Despite the rapid consolidation in the wireless LAN (WLAN) security product market, VARs can build a strong business around WLAN security by focusing on services like security monitoring and hosted offerings.
Many enterprises have banned wireless networks as a result of security concerns about Wired Equivalent Protection (WEP), the early encryption standard. The new standards, Wi-Fi Protected Access (WPA) and WPA2, provide stronger encryption and key management.
Still, enterprise Wi-Fi security is far from easy, and there are still some sales opportunities, said Amit Sinha, fellow and chief technologist of enterprise WLAN for Motorola Inc.'s enterprise mobility solutions unit. Early wireless adopters, primarily retailers and to a lesser extent health care providers, represent the "low-hanging fruit" since most will need WLAN equipment or firmware upgrades to benefit from new security standards.
Yet strong standards do not guarantee a secure wireless network. VARs, systems integrators and consultants can build a strong service portfolio around planning, installing, monitoring and troubleshooting corporate WLANs.
"Now, people are seeing wireless as very secure technology if it is implemented properly," said Benjamin Huey, chief security officer for Stafford, Va.- and Oakley, Calif.-based Dieko Corp., an IT professional services firm specializing in WLAN and voice over IP (VoIP) security.
According to Huey, even organizations with up-to-date WLAN networks and strong authentication, such as Remote Authentication Dial In User Service (RADIUS), are often vulnerable because of poor network configurations, improper deployment of client security and lack of regular penetration testing. Client error is common; Huey said he's won deals by hacking laptops and owning corporate networks in front of C-level executives who thought their WLANs were secure.
Site planning and WLAN design -- Companies often lack the expertise and experience designing efficient WLANs for optimal site coverage and minimizing risks of inadvertent or malicious intrusions. An experienced solution provider can assess the customer's environment and recommend the best possible WLAN design for customers.
Policy -- Customers may have a basic idea of the policies they want to establish, but often need help translating them into wireless network rules and setting up enforcement mechanisms.
Building the WLAN -- An enterprise may not have or doesn't want to devote the internal resources to installing and configuring the wireless network securely, so a solution provider can step in to take care of the WLAN implementation.
Security monitoring/incident response -- Wireless intrusion prevention system (WIPS) technology and other WLAN monitoring tools can be used to provide security services through remote monitoring, alerting and blocking potential security events.
Troubleshooting -- As with security monitoring, solution providers can help customers check WLAN configurations and respond to help desk issues remotely, so that customers do not have to devote internal resources to the task.
Vulnerability assessment --VARs can also run periodic penetration tests on networks and clients.
Compliance assessment and reporting -- This is particularly an issue for organizations that are subject to HIPAA and PCI DSS. Solution providers can help to ensure that patient information is protected for HIPAA customers and strong wireless encryption is implemented along with quarterly scanning for PCI customers.
Hosted services -- Solution providers can take full ownership for running the corporate WLAN, allowing customers' internal staff to focus on other security-related issues.
"A lot of IT shops don't necessarily want to keep [radio frequency] guys on staff," said Michael King, principal analyst for Stamford, Conn.-based Gartner Research Inc. "They don't want to manage the complexities of an RF environment."
Wired-wireless LANS converging
Wireless LANs don't exist in isolation. Attackers hack WLANs to get inside the corporate network, and in many networks the wired and wireless networks are intertwined, meaning once the Wi-Fi network is infiltrated, the rest of the network is at risk.
"There must be a consistent and end-to-end security solution to address client-device connectivity and access," said Nadeem Ahmad, director of global technology for Johannesburg, South Africa-based IT solutions provider Dimension Data, a Cisco Systems Inc. partner. "Any hole that is not addressed compromises the entire network."
"From a channel perspective, VARs will need to do sales and installation for both [wired and wireless networks]," he said. "The days of the stand-alone wired or wireless VAR or SI are probably nearing an end."
The change will be spurred by faster 802.11n technology and the influx of dual-mode devices, such as wireless smart phones that can switch between cellular and WLAN networks. Devices that serve as both wireless APs and Ethernet switches are already beginning to make a presence in the market.
Channel partners with strong backgrounds in wired network technology will have to adapt, said Motorola's Sinha, by bringing in people with wireless training and experience. Both he and King agree that the skill sets in VARs that focus on wired networks don't simply translate to the wireless world.
"Not having wireless exposure is a handicap," Sinha said. "We've had unsuccessful experiences with channel partners who weren't that savvy when it comes to wireless."