Wirevolution

Enterprise Mobile Security

Subscribe!

Archive for the ‘enterprise’ Category

« Older Entries

Mobile Malware Update

Friday, March 22nd, 2013

Blue Coat Systems has published an interesting report on the state of mobile malware. The good news is that in the words of the report “the devices’ security model” is not yet “broken.” This means that smartphones and tablets are still rarely hijacked by viruses in the way that computers commonly are.

Now for the bad news. On the Android side (though apparently not yet on the iOS side), virus-style hijackings have begun to appear:

Blue Coat WebPulse collaborative defense first detected an Android exploit in real time on February 5, 2009. Since then, Blue Coat Security Labs has observed a steady increase in Android malware. In the July-September 2012 quarter alone, Blue Coat
Security Labs saw a 600 percent increase in Android malware over the same period last year.

But this increase is from a minuscule base, and this type of threat is still relatively minor on mobile devices. Instead the report says, “user behavior becomes the Achilles heel.” The main mobile threats are from what the report calls “mischiefware.”

Mischiefware works by enticing the user into doing something unintentional. The two main categories of Mischiefware are:

  1. Phishing, which tricks users into disclosing personal information that can be used for on-line theft.
  2. Scamming, which tricks users into paying far more than they expect for something – like for-pay text (SMS) messages or in-app purchases. Even legitimate service providers can be guilty of this type of ‘gotcha’ activity, with rapacious international data roaming charges, or punitive overage charges on monthly ‘plans.’

“User behavior becomes the Achilles Heel” is hardly a revelation. A more appropriate phrase would be “User behavior remains the Achilles Heel,” since in this respect the mobile world is no different from the traditional networking world.

Posted in Android, Apple, enterprise, security, smartphone, tablet | No Comments »

ITExpo: Anatomy of Enterprise Mobility: Revolutionizing the Mobile Workforce

Sunday, September 9th, 2012

If you are going to ITExpo West 2012 in Austin, make sure you attend my panel on this topic at 10:00 am on Friday, October 5th.

The panelists are Brigitte Anschuetz of IBM, Akhil Behl of Cisco Systems, John Gonsalves of Symphony Teleca Corporation, Sam Liu of Partnerpedia and Bobby Mohanty of Vertical.

The pitch for the panel is:

Enterprise mobility is one of the fastest growing areas of business, allowing companies to virtually connect with customers and employees from anyplace in the world. CIOs are facing more decisions than ever when it comes to managing their mobile workforce. Employees expect to be able to do their work on multiple platforms, from desktops and laptops to tablets and smartphones.

This session will dive into the various components of an enterprise mobility solution, provide best practices to ensure they are successful and explain how they integrate together to enable companies to grow their business. Topics will include: mobile enterprise application platforms, enterprise app stores, mobile device management, expense management, and analytics.

Posted in Cisco, enterprise, manageability, Wi-Fi | No Comments »

ITExpo: BYOD – The New Mobile Enterprise

Sunday, September 9th, 2012

If you are going to ITExpo West 2012 in Austin, make sure you attend my panel on this topic at 1:30 pm on Wednesday, October 3rd.

The panelists are Jeanette Lee of Ruckus Wireless, Ed Wright of ShoreTel and John Cash of RIM.

The pitch for the panel is:

BYOD (Bring Your Own Device) has been in full swing for a couple of years now, and there’s no going back. Enterprises have adopted a policy of allowing users to use their own devices to access corporate networks and resources. With it comes the cost savings of not having to purchase as many mobile devices, and user satisfaction increases when they are able to choose their preferred devices and providers (and avoid having to carry multiple devices). But the benefits don’t come without challenges — the user experience must be preserved, security policies must accommodate these multiple devices and operating systems, and IT has to content with managing applications and access across different platforms. This session looks at what businesses can do to mitigate risks and ensure performance while still giving your users the device freedom they demand.

