Archive

Archive for the ‘Wireless security’ Category

Retail Business Technology Expo 2014: SMAC and Awe!

April 4th, 2014

Within the vast expanse of Earls Court, West London, RBTE 2014 has been a roaring success, again, for Airtight. This is the second year Airtight has exhibited at RBTE. Following AirTight’s rapid growth within the UK and across Europe over the past year, we couldn’t miss out on this opportunity to discuss and demonstrate our “firepower” in the retail arena.

RBTE was a great showcase for AirTight’s ease of deployment, security capabilities for brand protection, the ability to allow our clients to engage with their customers and their friends (brand connection) and the analytics we derive from this. This is known as “SMAC” (Social, Mobile, Analytics and Cloud), a term which fits Airtight to a T. There doesn’t appear to be many similar events within Europe where international retailers can get an overview of the retail landscape and the technology available and there is obviously a huge appetite for an event of this nature.

From the conversations we had it appears that prospective clients were very receptive to the idea of social Wi-Fi. This is the ability to use your social credentials, such as Facebook, Twitter and LinkedIn to authenticate to the guest WiFi in-store. Guest Wi-Fi is now expected by the consumer and they expect it for free. However free WiFi is not free for the provider, i.e the retailer, so how is this monetized? Airtight gives the retailer access to a whole host of analytics. The combined effect of social Wi-Fi and analytics gives a wealth of data to the marketing departments, allowing them to strategize, plan and do targeted marketing.

A key selling point on our stand and that of our partners’ was our security capabilities. Airtight was built upon security, the best security available. Security in retail comes in its own guise, PCI DSS. It doesn’t matter how it’s dressed up though, Airtight has the X factor, the “A list” credentials to give true security and, unlike other providers in the WiFi space, the ability to actually defend against attacks over the air and on the wire using AirTight’s unique Marker Packet technology. This has really shown us that this factor really sets us apart from the rest of the industry, while exercising the highly receptive slogan “If it ain’t secure, show it the door”. Why bother creating a guest WiFi network in it isn’t secure! Do you leave the doors and windows open at home? No.

Another key takeaway appreciated by visitors was the ease of deployment in the retail environment where hundreds or thousands of stores can have secure, PCI DSS complaint Wi-Fi, with comprehensive reporting and analytics deployed rapidly with AirTight’s cloud-managed, drop ship, plug and play access points. Combine the 3 elements of AirTight’s offering in this space – Social + Analytics, automated PCI reporting and true security – with ease of deployment and cloud management, then we have the winning formula!

It was great to see our partner presence at RBTE also, notably Hughes Europe, Aztec and Airwave, ready to drive our solution range into retail and hospitality.

The event was short but sweet, not on the feet, and definitely a show to remember! We will be ready to join the hustle and bustle of the show, so RBTE 2015 get ready!

 

PCI, Retail, WiFi Access, Wireless security

Will Target Breach Prompt Retailers to Raise the Security Bar?

January 8th, 2014

Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)

After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?

Don’t be content with “compliance”, demand “security”!

Retailers in these types of breaches often pass the security audits like PCI with flying colors. That exposes the harsh reality that security is distinct from compliance. 2014 is the year of the world cup soccer (football). So let us use soccer analogy to understand this distinction.

Compliance vs security, wireless PCIWhen you are defending a free kick in soccer, you make a wall and your goalkeeper is on alert to block the ball that could go through or around the wall. No soccer team would be comfortable with a sole reliance on the wall and allowing the goalkeeper a break during the free kick. The wall is like “compliance” – it’s one line of defense.

Retailers work hard to get check marks from auditors on their PCI compliance. Vendor marketing does a good job of selling features that help get those coveted check marks. Compliance does help improve the security posture, but is it adequate? Every now and then, this line of defense is breached and if the goalkeeper isn’t standing behind the wall, you are toast! However, if you demand security in addition to the compliance check marks, you can build that inner line of defense.

How will you know if you have the inner line of defense or not?

That is a hard question. One way to answer it is that whether you have it or not depends on the compliance solution you have chosen. If you are using a solution which has compliance reporting bolted on to meet the compliance standard in letter, you probably lack the inner line of defense. On the other hand, if your solution offers PCI compliance as a natural outcome of the strong security fundamentals, you automatically get the inner line of defense.

I can testify to this dichotomy from my experiences with the wireless PCI compliance standard and solutions that are touted to facilitate meeting that standard. Many Wi-Fi vendors have come up with bolt-on WIPS (Wireless Intrusion Prevention System) features with check mark PCI reporting. The real question to ask is: While these systems generate PCI reports in letter and may please your auditor, will they pass the security scrutiny in spirit? So, what are some of the questions you should be asking when scrutinizing the wireless PCI solution to ensure that you are getting the security in addition to the compliance?

