Corner Cases

February 26th, 2014

Most Wi-Fi manufacturer’s marketing departments would have you believe that 99% of all deployments are what I’d call “corner cases.” I call B.S. (as usual).

Here are the high-density/high-throughput (HDHT) corner cases that so many manufacturers would have you believe are so prevalent:

  • Large K-12 and University libraries, cafeterias, lecture halls, and auditoriums
  • Stadium or gymnasium bowls
  • Large entertainment venues (e.g. music and theater halls, night clubs)
  • Trade shows
  • Urban hotspots
  • Airports

Combined, these use cases comprise less than 1% of all Wi-Fi installations.  In other words, the opposite of what many marketing departments would have you believe. Let’s look at this from another angle. Here’s a list of use cases that do NOT fall into the category of HDHT, but may have other technical challenges or requirements, yet these same marketing departments want customers to believe they are HDHT environments.

  • K-12 classrooms*
  • Malls
  • Majority of airports

* Note: Some folks believe that one AP per classroom (or even one AP per two classrooms) is a bad idea due to adjacent channel interference (ACI) or co-channel interference (CCI), but that’s a design matter based on a long list of design criteria that can include wall construction materials, AP output power, client device type, client device output power, and MUCH more. I assert that one AP per one (or two) classrooms is a good network design in many K-12 environments, and this usually means less than 35 devices per classroom, worst case. 35-70 devices per AP (2 radios) does not constitute high-density, but may necessitate good L1, L2 QoS, and L7 handling.

Consider all of the common deployments that constitute the majority of WLAN environments:

  • Office environments
  • Warehouses
  • Manufacturing
  • Hospitals
  • Distributed healthcare facilities
  • Cafes
  • Bookstores
  • Hotels

So if HDHT handling isn’t a big deal in 99% of the use cases, what is important? If you ask that question to those same vendor’s marketing departments, they would say Performance! Once again, I call B.S.

After speaking with a variety of network administrators and managers, I’ve found it very difficult to find anyone who can produce statistics showing an AP sustaining more than 10Mbps over the course of an 8-hour business day. Even the peak throughput on the busiest APs aren’t all that high (a couple of hundred Mbps sustained only for a couple of minutes while large files are being transferred). It’s been my experience that busy branch offices, with a single AP serving 50-60 people, is where you find the most sustained WLAN traffic over a single AP.

If 10Mbps is considered “a very busy AP”, and decent 2×2:2 802.11n APs can sustain 200+Mbps of throughput across two radios given the right RF and client environment, then why is everyone talking about performance? I hear vendors bragging about their 3×3:3 11ac APs being capable of 900+Mbps of throughput under optimal conditions. While that kind of throughput is sexy to IT geeks who think that “too much is never enough”, most customers just want it to work. At 200-400 Mbps of throughput for 802.11n APs, why do we care so much about buying premium-priced 11ac APs again?

What do we get out of those 11ac APs anyway? 256QAM is useful only at short range and only for 11ac clients. TxBF is only good at mid-range, and only for thoses client that support it, which is basically none. Rate-over-range is better for uplink transmissions, but if you’re designing for capacity, voice, or RTLS, then this is of no consequence. There may be slightly fewer retransmissions due to better radio quality, but that’s mostly “who cares” also. Bottom line: don’t upgrade your 11n infrastructure for the purpose of speed. If speed (e.g. rate-over-range and raw throughput) is your goal, spend your budget on refreshing your 11ac clients first.