Posted in Blackberry, dual-mode, enterprise, FMC, manageability, phones, security, smartphone, use cases, Wi-Fi | No Comments »

ITExpo: Enterprise SBC and UC Security Essentials

Friday, September 7th, 2012

If you are going to ITExpo West 2012 in Austin, make sure you attend my panel on this topic at 10:00am on Wednesday, October 3rd.

The panelists are Scott Beer of Ingate Systems, Jeff Dworkin of Sangoma, Eric Hernaez of NeSatpiens, Mykola Konrad of Sonus Networks, Jack Rynes of Avaya and John Nye of Genband.

The pitch for the panel is:

Supported by Session Border Controllers (SBCs) and Unified Communications (UC), enterprises can enable workers to essentially carry their desk phone extensions and features with them, wherever they are working on any given day – via VoIP clients and other UC applications on smartphones, tablets, and other mobile devices. With rich UC applications features such as call transfer, conference call, corporate directory listings, and presence, workers can collaborate and communicate in real-time, increasing productivity by maintaining an always one presence.

But wireless and Internet connected mobile devices present unique security challenges that differ dramatically from traditional communications and data security methods that rely on firewalls, user authentication, and encryption. Further, these mobile devices can expose sensitive network traffic, and proprietary or confidential data and communications, to multiple vulnerabilities.

Enterprises that have embraced SBCs, and other components of UC security, are proving they can securely protect and extend communications to external parties, unlocking new ways of collaborating with clients, partners, distributed employees and the supply chain. This session will consider the Enterprise SBC as a means of satisfying security and privacy requirements, with signaling and traffic encryption, media and signaling forking, network demarcation, and threat detection and mitigation, enabling enterprises to capture the cost benefits of VoIP and UC, while maintaining essential security postures and access to multi-mobile communications across the network, anytime, anywhere.

Posted in enterprise, security, VoIP | No Comments »

Mobile Virtualization

Saturday, February 18th, 2012

According to Electronista, ARM’s next generation of chips for phones and tablets should start shipping in devices at the end of this year.

These chips are based on ARM’s big.LITTLE architecture. big.LITTLE chips aren’t just multi-core, they contain cores that are two different implementations of the same instruction set: a Cortex A7 and one or more Cortex A15s. The Cortex A7 has an identical instruction set to the A15, but is slower and more power efficient – ARM says it is the most power-efficient processor it has ever developed. The idea is that phones will get great battery life by mainly running on the slow, power-efficient Cortex A7, and great performance by using the A15 on the hopefully rare occasions when they need its muscle. Rare in this context is relative. Power management on modern phones involves powering up and powering down subsystems in microseconds, so a ‘rarely’ used core could still be activated several times in a single second.

The Cortex A15 and the Cortex A7 are innovative in another way, too: they are the first cores based on the ARMv7-A architecture. This is ARM’s first architecture with hardware support for virtualization.

Even without hardware support, virtualization on handsets has been around for a while; phone OEMs use it to make cheaper smartphones by running Android on the same CPU that runs the cellular baseband stack. ARM says:

Virtualization in the mobile and embedded space can enable hardware to run with less memory and fewer chips, reducing BOM costs and further increasing energy efficiency.

This application, running Android on the same core as the baseband, does not seem to have taken the market by storm. I presume because of performance. Even the advent of hardware support for virtualization may not rescue this application, since mobile chip manufacturers now scale performance by adding cores, and Moore’s law is rendering multicore chips cheap enough to put into mass-market smartphones.

So what about other applications? The ARM piece quoted above goes on to say:

Virtualization also helps to address safety and security challenges, and reduces software development and porting costs by man years.

In 2010 Red Bend Software, a company that specializes in manageability software for mobile phones, bought VirtualLogix, one of the three leading providers of virtualization software for phones (the other two are Trango, bought by VMWare in 2008 and OK Labs.)

In view of Red Bend’s market, it looks as if they acquired VirtualLogix primarily to enable enterprise IT departments to securely manage their employees’ phones. BYOD (Bring Your Own Device) is a nightmare for IT departments; historically they have kept chaos at bay by supporting only a limited number of devices and software setups. But in the era of BYOD employees demand to use a vast and ever-changing variety of devices. Virtualization enables Red Bend to add a standard corporate software load to any phone.