  • How much of the security information that the PCI report contains is based on actual scanning of the environment? I have seen many PCI reports based mostly or even entirely on the Q&A type documentation or PASS/FAIL check marks merely based on what feature configuration in enabled in the system. That is fail on security.
  • Is threat scanning 24×7 or is it only occasional spot scanning? PCI does not require 24×7 scanning. It only requires quarterly scanning, but didn’t we just say that we are not interested in mere PCI check marks, we want security. Notably, entire Target breach occurred only over 3 weeks – that is much smaller period than a quarter!
  • Does the scan merely throw raw data at you or does it filter out genuine threats so you can actually act to mitigate them? All too often, I have seen wireless PCI reports simply document all APs seen across all locations to satisfy the so called rogue AP scanning requirement. So, if the report shows 10,000 APs found in of the scan of 100 remote retail locations or 100,000 APs found across 1000 remote retail locations, how in the world are you going to distinguish threat posing APs from this list? If you can’t, this report will meet the PCI clause in letter, but fail miserably on improving the security posture.
  • Is the solution capable of detecting all types of vulnerabilities? For example, can it identify various types of rogue APs? If it only can identify a few types of rogues (such as rogues with correlation between their wired and wireless MAC addresses – so called MAC adjacency), how can you trust that report since there could be unidentified rogue APs connected to your CDE (Cardholder Data Environment) among the large number of APs detected during the scan?
  • Is the solution capable of automatically containing the identified vulnerabilities? Although automatic mitigation is not a PCI requirement, in large nationwide deployments, automatic containment is a requirement for security. Automatic containment reduces the window of vulnerability. Moreover, automatic containment has to occur without  false alarms which can disrupt your  and neighbors’ legitimate operations.
  • Is the solution certified against security standards other than PCI? Again, this is not a PCI requirement, but it meets the litmus test of strong security fundamentals of the solution.
  • Is the solution capable of full security operation at the store level without critical dependence on WAN links?

Does security have to cost more than compliance?

Again, the answer depends on the compliance solution you have chosen. If the solution has PCI compliance reporting bolted on to check against clauses in the standard, you will probably have to add security on top of it, paying considerably more from a total cost of ownership perspective or continue to carry the risk of a breach. On the other hand, if the solution offers PCI compliance as a natural outcome of the strong security fundamentals, you can get security without the extra effort or cost.

With Airtight, there isn’t a chasm between compliance and security

AirTight provides a wireless PCI compliance solution that also meets the critical security criteria. Central to AirTight’s solution is its best in class wireless intrusion prevention engine, the only one today to earn the highest industry ranking. It excels both in the depth of security and the ease of use at the same time – due to core innovations and patented technology. So with this PCI solution, retailers can enjoy the same level of security that financials, governments and defense organizations demand without the additional complexity and cost.

In order to simplify the deployment and management across 100’s or across 100’000’s locations, AirTight provides cloud managed PCI solution with its plug & play APs/scanners in stores and centralized management console in the cloud. In fact, it was the first to launch such a solution when wireless scanning was added in the PCI standard after the TJX breach in the past.

24×7 wireless PCI scanning and WIPS are an intrinsic part of AirTight’s Secure Wi-Fi offering and is provided at no extra licensing cost. It also offers pure OPEX pricing model for its solution to further alleviate the cost burden. Moreover, retailers can also leverage AirTight’s social Wi-Fi and business analytics built into its retail Wi-Fi offering to increase brand following, recruit into brand loyalty programs and offer secure guest Wi-Fi services in stores. It can’t get better than that!

Wishing you a happy and SECURE 2014!

Upcoming events

Meet AirTight at NRF14 on Jan 13-14 and at ACTS event on Jan 15.

Tune in to AirTight’s technology sessions at WFD6.

 

Best practices, Compliance, PCI, Retail, Wireless security , , , , , , , ,

Blackhat 13 Wi-Fi Security Reports and Nuances of Detection Methods

September 12th, 2013

|

blackhat USA 13Shortly following the conclusion of Blackhat’13, a few articles came out reporting wireless scanning data from the venue.

  Inside the Black Hat 2013 Wi-Fi Network

  Karma is a …Errr, What We Learned at BlackHat 2013 

 

Both reports state that many security relevant events were detected in the Wi-Fi traffic during the conference. Given that Blackhat is attended by security experts, ethical hackers and just plain security geeks, finding security signatures in the traffic is not uncommon. Nonetheless, I think a few things still need to be matched up in these stats before arriving at sound conclusions.

|

1190 rogue devices detected compared to 1300 legitimate devices in 24 hours:

|

One of the articles states that: “It’s rather interesting to see an almost equal amount of rogue devices to real ones, and that is very unique”. What would be good to know is how they define ”rogue”. Depending on how you define rogue, you can call anything from a normal friendly device to a real threat posing device as a rogue.

I suspect that the definition for rogue used in the context of this report is so broad that it is classifying just about every wireless device unknown to the scanning system and seen in the airspace as rogue. But then, it is not clear why such an observation is considered “unique”. This is because, almost everyone attending Blackhat carries multiple Wi-Fi enabled devices and we cannot expect them to register each of their devices with the scanning system.

From the security perspective however, it is important not to get lost in definition of rogues, but be able to detect straight up genuine rogues (aka security threats) and not raise false alarms on normal wireless activity.

 

Fast WEP Crack (ARP Replay) Detected

|

The report also cites “most likely a security vendor demonstrating a tool”. What is perplexing is why Blackhat attendees still have interest in WEP crack tools or their antidotes, especially given that WEP has been beaten to nail and is now mostly irrelevant.

Or, it could point in the direction that the Wi-Fi community has done such solid job with security and WPA2 that hackers still think that they have to make hay out of WEP.

There is also a third possibility; that these ARPs are just part of normal Wi-Fi traffic that correlates with the signature of WEP cracking detection.

|

Spoofed MAC Address

|

Both reports state several occurrences of MAC spoofing. I suspect that these inferences are based on sequence number anomalies that were detected in the traffic. In fact, the video in one of the reports explicitly calls out sequence number anomalies. However, it’s important to note that sequence number anomaly also routinely happens due to normal traffic patterns.

Common reasons include :

  • sequence numbers fall in range 0-4096, so they wrap around very quickly making the wrap around appear like sequence number anomaly,
  • radios routinely skip sequence numbers due to implementation nuances,
  • intermediate frames may be missed because of device coming and going out of coverage making it look like a sequence number anomaly.

