News Stay informed about the latest enterprise technology news and product updates.

Savvy VARs should capitalize on wireless LAN security services

The channel's best bet to profit from WLAN security is in services, ranging from planning and installing secure wireless networks to security and compliance monitoring.

Despite the rapid consolidation in the wireless LAN (WLAN) security product market, VARs can build a strong business around WLAN security by focusing on services like security monitoring and hosted offerings.

Many enterprises have banned wireless networks as a result of security concerns about Wired Equivalent Protection (WEP), the early encryption standard. The new standards, Wi-Fi Protected Access (WPA) and WPA2, provide stronger encryption and key management.

Still, enterprise Wi-Fi security is far from easy, and there are still some sales opportunities, said Amit Sinha, fellow and chief technologist of enterprise WLAN for Motorola Inc.'s enterprise mobility solutions unit. Early wireless adopters, primarily retailers and to a lesser extent health care providers, represent the "low-hanging fruit" since most will need WLAN equipment or firmware upgrades to benefit from new security standards.

Yet strong standards do not guarantee a secure wireless network. VARs, systems integrators and consultants can build a strong service portfolio around planning, installing, monitoring and troubleshooting corporate WLANs.

"Now, people are seeing wireless as very secure technology if it is implemented properly," said Benjamin Huey, chief security officer for Stafford, Va.- and Oakley, Calif.-based Dieko Corp., an IT professional services firm specializing in WLAN and voice over IP (VoIP) security.

According to Huey, even organizations with up-to-date WLAN networks and strong authentication, such as Remote Authentication Dial In User Service (RADIUS), are often vulnerable because of poor network configurations, improper deployment of client security and lack of regular penetration testing. Client error is common; Huey said he's won deals by hacking laptops and owning corporate networks in front of C-level executives who thought their WLANs were secure.

People are seeing wireless as very secure technology if it is implemented properly.
Benjamin Huey
chief security officerDieko Corp.
So, while VARs can still sell WLAN security products, the payoff is in services. VARs and solution providers can distinguish themselves in the marketplace by demonstrating their ability to securely design, deploy and maintain enterprise WLANs. Potential services include:

Site planning and WLAN design -- Companies often lack the expertise and experience designing efficient WLANs for optimal site coverage and minimizing risks of inadvertent or malicious intrusions. An experienced solution provider can assess the customer's environment and recommend the best possible WLAN design for customers.

Policy -- Customers may have a basic idea of the policies they want to establish, but often need help translating them into wireless network rules and setting up enforcement mechanisms.

Building the WLAN -- An enterprise may not have or doesn't want to devote the internal resources to installing and configuring the wireless network securely, so a solution provider can step in to take care of the WLAN implementation.

Security monitoring/incident response -- Wireless intrusion prevention system (WIPS) technology and other WLAN monitoring tools can be used to provide security services through remote monitoring, alerting and blocking potential security events.

Troubleshooting -- As with security monitoring, solution providers can help customers check WLAN configurations and respond to help desk issues remotely, so that customers do not have to devote internal resources to the task.

Vulnerability assessment --VARs can also run periodic penetration tests on networks and clients.

Compliance assessment and reporting -- This is particularly an issue for organizations that are subject to HIPAA and PCI DSS. Solution providers can help to ensure that patient information is protected for HIPAA customers and strong wireless encryption is implemented along with quarterly scanning for PCI customers.

Hosted services -- Solution providers can take full ownership for running the corporate WLAN, allowing customers' internal staff to focus on other security-related issues.

"A lot of IT shops don't necessarily want to keep [radio frequency] guys on staff," said Michael King, principal analyst for Stamford, Conn.-based Gartner Research Inc. "They don't want to manage the complexities of an RF environment."

Wired-wireless LANS converging

Wireless LANs don't exist in isolation. Attackers hack WLANs to get inside the corporate network, and in many networks the wired and wireless networks are intertwined, meaning once the Wi-Fi network is infiltrated, the rest of the network is at risk.

"There must be a consistent and end-to-end security solution to address client-device connectivity and access," said Nadeem Ahmad, director of global technology for Johannesburg, South Africa-based IT solutions provider Dimension Data, a Cisco Systems Inc. partner. "Any hole that is not addressed compromises the entire network."

More on wireless LAN security
Ten steps to wireless LAN security

Securing wireless access points: Wireless testing tools

Wireless security: Threats, strategies and opportunities for the channel
Further, as WLAN technology moves beyond conference room-lobby type deployments and deep into the corporate infrastructure, King said, it will become the primary network access technology; he estimates that soon 70% of all new ports installed will be wireless.

"From a channel perspective, VARs will need to do sales and installation for both [wired and wireless networks]," he said. "The days of the stand-alone wired or wireless VAR or SI are probably nearing an end."

The change will be spurred by faster 802.11n technology and the influx of dual-mode devices, such as wireless smart phones that can switch between cellular and WLAN networks. Devices that serve as both wireless APs and Ethernet switches are already beginning to make a presence in the market.

Channel partners with strong backgrounds in wired network technology will have to adapt, said Motorola's Sinha, by bringing in people with wireless training and experience. Both he and King agree that the skill sets in VARs that focus on wired networks don't simply translate to the wireless world.

"Not having wireless exposure is a handicap," Sinha said. "We've had unsuccessful experiences with channel partners who weren't that savvy when it comes to wireless."

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.