Customers who rush out to buy the latest, greatest, fastest AP end up paying a big price premium for a performance gain that they’ll never, ever, ever, ever use. It’s just silly. They get duped by the marketing message that HDHT handling and ultra high-performance matter in 99% of use cases, when in fact it matters in <1% of the real world use cases. Wi-Fi infrastructure technology is progressing quickly, and the PHY/MAC layers are so far ahead of typical use cases that customers should be focused on correct Layer-2 design and receiving value above Layer-2:

  • Robust, global, cloud management and services option
  • Strong security, compliance and reporting
  • Device tracking / location services
  • Social media integration (i.e. Facebook, LinkedIn, Twitter)
  • Guest and retail analytics
  • Managed services enablement

If you’re going to buy (or upgrade to) an 11ac infrastructure, there’s a very important reason to do it that is unrelated to the speed at which you move frames across the air: intelligence. Some APs don’t have the horsepower to do any significant local processing, and that leaves three options related to infrastructure intelligence:

1) don’t have any
2) send everything to the cloud
3) send everything to a controller

I prefer that APs have enough oomph to get the job done if that’s the optimal place to do the work. There are times when using the cloud makes sense (distributed, analytics), there are times when using the AP makes sense (application visibility/control), and there are times when using a controller makes sense (2008-2009). #CouldntResist

I’ll summarize all of this by asking that prospective customers of Wi-Fi infrastructure remember that they will likely never use even a small fraction of the throughput capabilities of an AP. What will have a significant impact is Wi-Fi system cost, Wi-Fi system architecture, and network design. Don’t get duped by the loud, obnoxious marketing hype around the speed/throughput. Think twice, buy once.

 

802.11ac, 802.11n, Best practices, WLAN planning

Distributed Healthcare Needs Wi-Fi That Works at Scale

February 18th, 2014

The growth and adoption of mobile technologies is impacting businesses in multiple industries, and we can see strong evidence of this by looking at the healthcare industry. I just returned from the WLAN Professionals Conference in Austin, TX where I heard first-hand evidence of this in a presentation on Continuous Wireless for Medical Devices. A strong emphasis was placed on improving patient safety through the use of mobile technologies that enabled doctors, nurses, and assistants to effectively handle their ever-increasing workload.

A reliable, stable, cost-effective, and simple to manage WLAN is required that enables healthcare professionals without causing undue distraction from their primary objective to provide high-quality patient care. The question then becomes, “how can WLANs provide these qualities for distributed healthcare organizations?”

Cloud Architecture

Network stability and availability is of primary importance for healthcare professionals relying on mobile devices to provide patient care. What’s more, this network stability must be provided in a cost-effective and simple to manage manner. Rather than relying on expensive wireless LAN controllers that are complex to manage and represent a large risk to the organization as a single point of failure, AirTight has developed a mature cloud architecture over the past 7 years that simplifies the network and is resilient to outages – the network continues to function even if cloud access is disrupted.

AirTight's datacenter locations

AirTight’s datacenter locations

Centralized Management

Distributed healthcare organizations have hundreds or thousands of locations that all require Wi-Fi access. With traditional Wi-Fi solutions, this represents a massive amount of effort to stage, configure, deploy, and manage each site individually. Even with centralized management, most Wi-Fi solutions still fail to effectively deliver simplified network management for a large number of locations.

AirTight solves this problem with hierarchical location-based administration. This allows administrators to configure one policy that is inherited across all locations. If a subset of locations require a deviation from the central policy, it is simple to override the inheritance for only the settings that deviate while still adopting the remainder of the policy. Inheritance and configuration policy can be applied at any level of the location hierarchy, thus providing both the simplified management of a large number of locations while allowing for variations.

Automatic and Reliable Security

The increase of digital information requires solutions that secure patient data and privacy. Most Wi-Fi security solutions focus solely on protecting only the infrastructure, require tedious manual configuration and tuning, and result in error-prone detection and alarming that swamp the user with false alerts.

hipaa

AirTight solves these challenges with integrated wireless intrusion prevention (WIPS) that secures both the infrastructure and mobile devices from attack. Our industry leading wireless intrusion prevention system addresses the physical and technical safeguards defined for protecting Electronic Protected Health Information (EPHI), preventing unauthorized wireless access to online medical records as well as securing the network from wireless security breaches. AirTight wireless security solutions stop wireless threats in their tracks, protect patient privacy and ease the IT burden for maintaining a robust wireless network. AirTight automatically detects, classifies, and remediates wireless threats to protect patient confidentiality, ensuring a robust wireless infrastructure that is performing well and meets HIPAA compliance. (See also our earlier post: Wi-Fi and HIPAA – A Tricky Combination).