This way, a single phone has a split personality, and the hardware virtualization support keeps the two personalities securely insulated from each other. On the consumer side, the user downloads apps, browses websites and generally engages in risky behavior. But none of this impacts the enterprise side of the phone, which remains secure.

Posted in ARM, enterprise, manageability, smartphone | No Comments »

IT Expo East 2011: NGC-04 “Meeting the Demand for In-building Wireless Networks”

Monday, January 24th, 2011

I will be moderating this panel at IT Expo in Miami on February 2nd at 12:00 pm:

Mobility is taking the enterprise space by storm – everyone is toting a smartphone, tablet, laptop, or one of each. It’s all about what device happens to be the most convenient at the time and the theory behind unified communications – anytime, anywhere, any device. The adoption of mobile devices in the home and their relevance in the business space has helped drive a new standard for enterprise networking, which is rapidly becoming a wireless opportunity, offering not only the convenience and flexibility of in-building mobility, but WiFi networks are much easier and cost effective to deploy than Ethernet. Furthermore, the latest wireless standards largely eliminate the traditional performance gap between wired and wireless and, when properly deployed, WiFi networks are at least as secure as wired. This session will discuss the latest trends in enterprise wireless, the secrets to successful deployments, as well as how to make to most of your existing infrastructure while moving forward with your WiFi installation.

The panelists are:

  • Shawn Tsetsilas, Director, WLAN, Cellular Specialties, Inc.
  • Perry Correll, Principal Technologists, Xirrus Inc.
  • Adam Conway, Vice President of Product Management, Aerohive

Cellular Specialties in this context is a system integrator, and one of their partners is Aerohive. Aerohive’s special claim to fame is that they eliminate the WLAN controller, so each access point controls itself in cooperation with its neighbors. The only remaining centralized function is the management. Aerohive claims that this architecture gives them superior scalability, and a lower system cost (since you only pay for the access points, not the controllers).

Xirrus’s product is unusual in a different way, packing a dozen access points into a single sectorized box, to massively increase the bandwidth available in the coverage areas.

So is it true that Wi-Fi has evolved to the point that you no longer need wired ethernet?

Posted in enterprise, network, Wi-Fi | No Comments »

ITExpo East 2011: NGC-02 “The Next Generation of Voice over WLAN”

Monday, January 24th, 2011

I will be moderating this panel at IT Expo in Miami on February 2nd at 10:00 am.

Voice over WLAN has been deployed in enterprise applications for years, but has yet to reach mainstream adoption (beyond vertical markets). With technologies like mobile UC, 802.11n, fixed-mobile convergence and VoIP for smartphones raising awareness/demand, there are a number of vendors poised to address market needs by introducing new and innovative devices. This session will look at what industries have already adopted VoWLAN and why – and what benefits they have achieved, as well as the technology trends that make VoWLAN possible.

The panelists are:

  • Russell Knister, Sr. Director, Business Development & Product Marketing, Motorola Solutions
  • Ben Guderian, VP Applications and Ecosystem, Polycom
  • Carlos Torales, Cisco Systems, Inc.

All three of these companies have a venerable history in enterprise Wi-Fi phones; the two original pioneers of enterprise Voice over Wireless LAN were Symbol and Spectralink, which Motorola and Polycom acquired respectively in 2006 and 2007. Cisco announced a Wi-Fi handset (the 7920) to complement their Cisco CallManager in 2003. But the category has obstinately remained a niche for almost a decade.

It has been clear from the outset that cell phones would get Wi-Fi, and it would be redundant to have dedicated Wi-Fi phones. And of course, now that has come to pass. The advent of the iPhone with Wi-Fi in 2007 subdued the objections of the wireless carriers to Wi-Fi and knocked the phone OEMs off the fence. By 2010 you couldn’t really call a phone without Wi-Fi a smartphone, and feature phones aren’t far behind.

So this session will be very interesting, answering questions about why enterprise voice over Wi-Fi has been so confined, and why that will no longer be the case.