MAC spoofing should only be concluded after all these possibilities are eliminated.

|

Signatures and Anomaly Detection

|

Similar analysis can be performed for other anomalies detected in Blackhat traffic. In fact, this kind of analysis can be performed for several security alerts in many scanning tools and wireless security systems (may be another blog some day, I have many amusing stories to tell about these alerts :-)). The key take-away is that many times there is a leap from signatures and anomalies detected to inferring the presence of a genuine security relevant event.

Bubbleman path optionsWhose job is it to make this leap: system or admin? The need to make the leap gives rise to false alarm problem. Imagine how difficult the job of the security admins becomes when this happens in the enterprise setting! All of a sudden, the alerts also need to be chased and mitigated, not just documented in reports! These admins are also presented with the challenge of defining and tuning thresholds that are right for their environments. If admins are unable to filter false alarms and/or not get to the root causes of steady stream of alerts, it eventually leads to frustration and turning off the security system.

|

Policy Enforcing WIPS

 |

An alternative to signature and anomaly based system is policy enforcing WIPS. By de-emphasizing signature and threshold anomalies, and instead focusing on auto-classification and intrusion prevention, the policy enforcing WIPS offers strong security without overheads of threshold configuration, signature maintenance, false alarms and manual intervention.

So, to reiterate the meta level point about Wi-Fi security: “Intelligent security algorithms tall pole for effective WIPS. Dedicated scan radios otherwise only overwhelm admins with data”.

|

Hemant tall poll tweet

Wireless security , , , , , , ,

Get Soaked in the Future of Wi-Fi

September 5th, 2013

|

AirTight Networks is armed with Wi-Fi of the future, and blasting the message out through social media.

 |

Have you ever noticed that there always seems to be a disconnect in the Wi-Fi industry whereby vendors build and sell their products based on hardware capabilities, tech specs, and geeky feature sets while customers ultimately evaluate products based on how the solution fits with their organizational objectives? That’s a problem.

|

The Wi-Fi market is on the cusp of a second-wind of tremendous growth that will be driven by focusing product solutions on the tailored needs of customers in every vertical market.  However, this is a departure from the status-quo as historically the Wi-Fi market has grown by pushing products (not solutions) based on the latest hardware enhancements and improvements in speed that have come with each iteration of the 802.11 standard. But that model is breaking down as the technology matures, and hardware differentiation alone is very minimal. And customers are demanding more tailored solutions as their own markets evolve into a mobile-enabled workforce and customer experience.

|WiFuture tweet

|

What’s exciting is that AirTight is already delivering Wi-Fi of the Future (#WiFuture if you’re following along on Twitter). We provide tailored solutions that include social Wi-Fi integration that enable retailers to engage consumers and provide enhanced customer service, presence and location analytics to understand and adapt to customer behavior in-store, and the most robust wireless security solution on the market to secure data well beyond basic PCI compliance requirements. And that’s only the beginning.

 |

AirTight is building solutions that enable the Wi-Fi of the future through:

|

A Software-Centric Approach – leveraging the rich data analytics available through an intelligent access network, and software defined radios that enable flexibility of hardware use for client access, security monitoring, and performance analysis.

|

|Intuitive User Experiencemaking Wi-Fi simpler to deploy and troubleshoot so the network isn’t broken or under-performing.

|

Operational Expense Model – enabling customers to acquire the latest solutions without breaking the budget.

|

Mature Cloud – that is truly elastic with both public cloud and private cloud options, enabling easy expansion to meet growing network demands without causing unnecessary retooling or plumbing of the existing network. Mature cloud offering also enables the coming wave of Managed Service Providers (MSPs) who will serve the mid-market.

|

A Culture of Listening – to customers, partners, and industry experts in various industries so that we understand the business drivers for technology solutions and ensure we build products that deliver on those needs.

|

|

@AirTight: Soaking the Industry in the Future of Wi-Fi!

|

WiFuture SuperSoaker|

We are also building an incredible team of industry experts to blast this vision to the market through social media.  AirTight is armed with Super Social experts, kind of like those old Super Soaker water gun blasters we all loved from a few decades ago (has it been that long already!). The tank is full of energy and innovation, and the social media team at AirTight is at the trigger!

|

So, are you ready to blast away your Wi-Fi woes? Don’t get stuck on the wrong side, soaked and wet in yesterday’s technology.

 |

||

|

802.11ac, 802.11n, WiFi Access, Wireless security, WLAN networks ,

The WIPS Detective

August 13th, 2013

|

With the ever increasing importance of Wi-Fi as the de facto access technology, WIPS plays a key role in overall enterprise network infrastructure security.

|

wips detective with listThe U.S. Department of Defense (DoD) recently created a separate category for wireless intrusion detection/prevention in its approved product listing for deployments in defense agencies.

Gartner now recommends including WIPS as critical requirement in all new RFPs for wireless technologies.

Drivers for WIPS such as PCI compliance for retailers and BYOD for enterprises are compelling.

Secure Wi-Fi is also seen as medium to increase efficiency of government and public services. UK courts recently announced a program to install secure Wi-Fi in 500 court rooms. WIPS is required to make Wi-Fi secure.

|

Evaluating any information security solution has always been difficult due to the comprehensive coverage of tests required to fully validate the solution. Though there is no substitute for thorough testing, there are some obvious clues which indicate the level of security and operational feasibility of a particular WIPS solution.  As long as you know where to look …  The WIPS Detective reviews some of the tell tale signs starting with Rogue AP protection.  Other signs are addressed in subsequent posts.

 

Rogue AP Protection

|

Rogue AP protection – protection from unmanaged APs connected to the enterprise network – is one of the most critical features of WIPS.

