With business-to-consumer mobile commerce still limping toward the starting post, analysts are keeping themselves busy by poking holes in the present ruler of the roost: mobile enterprise applications. Now one major vendor is poking back.
Mobile enterprise apps promise to extend the reach of traditional commerce into the mobile environment, bolstering the power of on-the-go sales and service personnel by linking them back to the corporate hive.
Trouble is, wireless LAN leaks. Despite encryption algorithms and passwords galore, some enterprises still shy away from mobilizing their commerce out of concerns for security – concerns that many analysts and techno-experts say are justified.
In November, however, IBM announced a suite of wireless-security services and products that some believe could help turn the tide.
On the services side, IBM has launched a new wireless-security consulting service. For businesses looking to go wireless, IBM consultants will come in at ground level “to help them understand how to mitigate vulnerabilities as they build out their solutions, rather than after the fact,” explained Mike Bilger, global practice leader for IBM security and privacy services.
On the products side, IBM’s Tivoli software group has begun including IBM’s Wireless Security Auditor along with its risk-management product. The auditor allows continuous monitoring of wireless networks for possible security flaws. In addition, IBM has begun enabling some of its laptops with a cryptographic coprocessor, which allows for encryption of wireless data.
Why now? “We saw companies wanting to do wireless things, especially in the business-to-employee environment, and we saw the holes that existed in the current standards,” said Bilger.
While others are also working to address concerns about wireless security, Bilger suggested that IBM’s sheer corporate muscle power makes its entry into the field especially significant. “We bring a depth of experience worldwide,” he said. “The other thing we bring to the table is the investment that IBM makes into research in this area. With our Global Security Analysts Laboratory and other research facilities, our folks are constantly doing research in this area.”
Security professionals agree that such a high-profile move by IBM could encourage more enterprises to leap into the mobile fray, which could in turn give a boost to the overall development of mobile commerce.
“The fact that IBM is coming out and saying that it can do secure wireless will certainly lend more seriousness to the industry,” said Ron Gula, president of Network Security Wizards in Columbia, Md. “When you hear vendors talking about wireless solutions, most security people sort of snicker, because they know that WAP can be hacked. With the sheer size of IBM, though, if they say they can deliver a secure wireless solution, people will take that seriously.”
At ProHome Systems Engineering, an Oakland, Calif. systems integration firm, systems engineer Jerry Richardson backed this assessment. “If IBM’s getting involved, there is a good chance that they could tighten up the security flaws,” he said. “I have not seen them venture into anything – especially in this market – without really thinking it through.”
That being said, even Big Blue is willing to admit that its new security offerings cannot provide absolute data security in the wireless environment.
Security is an ongoing problem, and it involves far more than just technological solutions,” cautioned Bilger.
“There is a lot of things that IBM can do to help clients secure their networks, but at the end of the day the security of that network will rely on the policies, procedures, and security education and training that have been conducted at the client’s site,” he said. “If the client does not follow through with the appropriate policies and procedures, all it takes is for one person to make a change in the network in order to reopen vulnerabilities.”
As a business strategy, IBM likely is angling to catch an early ride on a rapidly swelling wave. Some industry analysts have projected that the global market for information security services will more than triple from 2000 to 2005, at which time it could reach the $21 billion mark.
Editor’s note: This story first appeared on mCommerce Times, an internet.com site.