Point spoofing attacks. Vendors of the leading devices – BlackBerry, iPhone, Windows Mobile, Symbian, Palm (3rd parties offer it for Android devices) – offer products and services to overcome these security risks and enable the device to be a solid platform for mobile business computing and communications.

Devices need to be able to be remotely wiped clean including lock out secrets, passwords and public key infrastructure credentials. Devices need to support encrypted data transmissions over WiFi and over 3G/4G/LTE wireless services. Enterprises need to be able to support rollouts of hundreds or thousands of devices at a time and need to update software remotely and implement corporate-wide security policies.

Unfortunately, each of the manufacturers has implemented different server software to achieve the same result. This is unfortunate because the remote access administrator has to use different apps that do the same thing to support these leading devices, which can introduce process errors and slow support responses, not to mention be the cause for administrator error.

VPN Haus: Do you think any mobile device is more secure than the others?

Brockmann: We have no evidence that one is more secure than the other. These three vendors offer back-office management applications effective for large scale enterprise management of mobile devices. They all support encryption for data in transit, local data protection through passwords, remote wipe and data and directory backup services.

VPN Haus: People are now connecting to their corporate networks from hotels, airports, coffee shops, fast food chains, at bars, and even from the mall. What does the proliferation of remote access locations mean for organizations’ network security. Should they limit where their employees can log-in from and is that really enforceable?

Brockmann: Business needs to happen wherever and whenever business can happen. Only the most paranoid of organizations, where the risks to national security or billion dollar transactions are very large and very real, need to be overwhelmingly sensitive to where users do business. For the rest of us, it would be silly to prevent employees from doing business in some public areas versus others, provided that best practices for privacy, eavesdropping and remote wiping can be maintained. Good security policies always have to balance convenience and security.

Stayed tuned to VPN Haus for more from Brockmann on the proliferation of mobile devices, as well as Mac security.

[tweetmeme source=”vpnhaus” only_single=false]