This week, Stephen Ibaraki, I.S.P., has an
exclusive interview with Sumit Deshpande.
Sumit is vice president of the Wireless Solutions
group in the Office of the CTO. He is involved in defining and communicating
CA�s global strategy for wireless technology, as well as the research and
development of new solutions. Sumit has a broad range of technical expertise
and experience in varying aspects of information technology, including
networking, application development, technology consulting, market analysis,
and others.
His articles and interviews on wireless and other
topics have been published in several technical publications. Many of his white
papers and technical notes are available at www.ca.com/cto.
Sumit is a much sought after speaker at several trade shows and has presented
at CA World, CeBIT America, Wi-Fi
Planet, CTIA, e-GOV, Wireless and Mobile Forum, and many more venues. He
represents CA in the Open Mobile Alliance, WINMEC, ListNET, and other industry
associations. He advises clients, analysts, and other relevant parties on
Computer Associates' strategy and solutions for the 21st century.
Sumit is a lead presenter in the Security track at
the 2005 Wireless & Mobile WorldExpo held in Toronto on May
18th and 19th.
Sumit holds a bachelor�s degree in Computer Science
from Pune University, and
master�s degree in Computer Science and Information Systems from Marist.
Discussion:
Q: Sumit, with your distinguished
background and very busy schedule, we are very fortunate to have you with us
sharing your deep insights. Thank you.
A: It�s my pleasure, Stephen.
Q: You have a remarkable history and you are
very well respected in the industry. Share the many milestones throughout your
life that led to your current position.
A: I�ve had the privilege of being involved
in several aspects of technology through my career. I remember the first job I
had, right out of college in the early nineties, working for an IT
infrastructure company. This was when Novell Networks were hot, and distributed
computing was becoming the norm. It gave me a good foundation of how companies
utilize IT networks to help facilitate business growth.
I then moved into software development for
a company in Hong Kong � Trinity Services - that customized financial accounting software.
It was a startup, and as one can imagine, everyone had to do a little bit of
everything, in addition to doing all of one thing! So, besides writing C/C++
code and Xtrieve scripts, I was helping with accounts payable, developing
training courses, and then going to customer sites and conducting the training.
That was a great experience.
Conducting market research on the software
industry with IDC Asia/Pac gave me an in-depth analysis of the different
software companies world-wide and also exposed me to various technologies that
were being leveraged. My team was the first to develop such a detailed report
on the Asia/Pac software market.
After my stint at software industry
analysis, I took a year off to work for a not-for-profit organization as a
field volunteer at a drug rehab center. That certainly brought a lot of things
into perspective for me. Needless to say, I was still involved in IT operations
and conducted some database management projects.
Shortly thereafter, I came to the USA as a
graduate student at Marist College in Poughkeepsie, NY. There I ran a division of the Academic Technologies department,
conducting short-term software projects for IBM and other companies in the Hudson Valley region.
My graduate thesis was on intelligent software agents and the use of neural
networks in business intelligence. I was hired by Computer Associates a
semester before I graduated, and joined the company in the summer of 1999.
My background in networking, neural
networks, and software development, as well as my experience with project
management was ideal for me to lead a team of experts responsible for deploying
cutting-edge technologies at select customer sites. Eventually I was appointed
to work with the Office of the CTO where I was involved in incubating research
on wireless technologies. �My group
recently released CA Wireless Site Management, a solution to secure and manage
Wi-Fi networks. I now run R&D for all wireless projects in the Office of
the CTO.
Q: What are your short and long-term goals
for your future?
A: In the short term, my goal is to make CA
Wireless Site Management a leader in enterprise wireless management software.
We are already poised for success, being part of a company that is recognized
as the enterprise IT management software expert, and having a handle on several
issues faced by enterprises deploying Wi-Fi networks. And we have a great bunch
of customers that are working with us as innovation partners.
Long-term, I would like to continue working
with new technologies and make a positive impact on my organization and our
customers.
Q: What value do you hope to bring to
enterprises at the May 18th and 19th WorldExpo in Toronto?
A: The WorldExpo in Toronto has a very
diverse line of speakers in a variety of topics. I think it will be a very
important conference for enterprises that are already utilizing wireless
technologies as well as those that are planning for it. I hope to challenge the
audience to really consider the business implications of wireless technologies
and to think through the related issues of security and management. A lot of
times, security and management are afterthoughts for infrastructure deployment;
but we cannot afford to do so any more.
Q: Can you share with us three case studies
about the key success factors and best practices for enterprises contemplating
a wireless implementation?