If you are deploying WIPS, then solid Rogue AP protection is the first thing you want out of it. Rogue AP protection is also one of the most important requirements for wireless PCI DSS compliance. While certain types of Rogue APs are trivial to detect, certain others are extremely difficult to detect. Also, there are many caveats to workflow for Rogue AP protection in large enterprise networks.

To the extent these aspects are addressed by different solutions, there is a wide spectrum from checkmark to genuine value. Below are some simple clues that help gauge the level of rogue protection obtained from a specific WIPS solution.

|

Clue #1: Automatic Rogue Containment

|

Some WIPS systems show a legal warning when you attempt to activate automatic rogue protection.

|

Cisco WLC-Fluke aWIPS verion 7.4

Cisco WLC-Fluke aWIPS verion 7.4

|

WIPS detective red flagThis means that “rogue on wire” detection is false alarm prone.  In other words, the system can incorrectly tag friendly neighborhood APs as rogues on wire (called “false positive”). With that possibility, it is impossible to automate rogue containment, since the user would otherwise be taking the liability of neighbor disruption on his head. Seriously, how many users would feel comfortable proceeding after reading this legal disclaimer?  

Accordingly, possibility of any false positive (there isn’t any leeway here) = automatic containment not practical due to liability of neighbor disruption.

|

Clue #2: Rogue Detection via Wired / Wireless MAC Relation

|

The most primitive rogue connectivity detection is to look for numerical relation (numerical neighborhood of 2 and 64 are common) between APs’ wired and wireless MAC addresses.  In fact, many run-of-the-mill WIPS actually do that to get their rogue detection checkmark in the product with the least amount of depth.

|
|Rogue detection via wired _ wireless MAC relation

 

WIPS detective red flagSaying that WIPS detects rogues on the wire using MAC relations is the same as saying that it fails to detect rogue APs which do not possess any relationship between their wired and wireless MAC addresses.  When it is known that some configurations of rogue APs are outside of the system’s scope for network connectivity detection, the entire neighbor AP list is suspect.

It is like old classic game of minesweeper where every unturned tile is a suspect. Playing minesweeper is fun, but manually examining thousands of APs to ensure that there is no undetected rogue among them is not fun!

 In short, partial “rogue on wire” detection (called false negative) = mountain of manual work to ensure there is no undetected rogue and high risk of lapses.

|

The 2 clues outlined above illustrate that the writing is on the wall and reflect on the level of robustness of the underlying security platform - in a particular for a WIPS solution. I will cover many more of these tell tale clues in this rolling blog series. Stay tuned.

 

Additional Information:

 

802.11n, Best practices, PCI, WiFi Access, Wireless security, WLAN networks

AirTight Demos on Demand and WFD5

July 31st, 2013

|

IDC’s recent IT Buyer Experience Survey reveals that “45% of the buying decision is made before your potential buyer even says “hello” to your sales rep.” and “buyers are more knowledgeable and connected”.

If you’re still in the investigation stage (as suggested by the IDC survey) and not quite ready for a customized personal demo with an AirTight expert, you might want to check out the first three installments in our Demos on Demand series.

|

Airtight Demos on Demand

|

Demos on Demand serves the communication needs of tech vendors and resellers across vertical industries with its video platform and content library.  Airtight is excited to leverage this innovative platform to present in depth product information to assists buyers by showing what our product is, what it does, and how it does it. 

Sean Blanton, senior systems engineer for the US Western region is featured in the first three installments of our Demos on Demand series.  Sean joined the AirTight team in early 2013.  He’s a Certified Ethical Hacker (C|EH).

As the title of the first video implies, in ”Quick Installation Guide“, Sean begins with a discussion and then goes through a step-by-step walk-through of the Airtight Wi-Fi installation process.  After a brief introduction, he covers the management console and its HTML5 GUI access, and then moves into location and configuration settings.

|
quick installation guide image 

Cloud Managed Wi-Fi for the Distributed Enterprise is the second video from the series.  After a brief architectural overview, Sean covers 6 main sections: Location-based Management, Enterprise Wi-Fi, Guest and Social Wi-Fi, Device Templates, Devices, and Wi-Fi Analytics and Reports.

 

cloud managed 

The third video focuses on WIPS (Wireless Intrusion Prevention System). In this video, Sean gives a quick introduction in which he touches on: WIPS Overview, Information about Wireless Threats, and AirTight Marker Packet™ Techniques. This introduction is followed by an AirTight WIPS demonstration.


WIPS

 

Once you’ve gone through these 3 videos, if you still have questions and want to know more, feel free to sign up for a customized personal demo with an AirTight expert.

If you have comments on how we can make these videos better, please don’t hesitate to pass along your suggestions.  We’re in the process of  recording other videos and can incorporate your feedback to make them even better.

|

Wireless Field Day 5

|

While we’re on the subject of demos, on August 8th between 8 and 10 am PT, you can watch Airtight present from Wireless Field Day 5 on this page

Sean Blanton will be joined by  Pravin Bhagwat – CTO, Hemant Chaskar - VP Technology and Innovation, Anthony Paladino – VP Global Technical Services, Kaustubh Phanse – Chief Evangelist, and David King – CEO.  Be sure to tune in for an opportunity at some techie giveaways. Follow @Airtight and the WFD5 delegates on Twitter as we’re talking SMAC from WFD5.

You might want to check out the following blog articles that were recently published as a lead up to WFD5:

|

Not only are we pumped about next week’s event, we’re already planning for the next one!  In case you can’t make it on August 8th, you’ll be able to find Airtight in the WFD5 archives.

