RealTime IT News

IBM to Battle Wireless Security Threats

IDC's recent report that the market for IT security services will triple over the next four years or so has caused some firms to sit up and take notice. Then again, the temptation to grab a large slice of a possible $21 billion pie could have that affect on a major technology innovator.

Armonk, N.Y.'s IBM Monday addressed the issue of protecting corporate wireless local area networks (W-LANs) -- and by extension the multitude of mobile workers who use personal digital assistants, laptops and other gadgets to access them -- with new software and services released under its large Global Services umbrella.

Simply, IBM wants to better identify, isolate and patch holes in wireless networks and applications, including vulnerabilities that "drive-by" hackers -- those that hack into corporate networks from vehicles outside places of business -- may exploit. Big Blue will also install security policies and authentication and encryption methods.

Yet drive-by attacks are hardly the sole driver of the desire for W-LAN protection. According to IDC, the world spent $6.7 billion on IT security in 2000, what with Y2K causing firms to scramble to buy, install, download security applications. And while the fear surrounding the turning of the millennium was largely overblown (as determined by the minor repercussions), scads of e-mail viruses and worms were released into the wild, causing millions of dollars in damage to applications, computers, and most dangerously, networks. "Melissa," "I Love You" and the "Anna Kournikova" e-mail viruses were just a few of the nasty ones.

With these factors in mind, IDC's estimation that the market will triple (growing by a 25.5 percent compound annual growth rate, no less) may hardly be overstated. In fact, the way Allan Carey, senior analyst with IDC's Information Security Services research program, described the situation, was that it seemed to be tantamount to a high-stakes race of sorts, with methods for attacking wireless systems keeping pace with ways to combat them.

"The growing corporate appetite for remote LAN, Internet, extranet/intranet, and wireless access services will drive the need for advanced information security services as technologies for circumventing network security systems continue to keep pace with the technologies designed to defend against them," Carey explained. "The growth in this market will come from clients who recognize the value of engaging third-party service providers skilled at developing customized security strategies that solve real business problems. By implementing a best-in-class security architecture coupled with continuous monitoring and management of the infrastructure, security service firms enable clients to mitigate the risks associated with their business."

That's where IBM hopes to come in full force. In terms of services, IBM has extended its expertise in security to specific business issues relative to the wireless arena. Chief among this a piece of software, called Wireless Security Auditor. This tool makes it possible for consultants and system administrators to find identify potential areas where perpetrators may gain access to W-LANs.

Accompanying this is the Tivoli Policy Director, which enables companies to provide single sign-on and authorization to mobile transactions and applications accessed through both Wireless Application Protocol (WAP) and i-mode devices.

IBM is also securing its NetVista desktop and ThinkPad Notebook computer lines with an embedded security system to protect data, hardware, network access and communications on certain models of the ThinkPad X, T and A Series, as well as the NetVista M41 Series desktop PCs and the NetVista X41 integrated flat-panel PC. Basically, these hardware products will be safeguarded from viruses, Trojan horses, and other potential invaders.

This is done vis-à-vis an embedded security chip on the system board in the NetVista and ThinkPad lines. This cryptographic microprocessor supports encryption functions and digital signatures for authentication or user identification.