Tips for securing mobile apps

The proliferation of third-generation cellular networks and Wi-Fi hotspots is helping mobile workers work on the road but one analyst notes administrators must provide virtual private networks for security.

About 200 Export Development Canada workers use HP 2710 tablets with wireless cards that allow them to use both the telcos’s 3G networks and Wi-Fi wireless local-area networks at coffee shops and hotels.

EDC is a federal crown corporation that provides financing, insurance, and other financial services for companies exporting to or operating in foreign countries. The organization has a contract with Bell Mobility to provide both wireless modems and Cisco Systems Inc.’s VPN Client, said David McNulty, EDC’s manager of telecommunications and desktop services.

The air card from Bell Mobility costs less than $100 per month, and McNulty estimates “potential savings” of $17 million over three years because EDC’s financial sales, risk management and insurance workers can be productive while outside of the office. The total cost of EDC’s mobility project was about $2 million.

EDC is also using Policy Manager and Mobility Client software from Montreal-based Trellia Inc., which is designed to connect over 802.11 networks, instead of carrier 3G networks, when an access point is available.

Although Bell Mobility gives EDC a flat rate for wireless in Canada, many EDC workers travel to places with roaming agreements. Outside of Canada, McNulty said, EDC is “discouraging the use of the air card and we’re encouraging the use of the Wi-Fi hot spots or hotels and so forth because of the roaming fees. A legal person that’s travelling could easily have a 50 MB file and if you’re familiar with roaming charges, that could get quite substantial.”

EDC uses the Cisco VPN Client because the organization holds potentially sensitive financial information.

“My recommendation would be that in any public wireless network, whether it be the carrier operated 3G network or the Wi-Fi network at Starbuck’s, that business users should connect to a corporate VPN to encrypt that traffic,” said Mark Tauschek, Senior Research analyst at the London, Ont.-based Info-Tech Research Group. “Over the 3G or 2.5G network that data is actually pretty secure.”

But many 3G users also connect to Wi-Fi networks, said Giovanni Forte, Trellia’s CEO and co-founder.

“One can use 3G very securely and not necessarily need a VPN, but what we see is if a user is using 3G, typically they are very sophisticated,” Forte said. “He will most likely have Wi-Fi at home most likely would like to connect to Wi-Fi and knows how to do that at a coffee shop at a hotel room, et cetera. That opens up other security (issues) and that’s something IT needs to deal with.”

Another security concern for EDC is customs officers in foreign countries demanding to open files on notebook PCs.

“Nothing resides on the mobile units,” McNulty said. “Everything resides back here in head office, so peace of mind is there for them in that respect.”

Another government organization, Alberta’s Sustainable Resources Development department, uses GoBook XR-1 notebooks manufactured by General Dynamics Itronix Corp., along with NetMotion Inc.’s Mobility XE mobile VPN.

SRD, which has the authority to decide where roads can be built, trees can be cut and oil wells can be drilled, has about 100 mobile employees and plans to start training 50 more in a few weeks to use these devices, which connect to Global Positioning System satellites. When SRD staff inspect sites, they need manuals, regulations, industrial disposition files and maps – sometimes up to 25 files per day with up to 30 GB of data.

In the past, the government used VPNs from Sierra Wireless and Nortel Networks, but those products did not have the same lockdown capabilities as NetMotion, said John Ivanc, systems analyst with the SRD’s Information, Communications and Technology Group.

“If we wanted to say they could only use Notepad, they would only be able to use Notepad,” he said. “With NetMotion we have the ability to lock down what the user has access to. You can go to the point where they only have access to a certain application by the time of day. It just has a lot of security options that we can implement that says they have access to this but not that. They can have access to Outlook and the Web but nothing else.”

NetMotion claims its mobility XE provides advantages over IP Security (IPSec) or Secure Sockets Layer (SSL) VPNs.

Info-Tech’s Tauschek recommends mobile users consider mobile VPNs because they allow roaming between networks while still on the corporate VPN.

“For a nomadic laptop user that needs access to certain applications, an SSL VPN is probably the ideal solution,” Tauschek said. “It allows very granular management and access, it’s quite simple to manage and allows you access only to applications and areas on the network that you need access to through a portal that’s very easy to use for the end user.”

He advises users not to rely on VPNs using Point to Point Tunneling Protocol (PPTP) because the encryption hash is “not considered to be secure anymore.”

Although SRD started using Compaq iPaqs, they quickly changed to the Itronix GoBook because it had better processing power, Ivanc said. Although the staff operate in isolated areas, they can still access the Internet using Telus’s network.

“Alberta has one of the best digital signatures in Canada,” he said. “We have coverage around the entire province, we’re talking really northern areas. Our signal strengths are really good.”

When SRD staff need to send a report – for example, to tell a company their road is in the wrong area – they can print out maps in the field, instead of taking two weeks to go back to the office, printing and then mailing the report, Ivanc said.

3G networks using the EVDO and HSPA standards are starting to make a difference, Forte said.

“In the last five years that we’ve been providing our solution we’ve seen an explosion in demand,” he said. “In my opinion and in the opinion of many of our customers, GPRS and 1XRTT were simply not fast enough. With 3G and EVDO I think we’re reaching a point where people can work remotely in an efficient way with sufficient bandwidth.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now