TitchOnline.com
600 South Dearborn Street
Suite 1902
Chicago, IL 60605 USA
1-312-922-3772
Steven Titch,
Editor-in-Chief
titch@titchonline.com
Sharon J. Watson, Managing Editor
The Personal Information Technology Report
July 30, 2002
In this issue:
Getting on board with Wi-Fi security
The story in brief: 3G may be here faster than
anyone thought by way of a technology no one expected. Wireless
carriers have wisely dropped their initial antagonism toward public
802.11 (Wi-Fi) networks and now appear ready to integrate it into their
own, far more functional networks. The result would be a class of
service providers who provide the value equation of combined broadband,
mobility, voice and data.
In spite of the recent reports that AT&T Wireless,
Verizon Wireless and Cingular Wireless are involved in a proposal to
create a nationwide network of 802.11b, or Wi-Fi, hotspots, the three
carriers stubbornly remain quiet about any role they may be pondering.
Thus far, the wireless companies have declined to answer all
inquiries, including those from TitchOnline.com, about so-called
Project Rainbow, said to be the brainchild of Intel and IBM. The first
is a leading manufacturer of Wi-Fi chips, the second a leading
manufacturer of Wi-Fi base stations. Project Rainbow would seek to
deploy the 11 Mb/s wireless access technology in hotel lobbies,
airports and other public areas. When questioned, spokespersons at
AT&T Wireless and Verizon Wireless declined to comment, citing
competitive concerns. Cingular would not make anyone available.
You can't blame service providers for being a bit cagey.
Their collective pow-wow with Intel and IBM now seems to have had less
to do with any sort of service joint venture and more about Intel's and
IBM's own attempt to gauge the near-term market for Wi-Fi components
and equipment. If so, it was purely a meeting of vendors and customers.
Add the sudden silence from the wireless community about public Wi-Fi
service -- when only a few months ago its members were more than happy
to expound on its limited feasibility -- and it is reasonable to
believe that there have been some very fast changes in thinking within
these companies. More than likely several of them will announce plans
to integrate Wi-Fi into their conventional service before the end of
the year.
The speed at which 802.11b has taken
off has surprised even the most ardent of enthusiasts. Wi-Fi has
already passed its "early adopter" period. This winter, the Wi-Fi
phenomenon seemed confined mostly to Northern California. It has fanned
out rapidly, its popularity fueled by low cost and ease of setup. In a
report published July 21, a Chicago Sun-Times reporter using
his own sniffer detected 1,064 Wi-Fi networks throughout the Windy City
and its suburbs. It's no stretch to say that for many users, the first
experience with wireless data will be through Wi-Fi technology, not a
cell phone. As much as they hoped this wouldn't be the case, wireless
service providers are beginning to realize this, too.
More quantitatively, a study by the Gartner Group found there
was a $1.5 billion market for Wi-Fi equipment last year, and that is
growing 22 percent per year.
Technologically, it's not difficult to create end-user devices that can receive signals in both the 800/1900 MHz bands of U.S. cellular service (900 MHz/1800 MHz bands in the rest of the world) and the 2.5 GHz spectrum that Wi-Fi uses. All that's needed are dual-mode processor cards that could detect Wi-Fi networks and, when detected, switch handsets and laptops to them.
Once they begin to sell dual-mode terminals, wireless carriers themselves, at least indirectly, would become the primary generators of traffic on public Wi-Fi networks. They could either deploy their own hotspots, or become customers of Wi-Fi start-ups like Boingo Wireless, Wayport and HereUare. Since true customer value would lie in providing widespread coverage, chances are wireless carriers would use both approaches.
Plus, as evident by Project Rainbow, they would move closer to vendors like IBM and Intel who have firsthand experience with Internet infrastructure, IP and data communications protocols.
For now, the wisest thing wireless players are doing, despite
baiting from media and some analysts, is refusing to define Wi-Fi as a
heads-up competitor to 2.5 and 3G service. In fact, if the wireless
service providers take the smart tack, Wi-Fi might ultimately turn out
to be the best thing to happen to them.
We're not Wi-Fi
Wi-Fi's beauty is that it gives wireless companies a way to
strengthen themselves in data by differentiation. This is critical
because the wireless applications protocol (WAP) nearly killed their
credibility in wireless data for good.
The industry hyped WAP as the avenue to the wireless
Internet, a notion customers roundly rejected once they had a taste of
WAP's slow speed, monochromatic display and cumbersome user interface.