 

Additional Information:

802.11n, mobile device management, WiFi Access, Wireless security, WLAN networks , , , , ,

Showrooming Might Actually Be Good for Brick-and-Mortar Stores

July 22nd, 2013

Are you guilty of showrooming?Raise your hand if you have ever gone to a store to test a product or to try on a piece of clothing, then ordered it online, from home, for a cheaper price.  Or, if you have compared prices and purchased online, right from your mobile device, right there in the store.

If your hand is up, you are guilty of showrooming.  This makes you part of a serious problem being faced by traditional brick-and-mortar stores.

This recent infographic, created by 360pi, a price intelligence and competitor monitoring company, reveals, among other statistics, that:

  • Showrooming is costing U.S. retailers $217 billion in lost sales
  • 35% of Americans regularly engage in showrooming

|

Showrooming Is a Wake-up Call to Brick-and-Mortar Stores

|

Shopping is about the shoppers – not the store or the company.

Some of you might remember bankers’ hours, when banks were open from 10-3 Monday to Friday for the sole convenience of bankers? It took almost 100 years to turn that model on its head. Then banks began to stay open later each day and open on Saturdays. Then came the 1980s with the ultra-convenience of the ATM machine.

Just like banks shifting their operating model from the convenience of the institution to the convenience of the customer, showrooming is benefitting the customers — so it is not going away.

|

“reverse- showrooming”—browsing online and then purchasing in stores

Harvard Business Review:  How Pinterest Puts People In Stores

|

Some Retailers Are Punishing Customers for Showrooming

Showrooming is an opportunity to use the “carrot approach” to engage with potential customers |

Some retailers have attempted to use the stick approach to control their customers. These methods only serve to alienate customers and drive them back to shopping online — or to other stores which are less punishing.

  • Some are considering a fitting fee to try on shoes, deducted from the bill, if purchased, according to the online journal Footwear News.
  • Some block cell phone service in their stores to prevent comparing prices online.
  • Australian gluten-free grocer, Celiac Supplies, instituted a charge of $5 for browsing.
  • Target removed Amazon’s Kindle from its shelves, because it did not want to facilitate showrooming for Amazon, in light of it introducing its Amazon price comparison app.
  • Some introduced proprietary barcodes, only readable by that store.

 |

Retailers Should Embrace the New Shopping Model

|

Showrooming is an opportunity to use the carrot approach to engage with potential customers — who are already in the store – and entice them to spend their money in the store.

|

1)      Offer them an in-store experience that is unique and more personal than online:

Read the Pinkberry Case Study where the Wi-Fi deployment helped boost the loyalty program.

Wi-Fi deployment boosts the Pinkcard loyalty program.

|

The biggest advantages of in-store shopping are: personal interaction; and the certainty that the fit, smell, sound, feel and other physical attributes of the items are what the customer wants.

|

  • Revive old-fashioned, knowledgeable, one-on-one customer service.
  • Empower sales associates with on-the-spot access to inventory and specification information.
  • Arm associates with tablets to process purchases so customers do not have to wait in line.
  • Put QR codes on item tags or displays to provide more information.
  • Make in-store displays informative, appealing and entertaining.
  • Offer in-store events such as live tutorials, authors speaking at bookstores or athletes signing autographs at sports stores.
  • Offer food, drinks, samples – things you cannot get online.
  • Provide in-store only customer loyalty programs.

|

2)      Use omni-channel marketing for consistent messaging and a seamless experience across all channels for merchandising, programs and promotion.

|

Companies are leveraging two or more channels to cross-promote purchasing and engagement activities, and in particular — to drive customers to the physical store.

  • BestBuy and other stores offer online purchasing with in-store pickup, to avoid shipping prices and lines.
  • Target offers some in-store only items.
  • Target and BestBuy price-match with some online competitors for in-store shoppers.
  • Tablets are being used in stores to access company website for customers to search for another color or size, order it right there and have item(s) shipped to their house.

|

It’s a fact that women are now responsible for 85 percent of all purchasing decisions in the United States and recent research shows that they overwhelmingly prefer to shop in physical retail stores.

How Mobile Marketers Can Use Perfect Timing To Win Droves Of Female Customers via Business Insider

| |

3)    Leverage in-store Wi-Fi to interact with and engage customers.

|

Adding in-store Wi-Fi and the opportunity for customer toopt-in to the network offers many benefits to both the store and the shopper, among them:

  • Shopping experiences can be tailored for the shopper, based on past shopping patterns and purchases.
  • Shopper’s on-line and in-store shopping histories are merged for a complete profile.

||

“The sooner we drop the ‘e’ out of ‘e-commerce’ and just call it commerce, the better.” – Bob Willett

Best of the Retail Executive Summit 2013 by Joe Skorupa via @RISnewsinsights

|

NRF2014

Want to see this in action? See AirTight at NRF 2014, where will be demoing social media integration and retail analytics. Schedule an appointment, or stop by our booth 1256!

Additional Information:

Market Research

Webinars:

Other blog posts in Retail:

|

PCI, Retail, WiFi Access, Wireless security

Evaluating a Wi-Fi Solutions Provider? Make Sure They Talk SMAC

July 15th, 2013

|

Applying the Social, Mobile, Analytics and Cloud (SMAC) model to your Retail Wi-Fi Investment

|

Figure 1: Gartner Nexus of Forces is the convergence of social, mobile, information (analytics), and cloud to transform business and IT.

Figure 1: Gartner Nexus of Forces is the convergence of social, mobile, information (analytics), and cloud to transform business and IT.