A: 1) A university is deploying a converged
IP network � data, voice, and multi-media � all on one network, all on Wi-Fi.
Not only are they able to control expenses, but they even recover several costs
by effective management and control. Since they had good measures in place to
manage their wired network, they simply had to extend that to the wireless
environment. Some measures they took included:
- Managing the wired and wireless network from the same
management solution
- Being able to determine the health and performance of the
infrastructure allowed them to allocate resources to the most used areas
- Monitoring the multi-purpose wireless network on a 24/7 basis ensured
maximum up-time
2) A hospital has deployed Wi-Fi to enable
doctors and nurses to access patient information on their PDA�s, Tablet PCs,
and wireless COWs (computers on wheels). They estimate a 40% increase in
productivity as a result. However, authentication, encryption, and access
control are paramount concerns.
Using an enterprise-wide approach, the
customer did the following:
- Integrated management of networks, systems, policies, and
applications
- Don�t keep any data on the devices � but do manage their
configuration and performance
- Visualize and monitor WLAN topology
- Deploy layered security � standard as well as proprietary
3) A large retailer is in the process of
converting its existing mobile devices to a newer model. With thousands of
stores and warehouses nation-wide, store workers use mobile devices to update
inventory information. They also have plans to integrate RFID and WLANs. There
is a lot of sensitive information (customer info, credit card numbers, item
prices, and others) that must be protected during transmission. Access control
and device management are key issues. Using an enterprise-wide approach, this
customer centrally manages the WLAN network across multiple stores, enforcing
wireless security policy at each store and uses a store-wide device management
solution to inventory and audit mobile devices.
Q: What are the ten most critical security
areas concerning wireless networks including little known ones? How can they be
resolved? What about 802.11i, the Wi-Fi standard that provides enhanced
security, superior encryption, and uses Extensible Authentication Protocol (EAP),
and measures such as using VPN and 802.1x authentications processes? Share with
us recent statistics in this area. [Ed. Note from best to worst: AES = Advanced
Encryption Standard; WPA = Wi-Fi Protected Access; WEP = Wired Equivalent
Privacy]
A: This question would probably be answered
best with questions�. �
1) Who gets access? Even if they are
legitimate employees, do they really need wireless access?
2) Where can they access the wireless
network from? Is it safe for them to access the wireless network from the
parking lot or the garden caf� outside the office campus? Where do you draw the
boundary?
3) How will they access the network? What
devices are appropriate? Is it OK for them to use personal devices?
4) Encryption of wireless data is a must.
In a private survey conducted by us, 46% of enterprises use WEP today. Over 10%
use WPA and many are considering 802.11i. While it is good to use some
encryption than none, if using WEP, the appropriate management structure must
be in place to dynamically rotate the keys. Using newer encryption like AES is
a good idea, but then you need proper policies in place to deploy this.
5) What is the best way to authenticate the
users? 802.11i promises encryption and authentication � but do I have to buy
new hardware? (Most likely � especially since the AES encryption supported by
802.11i requires a hardware upgrade).
6) Do I have to change existing security
procedures to in order to accommodate 802.11i? (Chances are that if you are not
using 802.1x to authenticate your end-users, utilizing 802.11i may be a lot
harder than most people make it to be).
7) Rogue access points create major
security risks. You need to detect these devices and automatically deny them
access to the network. Your employees need to have access to policies and
guidelines for acceptable wireless usage.
8) Wireless laptops in ad hoc mode can be
open doors for hackers to steal information not just from the laptop, but
possibly also from the network. This is a hidden risk and not many IT
departments are aware of this.
9) Remote users that access public hotspots
are at more risk than they think. A recently publicized risk known as the �evil
twin� or �wireless phishing� is something that one should be aware of. This is
when a hacker names his network the same as a legitimate public hotspot and
steals information from unsuspecting users that log on to his network thinking
that it is a legitimate hotspot. Most hotspots do not, and may never, provide
security. Even if the end-user is careful to use VPN, the risk is present way
before they get to that stage.
10) Lost or stolen mobile devices pose a
serious risk, especially if the data isn�t protected. We�ve all heard of the
former executive selling his Blackberry on eBay with all his information still
in it. We�ve also heard of tens of thousands of cell phones being left behind
in New York City taxicabs. The information on the device has a lot more value than
the device itself. IT administrators should be able to set policies for
automatic password protection, and perhaps should have the means to perform
more aggressive measures such as device lockdown and wiping out all the
information remotely.
Q: Encryption systems used in wireless
connections such as WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent
Privacy) have challenges. What are the current issues and where do you see this
evolving beyond 802.11i?
