Beyond securing connections, companies might want to control what's allowed on the corporate mobile device fleet. Configuration management systems from companies like Trellis and others make this possible. These products can control settings such as enforcement of corporate VPN restrictions, preventing network bridging (e.g., 3G to corporate LAN) and ensuring proper proxy configuration.
Mobile VPNs, designed from the ground up for mobile usage, can maintain sessions while disconnected and provide seamless roaming across network types (e.g., Wi-Fi to 3G), and can optimize data traffic. Dealing with disconnects and IP address changes are major challenges with IPsec VPNs. Beyond connectivity, new features found in NetMotion Wireless' Mobility XE, for example, emphasize capabilities such as policy management, endpoint control, network access control, and support for two-factor authentication. If you need to develop applications for handheld platforms, consider mobile middleware with complete development environments, letting you target multiple mobile platforms with the same application code. These systems, from Antenna Software, Dexterra, MobileAware, Sybase, and others, have comprehensive management capabilities, robust security options such as communications encryption, storage encryption, access policies, and the ability to disable lost or stolen devices.
Turnkey e-mail and synchronization products like Research In Motion's BlackBerry and Microsoft Exchange Direct Push also have similar robust security features.
All In One
Alcatel Lucent's approach to mobile security is to put security functions directly in the modem card. The card actually implements the VPN client, as well as a policy management client. And requires an Alcatel Lucent VPN concentrator. Even with the laptop off, the card stays on with a battery, and can receive software patches, which it can then install on the laptop once the laptop is turned back on. When connecting via Wi-Fi or Ethernet, packets are still processed on the card to implement the VPN function. The card also implements smart-card functions for two-factor authentication (with a password as the other factor).
The bottom line is this: Today's mobile broadband networks have some enhanced security functions built in, but most companies should take responsibility for both the security of their devices and how those devices communicate. Fortunately, a rich set of options is now available.
Peter Rysavy is president of Rysavy Research, a company specializing in wireless technology.
|3G Wireless VPN Security: Trade-offs|
Many organizations are already using these for site-to-site and for remote access
Compatible with 3G, and works well for stationary users with a good signal
Not well suited for demanding mobil eenvironments
Limited features for controlling end point
Compatible with 3G
Allows support for wider mobile environments
Vendors provide mobile-specific features
|Like IPsec, not well suited for demanding range of handheld devices in clientles smodes|
|Wide range of features provided for mobile use, including security, policy management, ability to roam across different networks||Requires additional VPN infrastructure for organizations already using other VPNs, such as IPsec|