Arthur Andersen and Tivoli Systems have combined their capabilities to address security issues in the mobile space. With the combination of the wap:SEAL solution out of Andersen Labs for Internet & Security (ALIS), and Tivoli's SecureWay Policy Director, the two companies provide an easy-to-manage, scalable solution that works with different mobile operating systems
Jointly developed from the ALIS security competency center, both Tivoli and Andersen have rolled out the security management tool to enable secure integration of current e-business initiatives with wireless channels.
"We see the inevitable convergence of secure e-commerce and m-commerce," said Uantchern Loh, director of ALIS. He added that this was a proactive move to provide a solution to assuage fears regarding mobile security.
As companies start to scale and expand their networks, it's becoming more recognized that security solutions need to be able to scale vertically across the enterprise.
"Companies need to, when they consider their architecture, think about working mobile devices into [it]," said Raymond Malpas, director of Tivoli SecureWay in Asia Pacific.
A traditional approach to security typically embeds the secure access and authentication into each application. This results in different security technologies working with different applications all across the enterprise.
Tivoli, which received the entire security portfolio from parent company IBM two years back, has a flagship product, Policy Director, which manages the security policies across the enterprise, across different platforms - even wireless ones.
"Increased complexity means increased risk," said Malpas. "You don't want to have to worry about what platform you're running on."
With the converged solution from Tivoli and Andersen, enterprises can enable a mobile workforce equipped with devices running Palm OS, Symbian, EPOC and Windows CE to connect securely to the Internet or intranet and still manage different layers of access and authentication.
The solution also integrates single sign-on functionality, as well as recognizes multiple authentication systems such as digital signatures or biometric IDs.
Andersen's m:SEAL technology originated from its precursor, wap:SEAL, which was developed to address the security hole that is present when data is being translated from wireless to SSL format at the WAP gateway.
Although WTLS (wireless transport layer security) provides moderately secure transmission over the air, the data must be decrypted and re-encrypted to SSL at the WAP gateway in order to be read.
Also, though WTLS provides security at the session layer, the application layer is left unsecured, not addressing the issues of session management and user authentication - providing a possible vulnerability for session hijacking.
Wap:SEAL acts as an application proxy between the WAP gateway and the WAP content server, in effect providing unbroken security from the mobile phone to a web/WAP server.
In the same way, m:SEAL provides security through the form of an application proxy between various wireless devices and the backend server.
The joint solution strengthens security policy management through Policy Director, which addresses the issues of authorization and access, as well as ensuring secure session control through ALIS' m:SEAL.