A: It�s interesting to see how security and
convenience are almost always inversely proportional. For any kind of security,
there has to be a trustworthy relationship established first. It doesn�t matter
that your data is encrypted if the receiving party is malicious.
With WEP, the issue is that the keys are
shared (everyone on the network has the same key) and static (the keys need to
be changed manually).
With WPA, the keys dynamically rotate, but
the pre-shared key still needs to be manually deployed. 802.11i combines
authentication using EAP and encryption using WPA and TKIP (temporal key
interchange protocol). However, this requires the right kind of client on the
end-device in order to work.
One strange thing about standards is that
there are so many of them. If the end-device has a certain kind of EAP client,
and the authentication server does not support it, then you can forget about
making a connection. Basically, a closed wireless network works only when the
end-users are part of a trusted group, and their hardware and software are
approved.
Beyond this, we get into the growth of
biometrics as a viable authentication mechanism. While this is a growing field,
it still has some hurdles to overcome. There are ergonomic issues as well as
technological limitations. Most biometric technology that is accurate is quite
expensive. We�re seeing fingerprint scanners being embedded in PDA�s � which is
a very good extension to password protection. Voice scanning is also becoming
popular, although that has severe limitations � especially when your voice
changes due to any number of reasons (sickness, weather conditions, acoustics,
etc.). Retinal scans are pretty accurate, but getting it down to a small enough
form-factor is still challenging. But would you be comfortable having your PDA
zap your eye with a beam of light when ever you want to access its contents?
Q: Controlled authorization, time and
location boundaries/restrictions are administration challenges with wireless
networks. Can you detail these and other issues around secure access?
A: Secure access is one of the top issues
with wireless security� and security in general. Only trusted employees should
have access to the network, and only to those areas pertinent to their role and
responsibilities. Two-way authentication is really important here. Not only
should the user be authenticated, but the users should know that they are
connecting to a trusted network.
In many cases the boundaries of access go
beyond just identity. For example, in businesses where there are a lot of shift
workers, such as hospitals and warehouses, it is imperative to restrict access
to employees only during their approved shift hours. In fact, access policy
should be tied in to the overall security policies so that you are alerted to
abnormal activity. For example, why is a nurse whose shift hours are from 8 AM to 5 PM still on the network at 7 PM?
Another dimension is physical location. In
many instances, employees� access to information is physically restricted as
part of the security policies. This becomes more important with wireless
networks since wireless waves eventually overstretch the desired boundaries. You
can adjust the power levels or use directional antennae, but short of putting
lead in your walls and ceilings, it is difficult to accurately control the
range of wireless coverage. Going back to our hospital example, wireless data
access is allowed to doctors and nurses as long as they are within the hospital
facilities. If they step out of the building or try to access the network from
the parking lot, they are denied access.
Q: Using more than four channels presents problems
with interference and channel management -- as does the misconception that the
same SSID [Service Set Identifier] requires the same channel for access points.
What are your recommendations and how will this evolve in the future? And what
about load balancing?
A: I think this misconception is a
carry-over from home wireless networking. If you configure all your access
points to the same channel, all the traffic from all your mobile devices, goes
through all the access points. This duplication of traffic will slow down the
network and disrupt services. Also, if the access points are on the same
channel, or if the channel numbers are close to each other, they experience signal
interference that can disrupt wireless transmissions.
In order to resolve this, care must be
taken to assign channel numbers that are furthest apart from each other to
access points that are in close proximity. In 802.11b and 802.11g, you have 11
channels, but you can practically use only 3 or 4. Think of it as a 3 color map
problem. No two neighboring countries can have the same color, and you only
have 3 colors to use.
Many forget that a wireless connection is
like a shared pipe. The more users you have on a wireless network, the slower
the connection. Therefore, load balancing is a critical issue. This can be done
in several ways � you could balance the number of connections on each access
point so as to distribute the load; you could adjust the power-levels to
increase or decrease coverage areas, or you can activate/deactivate access
points in the vicinity depending on traffic. Either way, you will need to monitor
your wireless activity to understand patterns and take proactive measures to
meet service levels.
Q: You predicted in 2002 a growing market
for embedded machine-to-machine communications in equipment and appliances.
Where is this market today and how will it evolve into the future? [Ed. Note:
RFID = Radio Frequency Identification; ZigBee = low data rate, low-power,
wireless network, two-way standard for automation]
A: This is definitely a growing market. We
are seeing some initial evolutions with RFID tags and the emergence of ZigBee
technologies. ZigBee is interesting because it enables information to be
relayed from sensor to sensor until it reaches a central location. This has
tremendous scope in climate control, security systems, defense, and other
industries. RFID is also going through its growth pains and we will continue to
see more and more industries using this in some form. Wi-Fi based RFID is also
becoming popular.
