Features
Above the Fray
Follow the Money
Market Research
Big Ideas
Technoptions
Developer Insights
Q & A
Opinions

Archives
Calendar of Events
ASP Directory
Other Cahners Pubs

Submit a Release
Meet our Staff
Contact Us
Advertise
Magazine Subscription

Your Turn: Security certification critical for wireless

by lindell wilson
January 21, 2002

Security, availability and reliability are three important criteria customers use when they evaluate wireless-based delivery of enterprise applications. As companies rush to embrace wireless e-commerce solutions, security tops the list as their primary concern because employees and external customers increasingly are using wireless devices to access critical enterprise data and systems. Decision-makers now require secure wireless delivery across the enterprise.

Adding complexity to the security challenge is the wireless community's continued growth, with an increasing number of customers, independent software vendors and application service providers aggressively developing and deploying wireless-based applications. This growth is expected to be even more dramatic thanks to the advent of open standards such as the Java 2 Platform Micro Edition. The J2ME platform gives wireless ASPs and ISVs the opportunity to provide their corporate customers with a way to efficiently accommodate many types of wireless enterprise client devices such as wireless phones, two-way pagers, personal digital assistants and WAP devices.

For most, security means integrating wireless safeguards with existing processes and technologies to protect e-business data, plus provide user authentication and authorization. Developing a sound security strategy involves keeping one eye on the realities of wired or wireless network security threats and the other on the requirements of the corporate enterprise environment.

In the enterprise, network security is only as good as the weakest link within the security domain. The weakest link may fall within the wired or wireless domains that encompass the enterprise network backbone including data on clients, in transit or in storage. To overcome security issues, the designers and users of applications on the enterprise network must look at end-to-end security architecture rather than review one piece at a time.

For application users, security is fundamental to any application deployment. Unfortunately, applications are usually the unpredictable element of any security scheme because applications vary widely in their architecture and methods for handling security. For example, applications must employ methods that correctly differentiate owners and associated privileges for private data, shared data and public data. An application's design may rely heavily on operating system controls, security configurations, authentication or authorization, use of secure sockets layer, VPNs, special routing and firewall settings. In doing so, these design dependencies become embedded requirements for deploying the application and must be supported in the hosting enviroment. Bottom line: Many situations exist for security failure.

The challenge wireless applications providers face is in assuring customers that their products, when delivered over the wireless medium, support high standards of security. Many customers now are looking for certification or a stamp of approval to indicate which wireless-based applications and services are secure.

For example, Sun Microsystems Inc. has created the SunTone Program to certify Web-enabled applications, integrator services and service providers. This is an industry program produced by a consortium of leading ASPs and ISVs working together with Sun Microsystems. The program includes guidelines for developers who focus on the wireless delivery of applications and services. Three main principles underscoring the SunTone specification for security are protection of user data, in-transit data and online storage data.

Assuring high levels of a wireless application's security is fundamental to the success of a product offered by an ASP or ISV. Certification permits users to identify and choose Web-delivered wireless applications and services with confidence. [WIM]

Lindell Wilson is the marketing manager for the SunTone Certification Program at Sun Microsystems Inc. His experience spans both engineering product development and marketing in high-growth segments including embedded systems, data storage and application development. Wilson earned his bachelor's and master's degrees at San Jose State University and is a registered professional engineer in California.