As useful as the technology sounds, companies need to think carefully about giving their road warriors access to their networks. There will be incompatibilities between devices and servers. Allowing wireless behind firewalls may compromise security. Providing technical support for a wide variety of devices will be a headache. Finally, the technology is still immature. Add up these problems, and it’s no wonder many IT professionals think they just got a wrong number. But with about 70 percent of mobile phones being Web-enabled, and most PDAs now able to use wireless-access cards, IT departments may be unable to hold out much longer.
A year or so ago the wireless industry had high hopes for mobile commerce, in which consumers would use wireless to make purchases. But demand for location-based ads for, say, specials on latte never materialized. Now sellers of mobile services are turning to the corporate world, believing “m-business” will be a bigger draw. “M-business is much more real [than m-commerce],” says Roy Dube, a PwC Consulting partner in charge of the m-business and mobile-wireless practice. “We’re seeing a couple of things happening that are causing businesses to address mobile business.” One is the rise of the 802.11 standard that uses radio to connect multiple computing devices in a wireless local-area network. It’s relatively inexpensive to implement, and allows companies to move employees and equipment around the premises as needs change. And when full-speed third-generation wireless services (following story) arrive in several years, they will provide the bandwidth to move heavy loads of data between the home office and employees on the road–something not possible over existing second-generation phones.
Some corporations, like TRW, the Lyndhurst, Ohio-based automotive and defense conglomerate, are sold on the idea. “We want any TRW employee to access any information at any time,” says Mostafa Mehrabani, the company’s vice president and chief information officer. “We want the individual to go any place, whether a hotel or another TRW office, and log in as though they’re sitting at their desk.” With 250 locations in 35 countries, TRW is being ambitious, even if everything goes smoothly.
Central Parking Systems of Nashville, Tenn., which operates parking lots and garages around the country, has more- modest plans, but is no less optimistic. In a pilot project now several months old, the company uses off-the-shelf software from Citrix Systems to let a single employee roam from one parking location to another, monitoring activity in multiple lots and keying in reports by wireless-enabled PDAs. The result: “a huge manpower and time savings,” says Dave Linzy, director of networks and telecommunications for Central Parking. “I think the early adopters have seen a significant return in general on employee-enablement projects,” says Martin Dunsby, leader of Deloitte Consulting’s global wireless initiative, who has seen $1 million to $5 million wireless-access projects typically pay off in 18 months.
A problem in making wireless access universally cost-effective is that some applications, such as e-mail, translate well to small devices whereas others do not. “As you get into engineering, product development or manufacturing, you need to view drawings or images,” says Mehrabani. “The bandwidth limitation and the size of the screen of wireless handheld devices don’t lend themselves [to such applications].”
And some jobs translate better than others, Dunsby says: “We’re really talking more field service, warehousing, supply chain, manufacturing floor and field sales.” Many executives, on the other hand, have no use for technologies more complicated than a cell phone. “For that type of person,” says Jon Auerbach of the Lexington, Mass., venture-capital firm Highland Capital Partners, “putting a PDA into his or her hands isn’t a solution, it’s a problem.”
At the same time, many IT departments are reluctant to support mobile devices and applications. “Their goal is to maintain stability of their systems.” says Bill Nguyen, president of SEVEN Networks Inc., a Redwood City, Calif., company that provides wireless-access services for data on corporate networks. And that can be difficult, given the nature of the PDA and cell-phone markets. Unlike the 1980s introduction of the personal computer, which quickly narrowed down to either an IBM-compatible or a Mac, the current flood of devices come from a variety of vendors with few common technical standards. This means IT departments could be faced with either developing applications multiple times, or denying employees a choice by putting them on a single supported device.
Many companies, though, may find staying in control difficult. Whether they like it or not, their employees will continue to bring PDAs to the office and pressure IT departments to support the devices. “This is a user-controlled domain,” Mehrabani says. “Users buy it, they read the first page or two of the manual, then they have a problem and call the IT staff.” Now the IT staff is in another bind. Either it quickly builds expertise on unknown hardware, or it refuses user requests and appears obstructionist. As soon as one user has a device, others come down with PDA envy and, because prices are relatively low, buy their own.
Some wireless-service sellers are taking advantage of this by marketing directly to employees. A San Francisco software firm called vVault, for example, has an application that allows users to gain access to files and folders on its corporate desktops. Corporate employees install it directly on their own office PCs. And since the software is not on a corporate server, IT departments may not even know of its existence. “Going and definitely satisfying the demand, which is out there, from a grass-roots level has worked,” says chief technical officer Bill Ho. “Palm and Rim [maker of the popular Blackberry paging device] are two good examples of that. I don’t think that you’re going to be able to stop this kind of demand.” In vVault’s case, this can be a problem, because misuse of the software’s ability to open files elsewhere on the network can create a security breach. Ho would counsel users of the software to be careful, lest they open not a single file, but potentially all the contents of a PC, or even of a networked drive.
Even with IT oversight, security is an issue for wireless connections. “After 9-11, I got very nervous and initiated a world-wide vulnerability assessment,” says TRW’s Mehrabani. The consulting company providing the evaluation noted that a data thief could drive into a company parking lot and use a directional antenna to pick up the 802.11 wireless transmissions. TRW took action, but not all companies do. “There are ways of securing those things if you know how, and the mechanisms are getting better,” says Mehrabani. “But the problem is, when it comes to the wireless devices, most organizations don’t think they have to comply with the same rules. Whether it’s the sense of urgency for the [other] initiatives they’re working on or the lack of end-user experience, it is causing a significant amount of problems in the industry.”
Although diligence may help, 802.11 in particular has some significant inherent security problems. “What’s come out recently are cryptographic weaknesses,” says Steven Bellovin, an AT&T Labs network-security researcher. “Some of that has been known for years, some of it is new.” Cryptography is the process by which the data being transmitted are put into an encoded state that, so the theory goes, will be legible only to the person receiving it. But theory and practice are sometimes far removed from each other. It is possible, for example, to analyze captured traffic–a few hours’ worth on a busy network–and crack the cryptography, leaving all traffic open to inspection. “Getting crypto right is extremely hard,” Bellovin says. “Even the experts can’t always get it right.”
And there is a bigger security consideration. Cryptography on an 802.11 network uses what is called a key, a long string of numbers used to encrypt and decrypt the data. However, all the wireless network devices use the same key. Should a device be lost or stolen, or remain with an employee who leaves the company, prudence demands replacing the key. That means changing the one key in all the network devices simultaneously, which is a difficult task at best.
Cellular transmissions are potentially even less secure. There have been high-profile cases of intercepted cell calls, such as the amorous whisperings of Prince Charles or former speaker of the House Newt Gingrich’s intercepted PR-spin plans, winding up in the news. “If you can do that with voice, you can do that with data,” says Bellovin. Such scanners are illegal in the United States. But so is breaking into networks, which is almost at epidemic proportions. Besides, the gear is readily available in other countries.
For a company that decides to set up an 802.11 network, even building design becomes an issue. Many offices are set up poorly for radio transmission, which is at the heart of wireless. “The planning in how you lay office buildings out is really in its infancy,” says Alan Haase, CEO of Melbourne, Fla., antenna design and technology house SkyCross, Inc.
In the end, most corporations will allow at least some wireless access for at least some people whose jobs justify it. And if recent history is any guide, some wireless-service companies will find a way to make money by solving the problems other wireless-service companies create.