Social, mobile, analytics and cloud (SMAC) technologies are high on everyone’s investment priorities list—so much so that SMAC has become the new enterprise IT model. Research firm Gartner refers to the trend as the Nexus of Forces, a convergence of technologies that is building upon and transforming consumer behavior and ushering in the next-generation of business technology.

 

“Although these forces are innovative and disruptive on their own, together they are revolutionizing business and society, disrupting old business models and creating new leaders,” says Gartner. Therefore, the SMAC model calls for evaluating individual technology investments by how well it helps you integrate social, mobile, analytics and cloud services to transform your enterprise.

 

According to RIS’s Store Systems Study 2013, retailers highest investment priority is mobile, and rightfully so. A lynchpin technology for enabling mobility in brick-and-mortar retail is Wi-Fi.

 

Does your Wi-Fi solution provider pass the SMAC test?

 

Here’s a few things to look for when evaluating Wi-Fi for large, distributed retail environments:

 |

Social Integration

 |

Social is a major driver of SMAC. It was largely people’s desire to socially interact with friends and family on the go that drove the rapid adoption of smart devices, so make sure social is integrated into your Wi-Fi solution. Social integration allows customers to login to your guest Wi-Fi via their Facebook, Twitter, LinkedIn or Google+ account, making it super easy and far more likely.

Retailers not only gain a mechanism for rapidly growing their followers and fan base with high-value users—those consumers who have already visited their store—but can now put a name to what was otherwise an anonymous shopper. Armed with this information, retailers can integrate an individual’s in-store shopping experience with her online habits and customer loyalty programs to send highly personalized and relevant, location-based offers, coupons or other information directly to her mobile device. The customer, in turn, can opt to share that information and positive brand experience with her own social network of friends and family. And the cycle continues.

|

Omnichannel Technologies to Maximize Holiday Sales and Profits | webinar via @RISnewsinsights

Date: Thursday, July 18, 2013 | 2:00 pm ET |  1 hour  (archive version will be available)

Moderator: Joe Skorupa, Editor-in-Chief, RIS News

Panelists: Robert Fort, Former CIO of Wet Seal and Kevin S. McCauley, Director, Retail Market Development, AirTight Networks

 

Secure Mobile

 |

8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC

8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC

You may be inclined to think that any Wi-Fi solution would meet the “M” for mobile SMAC requirement. However, in retail environments where payment information is exchanged over the network, secure mobile with a capital “S” is of paramount importance. As you investigate WLAN vendors, make sure they have a complete solution for PCI-DSS compliance and reporting. For large, distributed environments, security should be automated and simple to deploy, manage and maintain with little or no local IT support. Look for features such as automated scanning for detection of rogue devices or “man in the middle” attacks, and automated preventative measures and actions for immediately eliminating the threat.

|

Even environments that don’t yet offer guest Wi-Fi access should have a solution in place for dealing with bad guys who may be out to scam your customers and possibly harm your reputation. Therefore, look for solution providers who can offer you wired and wireless intrusion prevention that can evolve and scale to provide you with the access you’ll need when you’re ready.

|

Is Your Wireless Safe? |by  Airtight CTO Pravin Bhagwat via @QSRmagazine

|

Analytics

 |

Customer analytics provides valuable business intelligence to increase customer loyalty, engagement and revenue. However, because customer data comes from a large and growing variety of sources—through social interactions, loyalty programs, POS systems, online browsing history and in-store real-time browsing—no where is SMAC integration more important.

 

AirTight Social Wi-Fi Solution Brief

 

A good Wi-Fi analytics report should provide real-time and historical trends such as number of Wi-Fi user devices present in or near the store, type of device, where they are located, how long they linger, and at what time of day. It should also provide information on repeat visitors of specific stores and groups of stores. When integrated with social media, analytics become far more powerful and personalized, providing not only the identity of mobile in-store shoppers, but information such as “likes” and interests to help push highly targeted and relevant offers and information to your customers.

|

Cloud

|

Not all cloud-based Wi-Fi solutions are equal.  Look for a controller-less architecture that is purpose-built for large, distributed enterprises. Things to watch for:

 |

  • Scalability and multi-tenant support

Controller Wi-Fi, controller-less Wi-Fi, cloud Wi-FiThe solution should be able to scale to tens of thousands of locations or devices. A hierarchical location-based architecture should enable multi-tenancy (the ability to separate accounts, configurations and data) within a single customer account (e.g., corporate vs. franchisee, or across multiple brands)

|

  • Reliability

Your vendor’s globally distributed data center environment should offer four nines (99.99%) uptime and local and WAN-based high availability and redundancy. While managed via the cloud, all of your access points and sensors should be able to operate even when connectivity to the cloud is lost.

 

Airtight will be talking SMAC at #WFD5 | August 7-9 2013

Airtight will be talking SMAC at #WFD5 | August 7-9 2013

|

  • Location-aware centralized management

Web-based management should be simple and intuitive, and provide administrators with access and reporting based on their role and the locations that they manage.

|

  • Zero-touch provisioning

Solutions should be plug and play, requiring no IT staff at remote locations. Access points and sensors should be automatically discoverable and configured when connected to the cloud.

|

Focus on the Customer Experience

|

At the heart of the SMAC model is relentless attention to the customer experienceRetailers are strategically deploying SMAC across key business processes and technology deployments, combining the best of virtual and physical retail shopping to create data-rich, personalized channel-agnostic customer experiences.

At the heart of the SMAC model is relentless attention to the customer experience.

By focusing on the way customers like to shop and consume information, and enabling those experiences with technologies such as in-store Wi-Fi with integrated social, mobile, analytics and cloud services, forward-thinking companies will continue to compete in this rapidly changing digital world.

||

 According to the recent IBM study, From Transactions to Relationships: connecting with a transitioning shopper, what consumers want is a personalized in-store experience that not only mirrors the experience they get with online shopping, but is seamlessly integrated with their on- and offline shopping habits, preferences and history.