Posted in Cisco, dual-mode, enterprise, FMC, Mobile Unified Communications, use cases, VoIP, Wi-Fi | No Comments »

Third Generation WLAN Architectures

Thursday, October 21st, 2010

Aerohive claims to be the first example of a third-generation Wireless LAN architecture.

  • The first generation was the autonomous access point.
  • The second generation was the wireless switch, or controller-based WLAN architecture.
  • The third generation is a controller-less architecture.

The move from the first generation to the second was driven by enterprise networking needs. Enterprises need greater control and manageability than smaller deployments. First generation autonomous access points didn’t have the processing power to handle the demands of greater network control, so a separate category of device was a natural solution: in the second generation architecture, “thin” access points did all the real-time work, and delegated the less time-sensitive processing to powerful central controllers.

Now the technology transition to 802.11n enables higher capacity wireless networks with better coverage. This allows enterprises to expand the role of wireless in their networks, from convenience to an alternative access layer. This in turn further increases the capacity, performance and reliability demands on the WLAN.

Aerohive believes this generational change in technology and market requires a corresponding generational change in system architecture. A fundamental technology driver for 802.11n, the ever-increasing processing bang-for-the-buck yielded by Moore’s law, also yields sufficient low-cost processing power to move the control functions from central controllers back to the access points. Aerohive aspires to lead the enterprise Wi-Fi market into this new architecture generation.

Superficially, getting rid of the controller looks like a return to the first generation architecture. But an architecture with all the benefits of a controller-based WLAN, only without a controller, requires a sophisticated suite of protocols by which the smart access points can coordinate with each other. Aerohive claims to have developed such a protocol suite.

The original controller-based architectures used the controller for all network traffic: the management plane, the control plane and the data plane. The bulk of network traffic is on the data plane, so bottlenecks there do more damage than on the other planes. So modern controller-based architectures have “hybrid” access points that handle the data plane, leaving only the control and management planes to the controller device (Aerohive’s architect, Devin Akin, says:, “distributed data forwarding at Layer-2 isn’t news, as every other vendor can do this.”) Aerohive’s third generation architecture takes it to the next step and distributes control plane handling as well, leaving only the management function centralized, and that’s just software on a generic server.

Aerohive contends that controller-based architectures are expensive, poorly scalable, unreliable, hard to deploy and not needed. A controller-based architecture is more expensive than a controller-less one, because controllers aren’t free (Aerohive charges the same for its APs as other vendors do for their thin ones: under $700 for a 2×2 MIMO dual-band 802.11n device). It is not scalable because the controller constitutes a bottleneck. It is not reliable because a controller is a single point of failure, and it is not needed because processing power is now so cheap that all the functions of the controller can be put into each AP, and given the right system design, the APs can coordinate with each other without the need for centralized control.

Distributing control in this way is considerably more difficult than distributing data forwarding. Control plane functions include all the security features of the WLAN, like authentication and admission, multiple VLANs and intrusion detection (WIPS). Greg Taylor, wireless LAN services practice lead for the Professional Services Organization of BT in North America says “The number one benefit [of a controller-based architecture] is security,” so a controller-less solution has to reassure customers that their vulnerability will not be increased. According to Dr. Amit Sinha, Chief Technology Officer at Motorola Enterprise Networking and Communications, other functions handled by controllers include “firewall, QoS, L2/L3 roaming, WIPS, AAA, site survivability, DHCP, dynamic RF management, firmware and configuration management, load balancing, statistics aggregation, etc.”

You can download a comprehensive white paper describing Aerohive’s architecture here.

Motorola recently validated Aerohive’s vision, announcing a similar architecture, described here.

Here’s another perspective on this topic.

Posted in enterprise, manageability, network, QoS Metrics, Wi-Fi | 1 Comment »

ITExpo West — Achieving HD Voice On Smartphones

Friday, October 1st, 2010

I will be moderating a panel discussion at ITExpo West on Tuesday 5th October at 11:30 am in room 306B: “Achieving HD Voice On Smartphones.”

