By Kathleen Lau
July 27, 2007
Research In Motion (RIM) shot back at criticism from industry analysts
that Wi-Fi security concerns would mean limited enterprise use for its
new dual-mode BlackBerry 8820.
RIM's 8820 model, released mid-July, offers Wi-Fi in addition to
traditional cellular connectivity.
The company's director of product management for WLAN and VOIP, Kevin
Oerton, said it should make no difference security-wise whether a user
is accessing BlackBerry services from home, a hotspot or within the
He said the BlackBerry Enterprise Server, a wireless platform which acts
as the conduit through which all RIM enterprise services are delivered
to mobile devices "offers security from the device all the way into the
BlackBerry Enterprise Server."
In addition, Oerton said the company employs 256-bit AES encryption so
transmission and data can't be read.
Upon the product release, analysts raised security concerns around the
use of Wi-Fi for business, saying Wi-Fi security fears reduced this
channel to harmless Web surfing, albeit at a higher throughput.
Jon Arnold, principal of Toronto, Ont.-based J. Arnold & Associates,
acknowledged the security fears that enterprises would have with public,
unlicensed spectrums, like Wi-Fi hotspots. "There's more vulnerability
there," he said.
Companies likely wouldn't encourage employees to conduct business
transactions on e-mail accessed via Wi-Fi, he said. "I don't think
you're going to be doing your really sensitive secret stuff over Wi-Fi."
Another analyst, expressed concern that the growing number of mobile
devices made data leakage easier should devices get lost or stolen.
"There will be more things sitting on this device, what happens when it
gets stolen?" asked Roberta Fox, senior partner with Mount Albert,
Ont.-based Fox Group Telecom Consulting.
This increasing dependence on mobile devices to conduct business, she
said, would likely mean secure-sensitive corporations, in particular,
would likely not embrace the Wi-Fi functionality.
Companies should enforce policies around device usage for business,
whether cellular or Wi-Fi, Fox suggested.
Oerton acknowledged "historical speed bumps" in Wi-Fi security upon
which enterprises may be basing their concerns, but believes enterprises
now feel very comfortable with the level of security enabled by various
technologies out there.
In addition, he said, end users most often don't secure their Wi-Fi
access points, which is what leads to problems. "That's why it's
critical for the device all the way through to the BlackBerry Enterprise
Server to provide triple AES encryption independent of whether the users
set up Wi-Fi security at home."
To ease persistent security concerns, he recommends enterprise customers
deploy a virtual private network (VPN) -- often used by organizations
for remote access -- in tandem with Wi-Fi rollouts.
Although 8820 was designed for the enterprise, Oerton expects adoption
to be highest among those industry verticals already known for
ubiquitous Wi-Fi use, like health-care, retail, manufacturing and
hospitality. "All of these have a need to bring the benefits of IT to a
highly mobile workforce," he said.
However, he's not excluding an eventual wider adoption: "Benefits of
8820 should bring additional enterprise and industry verticals to the
table because of the new benefits that are being made available through
Earlier Wi-Fi rollouts that initially focused solely on access in
conference rooms and visitor lounges is now becoming more ubiquitous
across the organizations, said Oerton.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com