Wi-Fi, on the other hand, is about the wireless
Internet. And its 11 Mb/s rate makes it a much better access method
than 2.5G's 40-50 kb/s. Again, service providers are wise to see they
lose very little in conceding the speed advantage to Wi-Fi.
But that's all they should concede. Wi-Fi is purely broadband
access over short distances. Beyond that, it has more in common with a
cordless phone than a cellular phone. The message wireless carriers
should run with is: "We endorse Wi-Fi and we can support Wi-Fi, but
Wi-Fi is not synonymous with either 2.5G or 3G."
Public switched wireless network systems are complex. They
process information within the system and they have intelligence within
the system to do that. By contrast, all Wi-Fi does is plug into a wall.
It can't even manage its own security, which is the technology's
biggest liability (see story below).
But Wi-Fi is important because it brings broadband to the
wireless user much faster and more elegantly than any of the proposed
3G architectures. A conventional wireless phone system that ports to
Wi-Fi provides value by offering instant broadband. A Wi-Fi system that
ports to a wireless system gets a higher degree of security and a means
of billing and account verification. Indeed, the two are more than
complementary, they yield the key quartet of features needed for
personal information technology: broadband, portability, voice and data.
No wonder wireless companies are cautious. Wi-Fi integration
would give them a service advantage over everyone else. For some
companies, it also forces internal decisions on future strategy. For
Verizon Wireless and Cingular, Wi-Fi is much more of a threat to their
incumbent local exchange carrier parents because it stands to eat into
DSL and leased line revenues. This might be one reason that the only
detail these companies took pains to communicate about Project Rainbow
is that it did not involve services to residences and business - key
constituencies for their owners.
In Europe, where wireless companies are more independent,
embracing Wi-Fi creates a different type of opportunity. If some
carriers decide to adopt Wi-Fi as their broadband channel, they may be
in a position to surrender their 3G licenses -- and the debt load that
goes with them. The governments that had hoped to profit from the
billions of euros bid for these 3G licenses may attempt to block such
moves. Still, Telefonica's and Sonera's stock prices soared after they
erased €8.5 billion in debt by pulling the plug on their 3G joint
venture in Germany. So incumbent wireless service providers may find
themselves tempted to forsake 3G in favor of a combined EDGE-Wi-Fi
network that would be just as functional but nowhere near as expensive.
Public Wi-Fi gives wireless a broadband connection. Public
Wi-Fi, however, needs an infrastructure to work. Wireless networks
already have it in place. Wireless networks occupy the strategic middle
ground between user broadband access and the network functionality that
makes that access so valuable.
Overall, the wireless industry is learning that there is far
more value in mobility, portability and roaming than there is in
running a broadband pipe. And Wi-Fi is a ready-cut broadband pipe that
can be spliced onto existing wireless systems that already do all the
truly valuable work for the user. Of all service providers, it's the
wireless carriers who might best understand that controlling the
customer comes down to controlling administration and authorization and
billing, not physical connections. If there's a big competitive secret
to guard, it's this.
***************
Getting
on board with Wi-Fi security
The story in brief: Solving the security problems Wi-Fi
creates for corporate LANs, especially VPNs, provides a golden
opportunity for service providers to become part of an important value
chain. As Wi-Fi popularity grows, software-based security solutions are
already in the pipeline. Channel partnerships with these software
vendors could give service providers more to market than an
undifferentiated Wi-Fi product and a more inclusive wireless VPN
solution.
It's no secret that 802.11 (Wi-Fi) networks are not secure. But if
that's the only thing about them that needs fixing, salud!
These are the kind of tech problems you want to have.
Wi-Fi's security issues are not well understood. From the way some
alarmists have carried on, you'd think that a hacker with a laptop and
a makeshift antenna is a keystroke command away from taking down the
nation's air traffic control system or launching the remaining nuclear
missiles in Kazakhstan.
By itself, Wi-Fi does not provide any new means to defeat existing
safeguards on a secure network. Conversely, any system that can be
easily hacked with Wi-Fi can be easily hacked with any other type of
Internet connection.
The vulnerability of Wi-Fi is that it gives the hacker a virtual
workstation within an organization. With a wireless connection, an
unauthorized user can camp out in a parking lot or on the roof of the
building across the street and start trying network passwords the same
as if he walked in and plopped himself down in front of an unused PC.
Give a burglar a huge set of skeleton keys and an unlimited amount of
time to fiddle with the locks on your front door, and chances are he's
going to get in. Unsecured wireless access is a front door problem.
Wi-Fi, therefore, requires companies to tighten security at the point
where authorized users connect to the network.