Healthcare organizations require a WLAN that enables staff to provide high-quality patient care in a cost-effective, scalable, and highly secure manner. Be sure to visit the AirTight booth at HIMSS to find out more about our solutions for distributed healthcare.

Compliance, Healthcare, WiFi Access ,

Healthcare, Wi-Fi and HIPAA – A Tricky Combination

February 12th, 2014

What a great start to year on the industry events front – we started with NRF in January, looking forward to HIMSS and our ACTS event in February, and MURTEC in March. In NRF, high points of discussion were around Social Wi-Fi and analytics. That said, topics of security and PCI compliance were also high on the agenda prompted by the Target credit card breach that occurred just before NRF. I expect to there will be a lot of security discussions at HIMSS too.

Healthcare, Wi-Fi and HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. It is enforced by the Department of Health and Human Services (HHS), and implemented by regulations of 45 CFR. Among other provisions it has rules mandating that healthcare organizations safeguard the privacy and security of patient health information. These privacy rules apply to patient information in all forms and the security rules apply to patient information in electronic form called as Electronic Protected Health Information (EPHI). EPHI is any patient information transmitted over a network and stored on a computer.

HIPAA states privacy and security guidelines at high level. They do not require specific technology solutions, but are clear that reasonable and appropriate security measures must be implemented. For example, Section 164.312 has clauses requiring technical policies and procedures to allow access to EPHI only to authorized persons or software programs, to prevent improper alteration or destruction of EPHI and to protect health information transmitted over electronic communication network. Section 164.308 requires among other things identifying, responding, mitigating and documenting suspected or known security incidents.

AirTight WIPS

Protection from vulnerabilities for wireless access layer

What does all this mean to Wi-Fi? Today, healthcare is seeing a flood of wireless enabled devices in day to day operation.  Hospitals are increasingly providing Wi-Fi for doctors to access medical records and VoIP for staff communication. Healthcare facilities are increasingly using Wi-Fi-enabled medical devices. This makes Wi-Fi a dominant EPHI access layer in the healthcare environment. Hence, Wi-Fi security controls built into access points (APs) and covered by intrusion prevention system (WIPS) become relevant to satisfy HIPAA security rules as applied to the access to EPHI over Wi-Fi. For example, just as it is important to enforce strong authentication and encryption on managed APs and to control BYOD, it is important to ensure that unmanaged rogue APs do not open holes into healthcare networks that store and transmit EPHI or to ensure that doctors’ tablets do not connect to Evil Twins or neighborhood APs. Comprehensive reporting and forensic capabilities are also required to satisfy the auditing requirements of HIPAA.

How our customers are addressing security and compliance for EPHI

Over last many years, we have worked with several healthcare organizations to satisfy HIPAA requirements pertaining to Wi-Fi using AirTight’s overlay WIPS and using AirTight’s software configured access point/WIPS combos. Below are some examples.

  • Overlay WIPS in large hospital complex – Maine Medical Center (MMC) is 10-building, 68-floor, 2-million square feet healthcare complex in Portland, Maine. As an early adopter of Wi-Fi technology in healthcare information systems, the MMC has large deployment of Cisco WLC Wi-Fi. However, MMC is also security conscious and performed deep down analysis of security offered by various wireless security solutions. MMC chose to overlay AirTight WIPS on top of Cisco WLC.

AirTight has integration APIs for an easy overlay on Cisco WLC Wi-Fi. Moreover, AirTight WIPS comes out to be more cost efficient from both Capex (as it does not require controllers and MSE) and Opex perspective (due to freedom from false alarms and configuration overhead) than Cisco wireless security.