Here’s the session description:

The communications market has been evolving to fixed high definition voice services for some time now, and nearly every desktop phone manufacturer is including support for G.722 and other codecs now. Why? Because HD voice makes the entire communications experience a much better one than we are used to.

But what does it mean for the wireless industry? When will wireless communications become part of the HD revolution? How will handset vendors, network equipment providers, and service providers have to adapt their current technologies in order to deliver wireless HD voice? How will HD impact service delivery? What are the business models around mobile HD voice?

This session will answer these questions and more, discussing both the technology and business aspects of bringing HD into the mobile space.

The panelists are:

This is a deeply experienced panel; each of the panelists is a world-class expert in his field. We can expect a highly informative session, so come armed with your toughest questions.

Posted in cellular, dual-mode, enterprise, Google, HD Voice, QoS Metrics, smartphone | No Comments »

DiVitas partners with Avaya

Monday, March 9th, 2009

Last week Avaya announced that it has chosen DiVitas as its preferred partner for mobile unified communications (UC). The companies will do joint marketing and cross-training of their sales forces in a reference sale mode. This is huge for DiVitas because it opens Avaya’s distribution channel to it. According to Phil Klotzkin, Avaya’s senior manager for UC, this channel supplies 20% of the business phone systems world-wide.

The DiVitas solution plugs a small but important gap in Avaya’s product line. Avaya already has a mobile unified communications solution, called one-X Mobile.

One-X Mobile extends PBX features to cell phones, notably the ability to give out a single number that rings on both your cell phone and your desk phone; the ability to do PBX-related actions like 4 digit dialing and transfers; visual voicemail; and the ability to move a call in progress between the cell-phone and the desk phone.

The DiVitas product offers a comparable solution set, but goes beyond one-X Mobile with Wi-Fi voice and a range of social networking features including IM and Presence. Because it uses Wi-Fi, the DiVitas solution requires a dual-mode handset. Virtually all new smartphones are dual-mode, but with the exception of Nokia’s Eseries and Nseries, few of them are well suited to voice over Wi-Fi. One-X Mobile uses the cellular voice channel rather than Wi-Fi, so it runs on a wide variety of phones.

For IM related features both DiVitas and Avaya’s desktop Integrated Presence Server use open source Jabber software. The two will be integrated with each other by the end of the year.

DiVitas/Avaya system diagram

For now the DiVitas handset software (client) is not integrated with the one-X Mobile handset software – the customer will choose one or the other for each user. The DiVitas client and the one-X Mobile client will each retain their different look and feel, and the one-X Mobile client will continue to run on single-mode phones and the DiVitas client on dual-mode.

In a recent interview, Klotzkin said that one-X Mobile is sufficient for most customers, but that there are a few for which dual-mode functionality is essential. Partnering with DiVitas enables Avaya to satisfy those customer needs. One such customer is CSX, the freight company. Some of its far-flung operations are in areas with no cellular coverage; Wi-Fi solves this problem. Avaya has been working with CSX on dual-mode solutions since 2004, when Avaya, Motorola and Proxim introduced the very first dual-mode system.

According to Vivek Khuller, CEO of DiVitas, “CSX has been working with Avaya since the earliest days of dual-mode telephony, and they are finally satisfied. It’s an important accomplishment for both our companies.”

Because the DiVitas solution uses smart-phones CSX gets a useful side benefit, namely that it can run proprietary application software on the phones, eliminating the need for its employees to carry a laptop. The other side benefit is that even in areas of cellular coverage the Wi-Fi connection can be used to save on cellular minutes.

So everybody gains. Avaya plugs a troublesome gap in its product line; DiVitas gets an excellent distribution channel; the Avaya channel adds a fully supported best-of-breed solution to its portfolio; and end users get the familiarity of Avaya with the handset technology of Nokia and the DiVitas software that weaves them together into a user-friendly package.

Posted in DiVitas, dual-mode, enterprise, FMC, market, Nokia | No Comments »

« Older Entries
Linley Guide to Connectivity Chips for Cellular Handsets
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.