Dr.Nadia Shouraboura talks about how online and offline retail can come together to create the perfect shopping experience. 

Additional Information:

|

Webinars:

|

Other blog posts by @LinaArseneault

 

Best practices, mobile device management, PCI, WiFi Access, Wireless security, WLAN networks, WLAN planning , , , , ,

Don’t deploy 802.11ac without thorough RF planning

May 29th, 2013

Wi-Fi RF Planning has never been trivial

 |

AirTight Planner : the solution to all your RF planning questionsTraditionally, anyone contemplating Wi-Fi deployment has always faced questions like:

  • How many access points?
  • Where do I install them?
  • What channels should they operate on?
  • Will the deployment meet my coverage and capacity objectives?
  • What will be my security exposure?  and so on.

Due to the myriad of issues that need to be addressed while making these determinations, manual processes and rules of thumb have always been cumbersome and/or imprecise, particularly for Wi-Fi deployments with large footprints.

 

802.11ac will only exacerbate RF planning challenges

 

802.11ac adds more elaborate channeling structure and new techniques to raise wireless data rates. 802.11ac is slated to arrive in two Waves – Wave-1 this year and Wave-2 next year. While the decibel level in the market is raised to prematurely hasten the 802.11ac upgrade cycle, the reality is that this is just the beginning of Wave-1. Many people may not see justification to jump on Wave-1 due to a myriad of practical, network engineering, and interoperability issues that Wave-1 faces. Also important is the fact that Wave-1 lacks the complete feature set of  802.11ac and new radios will be required when Wave-2 hits with those features. All this points to Wave-2 next year to be realistic timeline for large scale network upgrade to 802.11ac.

In any case, increased complexity of channelization and MAC in 802.11ac will result in increased complexity of RF planning over and above 802.11n. Improperly planned networks can result in undesirable side effects such as co-channel interference and slow talkers, which can take away the advantages that the new 802.11ac features have to offer. Also, the 802.11ac network will be expected to deliver higher capacity and increased reliability than the incumbent.  As a result, it is only natural that concrete benchmarking with what-if analyses will have to be done prior to investing in the network upgrade. The cost of 802.11ac APs will also be higher - at least in the beginning.  Accordingly, overprovisioning is undesirable.

 

Past experience has proven the value of scientific RF planning software

 

In order to answer difficult questions during Wi-Fi deployments in a quick, cost-effective, and accurate manner; and to facilitate easy what-if analysis, scientific RF planning software such as AirTight Planner have always proven to be useful. AirTight Planner imports CAD drawings of the facility with embedded material characteristics in them or can also  import floor images which can be annotated with building characteristics.

|

AirTight Wi-Fi Planner

|

View Airtight Planner data sheet

|

AirTight Planner allows you to drag and drop devices and quickly visualize your RF coverage

AirTight Planner allows you to drag and drop devices and quickly visualize your RF coverage

It then formulates RF propagation models for the facility using “ray tracing algorithms” (it does not draw primitive geometric circles like I have seen with some non-scientific planning tools). The software also takes coverage, capacity, and redundancy requirements as input. It then automatically computes BOM, AP placement and channel allocation to meet the desired criteria. AirTight Planner is great for planning AirTight secure Wi-Fi – to meet both Wi-Fi access and WIPS security objectives. In particular, when combined with band unlocked, software defined APs, it attains additional BOM efficiency and design flexibility. AirTight Networks also provides an RF planning service whereby customers simply hand over their floor plans (CAD or images) to our RF experts.  They will in turn design the network for the customer using AirTight Planner.

|

Due to its ease of use and accuracy, many Wi-Fi system integrators and VARs use AirTight Planner to plan networks based on even the third party APs. My best memory here is when we worked with a university in the past wanting to upgrade to 802.11n which was quoted 600 Cisco APs (not sure if it was thumb rule or stuffing rule that was used to arrive at that number), but they were not told where to deploy them. They sought AirTight planning service and our RF experts told them that 450 APs were more than adequate to meet their objectives. Startled by this affirmation, they challenged: “If after deployment, it is found that more than 450 are required, AirTight will pick up the cost of the additional 150 APs“. We took the bet. Needless to say, their network is now rolling with 450 APs at significantly lower cost than originally quoted.

Having delivered great value to customers over the past several years in symplifying their 802.11n Wi-Fi network planning, I expect AirTight Planner to deliver even more value when the real  802.11ac network upgrades begin with Wave-2!

 

How you can benefit from AirTight Planner:

|

If you are responsible for planning and deployment of Wi-Fi  in your organization,  you can :

    • Do it yourself with this easy to use software, or
    • Use AirTight Planning Service where our RF experts work with you to plan Wi-Fi deployments

If you are a distributor of Wi-Fi equipment, use our software to provide value added service to your customers.

|

Addition Information:

AirTight Planner

AirTight Planning Services

Airtight Planner data sheet

View a sample AirTight Planner report

BOM Math for Secure Wi-Fi Deployments

Wi-Fi networks in 5 GHz:  a few observations

 

802.11ac, 802.11n, Best practices, mobile device management, WiFi Access, Wireless security, WLAN planning

Customer Success Stories: Pinkberry, Garden Fresh and Noodles & Company

May 28th, 2013

How much should you care about the CMO? 

|

A lot according to IDC.  By 2016, 80% of new IT investments will directly involve line-of-business executives (Source: IDC Directions 2013).