A choice for service providers
The Wi-Fi security issue presents a choice to
service providers. They can use it to build business or they can use it
to disparage competitors. On the consumer level, the phone companies
used the security issue to disparage cable modems, in hopes of selling
DSL. Going by the market reports that show two-thirds of all
residential broadband connections are through cable modems, this
approach had little effect. All consumers did was purchase fairly
inexpensive firewall software.
Instead, service providers looking to capitalize on the interest and
potential of Wi-Fi have a better opportunity through exploring channel
partnerships with companies that provide applications and management
software for virtual private networks (VPNs). The primary application
for Wi-Fi is and will continue to be extension of corporate LANs. When
a company adds remote users and locations to a LAN, whether they are
across town or across the country, they are increasingly using VPN
connections, which are far more economical and secure than leased
lines. This is old news. Service providers, especially long distance
companies, are doing solid VPN business. The problem is that beyond
quality levels, there's little value to add. That's where the addition
of Wi-Fi security would create more differentiation.
Vendors, which include SmartPipes, Waveset and Critical Path, provide
integrated software platforms that IT managers use to configure the
rules and methods, or policies, for the way different parts of the
organization access company data through a virtual private network
(VPN). For example, policy servers ensure that PCs in the human
resources department are the only machines that can access a database
of employee records. These policies can be formulated down to the
individual level, such as a laptop or handheld device. In the case of a
Wi-Fi intrusion, even if a hacker were to get past the initial firewall
by using a stolen username or password, the policy server would block
access to company information simply because the hacker's device is not
recognized.
______________________________________________________
A glance at the value chain
Some companies providing software
policy-based solutions and access security.
SmartPipes Inc.,
Redwood City, CA.
The company offers a
single, logical, policy-based IP services software platform that
enables solution providers to offer integrated IP services to
enterprise accounts. SmartPipes' Remote Policy Management (RPM)
software provides secure automated delivery, installation and
configuration of third party software onto remote desktops, servers and
network devices, and enforces remote policies, which define how these
software applications are to be used both individually and together.
WorldCom and XO Communications are two service provider customers that
incorporate the software into VPN offerings.
Waveset
Technologies Inc., Austin, TX
The company's Lighthouse
V2 security identity management software securely and efficiently
manages internal and external user access privileges across all
enterprise resources. The company currently is working with Funk
Software on an 802.11b access solution. Channel Partners include
Deloitte & Touche, PricewaterhouseCoopers and Northrup Grumman
Information Technology.
www.waveset.com
Critical Path
Inc., San Francisco, CA
The company has
leveraged its email and messaging solutions designed for ISPs into a
larger suite of software that now includes security, identity
management, collaboration services and wireless access. Service
provider customers include Tiscali, the largest ISP in Europe; Bluewin,
the largest Swiss ISP; and DataOne Asia, a Singapore-based managed
service provider.
______________________________________________________
Comparatively speaking, the Wi-Fi security fix
is fairly easy. Most of the effort is at the user end, which means any
service provider who can step in and relieve some of that effort would
be welcome, as systems integrators, many of whom resell and configure
vendor software solutions, have already discovered.
With Wi-Fi growing at a 22 percent annual rate, according to Gartner
Group research, and with users of all sizes taking a growing interest
in the technology to extend their networks, the technology offers
concrete opportunities for service providers to add value through the
extension of VPN policy solutions across Wi-Fi networks.
As use of IP VPNs expands to encompass wireless devices that use 802.11
networks, both information security and access control will be vital to
banks, hospitals, retailers and any one else with a proprietary
interest in safeguarding their own data and data about customers. The
emerging requirements of personal information technology, particularly
as it encompasses wireless connections, will place a premium on any
company who can be part of a value chain for information security.
-- Steven Titch
***************
Visit www.titchonline.com now to complete your subscription and ensure your continued access to TitchOnline.com and its unique coverage of personal information technology management.
As a TitchOnline.com subscriber, you will always be able to access all our features at our Web site. Plus you'll have exclusive, subscriber-only access to upcoming special reports.
Complete your subscription today at www.titchonline.com and enjoy the remainder of your trial subscription before your paid period starts. Save even more by choosing the annual subscription offer. Become a TitchOnline.com subscriber now!
We invite your feedback. Please write to us at feedback@TitchOnline.com with questions, comments or if you'd like us to offer a trial subscription to a colleague. Thank you very much!
Copyright
©2002 Expert Editorial Inc.
All rights reserved. Unauthorized reproduction prohibited.