  • Access Points/WIPS for distributed clinics – CHS Health Services operates onsite clinics delivering full-service solutions for a broad spectrum of industries. Due to highly distributed nature, CHS is concerned about security as well as management of it Wi-Fi infrastructure. Faced with those challenges, AirTight cloud managed Wi-Fi which has WIPS built into it at no extra cost fit the bill. In addition, AirTight’s software configurable dual radio APs provide CHS the flexibility of choosing the right balance of access and security scanning radios to fit nature of each facility.

Overall, Wi-Fi can contribute greatly to enhance the quality of healthcare by providing easy access to information and mobility of healthcare staff. With Wi-Fi however comes risk of new and evolving security threats and compliance violations. As a result, choosing right security solution becomes imperative to be able to reap full benefits of Wi-Fi for the betterment of patient care! Visit AirTight booth at HIMSS to find out more.

Compliance, Healthcare, WiFi Access

Reflections on Wireless Field Day 6

February 6th, 2014

What a week it was with WFD6 edutainment! Great minds from different vendors presented their great Wi-Fi stuff during WFD6. With so much happening, our challenge was to fit in as much update as possible in two hours.

Cloud comes first

Cloud is what AirTight is and will be evangelizing for years to come. Cloud is much more than just making device configurations remotely from a manager hosted in the Internet. Efficiency of cloud operations, provisioning to suit multiple business models including managed service providers and aggregation of services into single sign-on architecture will dictate what cloud Wi-Fi is about. We are focused on exactly this approach and WFD6 was an opportunity to display some of AirTight cloud’s capabilities to a tech-savvy audience. They say that what matters for success in e-commerce business is not just what is online, but what is in the back-office technology and processes. This applies to cloud Wi-Fi too. In order to scale the cloud, your back-end has the biggest role to play.

AirTight Networks Evolution – Cloud & MSP

Our security DNA: wireless intrusion prevention (WIPS)

WIPS business has been our hidden jewel, because we cannot publicly talk about most of customer success stories to abide by their security policies. There are subtle but crucial points which differentiate between WIPS adding value to infrastructure security or just becoming a nuisance due to false alarms. Whenever we get to demonstrate this point one-on-one with customers in bakeoffs, it was always an “aha” moment and they chose us as an overlay vendor on top of other Wi-Fi infrastructure. It is cheaper from TCO perspective and more secure. While that trend continues, now that WIPS is available at no extra cost with AirTight APs, we will see even more enterprises benefiting from it.

AirTight Networks WIPS at Wireless Field Day 6 WFD6

Finally, the great balloon heist

No WFD6 blog can be complete without the mention of our Wireless Field Day balloon. While WFD5 balloon was put to rest during a short off-camera ceremony at the beginning of AirTight’s session, a new contender has already emerged.

Watch the videos from WFD6:

More on AirTight from WFD6 delegates and participants:

AirTight Networks Rising by Lee Badman (@wirednot)
Wireless Field Day #6 – Day 1 Recap by Glenn Cate (@grcate)

WiFi Access, Wireless Field Day

AirTight at Wireless Field Day 6 #WFD6

January 29th, 2014

Thanks to all who watch the AirTight session live stream!

Videos

You can watch the WFD6 videos on our YouTube channel.

Twitter Highlights

Here are Twitter highlights from the event (in reverse chronological order, so you will get the praise first :-) )

If you are following the event live, use hashtags #WFD6, #MSP6 and #WiFun.

Follow @AirTight on Twitter for live updates.

You can follow WFD6 delegates on Twitter using our Twitter ist.

Wireless Field Day

Wireless Field Day 6 – We’re Back!

January 27th, 2014

Update:

Please see our recap of Wireless Field Day 6

Original post:

Last August, AirTight Networks made its Wireless Field Day debut. We had such a good time with all of the delegates and organizers that six months later we’re back as the opening presenters for WFD6 on January 29, 2014, 10 a.m. Pacific.