Similarly, Gartner predicts that by 2017 the marketing arm of businesses will control more of the IT spend than IT organizations at those companies

We’ve certainly noticed this shift.  In this blog post, we highlight three customer success stories where this dynamic came into play and how we were able to effectively collaborate across the different lines-of-business.

 

Pinkberry

|

The premium yogurt retailer headquartered in Los Angeles, CA.  With more than 225 stores worldwide, Pinkberry calls itself “the original brand that reinvented the frozen yogurt category with its tart, light and refreshing taste.”  Pinkberry is dedicated to allowing “people to experience new ways to enjoy yogurt in their daily routines by providing a place to refresh everyone with the goodness of yogurt – both a nutritious and delicious food that taste as good as it is for you.”  Stamped by The National Yogurt Association seal, Pinkberry froyo is OU Kosher certified and made with real milk and yogurt.

Pinkberry serves up WiFi guest services with a side of rewards

Pinkberry serves up WiFi guest services with a side of rewards

|

|Business Drivers

  • Pinkcard customer loyalty program and mobile app
  • Improve customer experience
  • Increase in repeat customer visits

 

 

Pinkberry Mobile App | Pinkcard loyalty program|

Challenges

|

Deploying Wi-Fi guest access in stores in a secure manner that satisfied Payment Card Industry (PCI) security standards, was affordable and required minimal operational effort. Driving the Wi-Fi deployment was the launch of The Pinkcard, Pinkberry’s new loyalty program and mobile app; as well as requests from store customers and owners for Wi-Fi access services.

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning and reporting.

|

Benefits

  • Swift rollout of Wi-Fi without the need to add any IT staff
  • Success of the Pinkcard program beyond expectations
  • IT and Marketing collaborative effort
  • Built-in automated security simplified PCI compliance

|

Airtight automated PCI compliance reporting

|

|

“The PCI component was a serious consideration. We looked at several companies. A lot of them were pretty expensive solutions with only rudimentary security capabilities that didn’t guarantee PCI compliance beyond a checkmark,” explains Tony DiCenzo, senior vice president of IT at Pinkberry.

 

 

 

Read the Pinkberry case study

Find Pinkberry on the web, get rewards, and socialize on Twitter and Facebook

|

|

Garden Fresh Restaurant Corporation

|

Bundled AirTight Wi-Fi and WIPS solution opens the doors to new applications while allowing the restaurant chain to achieve Level-1 PCI compliance.

Bundled AirTight Wi-Fi and WIPS solution opens the doors to new applications while allowing the restaurant chain to achieve Level-1 PCI compliance.

|

Garden Fresh Restaurant Corp. owns and operates over 130 restaurants across 15 states, under five brands: Souplantation, Sweet Tomatoes, Souplantation Express, Sweet Tomatoes Express and the newly introduced Field Kitchen. Its restaurants are widely recognized for their made-from-scratch menu and a wide assortment of fresh salads, fruits, and bakery and more in its all-you-can-eat buffet. The company is headquartered in San Diego, CA.

|

|

Challenges

  • Reliable and secure in-store Wi-Fi access to improve employee work experience
  • Enable new applications for improved business efficiency
  • Automated wireless security across distributed locations for Level-1 PCI compliance
Fully Configurable HTML5 UI Meets Individual Business Needs from SMB to Large Enterprises and Carrier-scale Installations

Fully Configurable HTML5 UI Meets Individual Business Needs from SMB to Large Enterprises and Carrier-scale Installations

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning.

|

Benefits

  • Store managers and district officers can work from anywhere in the store
  • Flexibility to implement new applications over Wi-Fi in the future
  • Built-in wireless security and reporting simplified PCI compliance

|

 

|

“The Web interface is so easy to set up and intuitive with very good descriptions on every screen. One can start to use it in 20 minutes. It’s powerful and simple!” explains Gerry Shukert, Director of IT Systems Development, Garden Fresh Restaurant Corp.

|

Read the Garden Fresh case study

Find Garden Fresh on the web, get rewards, and socialize on Twitter and Facebook

|

|

Noodles and Company

 

AirTight’s cloud-managed “3-in-1” solution brings dramatic cost-savings and reduction in IT support load.

AirTight’s cloud-managed “3-in-1” solution brings dramatic cost-savings and reduction in IT support load.

|

|

A chain of over 300 fast casual restaurants across the US specializing in healthy, fresh and flavorful food from around the world served conveniently fast. The company is headquartered in Broomfield, CO.

|

|

|

Challenges

Reliable Wi-Fi access combined with thorough and automated wireless monitoring and security for PCI compliance were the incumbent needs. The solution had to simplify centralized management of distributed locations and provide the flexibility to expand Wi-Fi access to more stores or to support more applications in the future in a cost-effective manner.

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning.

 

Airtight = drop ship plug and playBenefits

  • Significant cost savings
  • Reliable Wi-Fi performance
  • Easy to manage hundreds of sites with scarce IT staff
  • Integrated WIPS capability and simplified PCI compliance

 

|

“I’m a fan of a situation where I don’t like to negotiate with a vendor over and over. Our process with AirTight was very straightforward and quick. We did not have to negotiate and I was extremely happy with the features and functionality of AirTight at that price point. It was a win-win situation.”

“Even with the internal antennas, the signal coverage is great throughout the restaurant, all the way from across the manager’s desk through the kitchen all the way to the front parking lot.”

– Corey Kline, Director of IT, Noodles & Company

 

Read the Noodles and Company case study

Find Noodles and Company on the web, get rewards, and socialize on Twitter and Facebook

 

Additional information

 

802.11ac, 802.11n, Compliance, mobile device management, PCI, WiFi Access, Wireless security , , , , , , ,