Another phenomenon that has caught a lot of
interest is wireless mesh networks. These are peer-to-peer networks that
dynamically grow or reduce in size, depending on how many nodes are part of the
network.
Q: Describe the state of the major wireless
standards today and into the future. Which ones must be adopted by enterprises
for competitive advantage? And what about the future such as with 802.11n and
802.16?
A: The IEEE will keep releasing newer
specifications to improve on what is currently available. 802.11g and 802.11a
will continue to be preferred Wi-Fi standards for at least a couple more years.
802.11n is in the process of being ratified, but given the indecision over
setting a standard, this might take a couple of years to get resolved. Wi-Max
or 802.16 is something we�ll hear of more and more.
My concerns are more around the business
model of deploying this rather than the technology itself. In many cases,
telecoms see this as a major threat. Enterprises will most likely adopt a
combination of wireless technologies, each best suited towards solving the
business problem at hand. One company decided to use the existing low-bandwidth
networks to transfer data to their mobile sales-forces� pagers, while using
WLANs to provide local wireless access when the salespeople were in the office.
Another company may decide to standardize on a cellular voice+data system to
transmit information to employees� cell phones.
Companies that have deployed 802.11
networks will most definitely need to implement newer overlay specifications
such as 802.11i (for encryption and authentication), 802.11e (for improved
quality of service � due out later this year), and perhaps 802.11d (for
improved roaming between access points).
Q: Where does the future lie: Code Division
Multiple Access (CDMA) or Global System for Mobile (GSM)? Why?
A: We will probably see both standards for
a while. CDMA phones are more expensive than GSM phones, but CDMA claims to
offer more throughput, although not much more. What will be interesting is if
(and how) these standards interoperate.
Q: Who are the key facilitators in the
mobile and wireless environments and why did you select them? Who will be the winners
and losers?
A: There are several players here. From the
enterprise�s perspective, you have wireless operators trying to sell you more
phones that handle data, and more email devices such as Blackberry. You then
have mobile workers that are expecting to connect wirelessly to the enterprise
network. You have the hardware manufacturers competing to sell you access
points, switches, devices, and anything with a radio in it. And then software
companies that specialize in mobile applications, security and management
software. Let�s not forget the system integrators. I think this is a very hot
market.
Wireless is here to stay and like it or
not, we are going to get more and more wireless. So really, the winners are
those that understand how to use wireless to meet their business objectives.
The losers are those that rush into it without a plan, and those that don�t
play at all.
Q: What are the issues with device
convergence?
A: It is more about capability rather than
convergence. Quality must not suffer as a result of overcrowding features. It�s
a phone, a PDA, a camera, a computer!! The PDA of today has the same capability
of a high-end computer 10 years ago. Perhaps more. That is just amazing!!
Q: Comment on the Wireless Ethernet
Compatibility Alliance (WECA), Institute of Electrical and
Electronic Engineers (IEEE), Bluetooth Special Interest Group (BSIG), Open
Mobile Alliance (OMA), UCLA�s Wireless Internet for Mobile Enterprises
Consortium (WINMEC), World Wide Web Consortium (W3C), and Wireless DSL Consortium.
A: These are all interesting associations,
each involved in contributing to the efforts to make wireless more viable to
the enterprise. Again, the danger is that we are creating so many standards for
the same thing. Hopefully these organizations will also work with each other in
the near future.
Q: Describe the latest research occurring
at Stony Brook University�s Center of Excellence for Wireless and Internet Technology of which your company is a
founding member. [Ed. Note: GPRS = General Packet Radio Service]
A: It is always interesting to work with
education and research institutions. Fresh ideas and out-of-the-box thinking is
what gets me going. We�ve sponsored a lot of research activity with Stony
Brook�s CEWIT � especially in the area of wireless management and security. One
project looked at seamless transfer of Web sessions when a user migrates from a
GPRS environment to a WLAN. We even demonstrated the project at our annual user
conference � CA World � and it was a huge success. Other projects involved the
use of optimized algorithms for wireless mesh networks, and identity management
of wireless users.
Q: Share your views on the Asian
marketplace and specific areas we should be watching. Why?