We welcome the returning delegates

  • Sam Clements
  • Blake Krone
  • Keith R. Parsons
  • Jennifer Huber
  • Lee Badman
  • Jake Snyder
  • George Stefanick

And also four new delegates!

  • Scott Stapleton
  • Richard McIntosh
  • Evert Bopp
  • Germán Capdehour

Of course we want to thank the Tech Field Day team for their hard work on this event

  • Stephen Foskett
  • Tom Hollingsworth
  • Claire Chaplais

Watch us live (or watch us later)

You’ll be able to see our presentations streamed live at Techfieldday.com. After the event we’ll provide links to the recordings on our web site.

10 am to noon—Pacific, Noon to 2 pm—Central, 1 pm to 3 pm—Eastern

What are we presenting?

Well that’s for you to find out on Wednesday, but here are a few clues to get you started. Another hint: if you ask enough questions on Twitter, perhaps things will start to become a little clearer.

In memory of No. 5

AirTight #5 balloon

Have you seen our balloon?

While WFD5 was an awesome experience, it was tainted with sadness and grief as our much loved #5 balloon disappeared from our premises at the end of the event. The last sighting was at the Meru WFD5 presentation. An investigation proved that Meru was in no way complicit with the disappearance. So perhaps the balloon acted on its own accord and stowed itself away on the delegates’ bus (highly unlikely). It may have been lured away by a bad man (possibly), or was unwittingly taken by an overly enthusiastic delegate caught up in the celebration (maybe likely).

So during your busy day, please take five seconds to reflect on our missing silver mylar number 5 and please keep your eyes on your own balloons – keep them safe and tell them that you love them.

Have a safe and enjoyable Wireless Field Day!

WiFi Access, Wireless Field Day ,

5 Reasons Why Facebook Wi-Fi is for Local Biz, but Not for Retail Enterprises

January 23rd, 2014

Netgear recently announced integration with Facebook on their APs using Facebook Wi-Fi API. Meraki and Cisco have also announced the same capability on their APs. Facebook Wi-Fi franchise is growing. It is easy to configure and get working (except when used on Cisco APs, which requires running separate CMX VM and per-AP license). That is good news for local businesses. However, does this architecture meet the requirements of mid-size to big retail enterprises? Not so fast! Let me explain.

Retail enterprises operate multiple stores across regions, states or countries. They run targeted marketing campaigns for customer engagement. This puts certain requirements on Social/Wi-Fi integration for retail enterprises, which are currently unmet with Facebook Wi-Fi integration.

1) Omni-channel marketing is essential for maximum reach

Facebook Wi-Fi allows only Facebook logins, obviously. So merchants miss out on other social channels like Twitter, Google+, Linkedin, Foursquare, etc. In addition to social logins, enterprises also want to promote brand loyalty programs when users access guest Wi-Fi. Facebook Wi-Fi does not allow this as well.

2) In the absence of social handles, there is no direct touch with the customers

In Facebook Wi-Fi, the update about the user being present on that Facebook page is automatically distributed when the user logs into Wi-Fi with Facebook credentials (hence, they call it check-in instead of login). However, the merchant does not get the social handles of these users. Note that this is despite the fact that these social handles are public information and the user discloses via check-in (whose default setting is “public”) the presence at that location. Without social handles, merchant cannot have direct touch with the customers. Retail enterprises thus require provision to obtain opt-in social handles of customers, which is not possible with Facebook Wi-Fi integration.

3) Need for customizable incentives to fuel social engagement

Retail enterprises want to provide incentives for using social logins – coupons or other ways to engage with the brand like premium status in the loyalty program. They may also want to provide additional incentives to user for taking a further step to Like or Follow the brand, or joining a loyalty program. Like or Follow has the benefit that the merchant can then reach out to the user with one on one messaging (much like email). Facebook Wi-Fi has only one simple incentive built in it – if you don’t use Facebook login, you may not get free Wi-Fi, though merchants do not have to enforce this as there are provisions in the configuration to bypass it or use a code in lieu of a Facebook login. In any case, the Facebook Wi-Fi check-in does not facilitate customizable incentive programs to encourage social engagement.