A: The Asian marketplace is poised for significant
growth in the wireless space. Already, several Asian countries are ahead of the US in terms of wireless infrastructure. Many organizations have
embedded wireless as part of their normal business processes. A lot of it has
to do with the fact that people in general have accepted wireless as an
integral part of their lives. We see it happening in the West as well. Interestingly,
cellular technologies grew a lot faster than WLAN technology. I think we will
see significant growth in Wi-Fi networks in Asia in the next 18 to 24 months.
Q: Can you share your thoughts on the �information
delivery maturity model� and why it�s relevant to business?
A: The �information delivery maturity model�
is all about getting the right information to the right person at the right
time, so that they can make the right decision in order to reach a desired
outcome. The conversion of data to information, information to knowledge, and
knowledge to intelligence is an important process. Access to pertinent
information to make decisions is critical to business success. The amount and
quality of information can make a difference between a good and bad business
decision. Having a report on sales numbers is useful, but having a report on
how to improve sales in each region is even better.
Q: Sumit, you are in an ideal position to
make predictions. So make your top ten predictions in any areas of your
choosing and provide specific time frames? What are the solutions and the value
to businesses?
A: 1) All end-user computing will be wireless
by 2007
2) All end-user devices will have
bio-metric authentication by 2006
3) WEP will become obsolete in 2006
4) Cell-phones will continue to pervade all
aspects of life
5) Mobile devices will provide converged
capabilities and will support multiple networks � Wi-Fi, GSM, CDMA, etc.
6) VOIP will revolutionalize enterprise
deployment of phone technology and will become the norm by the end of 2006
7) Community wireless access will be made
possible by Wi-Max in a widespread manner within the next 18 months
8) By 2006, the use of software in vehicles
will double.
9) The number of mobile-phones will exceed
the number of PCs in the world by 2006
10) Holographic technology will have more viable
business applications by 2008
Q: What are your favorite information
links, tools, and other resources? Why?
A:
1) http://news.yahoo.com
- for general news, especially in the technology section
2) http://www.wi-fiplanet.com/
- for wi-fi related news and notes
3) www.fiercewireless.com
� good articles on wireless happenings
4) http://www.wirelessweek.com/ �� their site has some good information
as well
Q: Give one example of a major challenge in
the last six months and how it was resolved?
A: Nothing major really sticks out.� Having a good team to work with and rely on
is a great asset. �We were at a show a
few months ago and two of our demo personnel got held up because of bad
weather. So my Product Manager and I manned the demonstration booths by
ourselves and by the end of the show we were toast! Between the sessions,
press/analyst interviews, and other activity, we were on our feet for over 10
hours those two days. Teamwork definitely paid off.
Q: Here�s an audience favorite. Imagine you
are doing the interview. What three questions would you ask and then what would
be your answers?
A: Q1) If you were a CIO, what would you do
first before you deploy a wireless network?
A1) First of all I would determine why we
need wireless. Monetary as well as �soft� ROI is an important issue. I need to
know what business processes can be positively affected by going wireless. If
wireless does not help me make or save money, it is not worth the investment.
Deploying technology for technology�s sake is a bad move.
Q2) Why is the enterprise adoption of
wireless so slow?
A2) I don�t think the enterprise adoption
is slow. Most of them are taking their time with it because they are making
sure that the technology is stable enough to make an enterprise-wide
implementation. The 802.11 standard has seen a lot of evolution in the past 2
years. I think we are at a point now where we can begin larger scale
deployments using some of the standard security measures available today. Many
enterprises are still experimenting and piloting the technology to gather data
to justify larger investments.
Q3) What is CA�s role in wireless?
A3) CA has been providing IT management
solutions for over 25 years. Getting your wired enterprise in order is a
primary objective as a CIO. With wireless technology becoming more and more a
part of the existing infrastructure, we have extended our management expertise
to the wireless world as well.
Our Wi-Fi management solution � CA Wireless
Site Management � provides comprehensive management and security of the WLAN
including device discovery, location-aware visualization, encryption
management, multi-dimensional access control (ID-based, time-based, and
location-based), configuration management, and more.
Our Unicenter Asset Management solution now
provides management of mobile devices as part of the overall solution to manage
desktops, servers, and laptops. You can also enforce security policies such as
remote lockdown and remote data wipes. Many of our existing solutions such as
ServicePlus Service Desk and CleverPath Portal support mobile environment by
providing critical data access services to users on the move. So, in essence,
we cover the entire gamut of managing and securing the wired and wireless
environment, with an enterprise-wide perspective.
Q: Sumit, thank you for taking the time to
do this interview and sharing your considerable experiences, and wisdom with
our audience.
A: It has been my pleasure.