4) Comprehensive analytics and data ownership are important

Social Wi-Fi can provide retailers with rich analytics and user demographics. Retailers also want to own the analytics data. They want the analytics data available in standard format for integration with their existing marketing platforms. However, with Facebook Wi-Fi, engagement data is within Facebook and mixed up with all the other Facebook interactions.

5) No scaling for multi-store environment

This one is a bummer! The automatic update that is posted to user’s Facebook timeline subsequent to a login includes location address configured in the Facebook page. So, if you operate 50, 500 or 5000 stores, each location needs to have its own Facebook page. If you use single page for all those locations, the user location update will go with address configured in that page which may be inconsistent with the actual location where user checks in. This is just an example of how Facebook Wi-Fi is not designed with multi-unit retail enterprise in mind.

Facebook-Wi-Fi-for-multi-site

If you’re an IT or a marketing manager for a retail chain, imagine setting up dozens or hundreds of Facebook pages for your branches

AirTight Social Wi-Fi integration with Facebook, Twitter and others

In contrast, AirTight Networks’ social Wi-Fi is designed with multi-unit retail enterprises in mind. It uses a cloud-hosted captive portal that interacts with users on one side and multiple social media apps including Facebook, Twitter, LinkedIn, Google+ etc. on the other. The portal provides all the knobs to customize the campaigns including incentives, landing pages and updates. The captive portal securely stores social engagement information including social handles and demographics that user has chosen to share. The portal provides cleanly segregated and rich Wi-Fi analytics and also makes analytics data available to merchants in standard formats.

For more information:

Learn more about AirTight Social Wi-Fi + Analytics.

Watch a 5-min video on best practices in retail analytics.

Read our blog post on analytics data ownership (hint: in many cases, you don’t own the analytics data your Wi-Fi system generates)

 /Image via Facebook.

Retail, WiFi Access

Retail Analytics: Who Owns The Data?

January 14th, 2014

At AirTight Networks, we talk a lot of SMAC (Social, Mobile, Analytics, Cloud). Together these forces have come together to significantly impact and radically change various markets. It’s not hard to wax eloquent about SMAC for long periods of time, but in this article, I want to focus only on the Analytics piece – that numerical, statistical, miracle whip that drives business decisions.

Analytics Data: Type and Collection

In the SMAC model using Wi-Fi as the Mobile piece, data is collected from Wi-Fi access points. The analytics data itself generally falls into one of two categories: 1) Presence, and 2) Opt-in.

Presence Analytics
Presence Analytics is, as it sounds, focused around whether the client device is on-location (“present”) and whether it is inside or outside a boundary (e.g. a store front). This type of data is device-specific (MAC Address), independent from the user of a device (contains no user-identifying information), and therefore anonymous. It is collected by using Access Points (APs) to scan the air and to gather MAC addresses (which only a hashed representation thereof is stored). Presence Analytics can be used for a variety of things, but some examples might include:

  • Understanding total foot traffic (e.g. how many visitors came to your location)
  • Understanding capture rate of visitor traffic (e.g. which visitors came inside your store front and which ones stayed outside)
  • Understanding dwell time (e.g. visit duration) either inside or outside your location

AirTight Presence Analytics

The same capability that enables Presence Analytics also enables similar functions like Loyalty Analytics. Examples of this might be:

  • Understanding visitor frequency (how often do they come to see you?)
  • Understanding visit recency (when was the last time they came to see you?)
  • Understanding repeat visitor information (how many times have they come to this location over a period of time?)

Analytics: Unique visitors

Opt-in Analytics
Opt-in Analytics are obtained through a process whereby a person uses his/her mobile device to willingly engage the wireless infrastructure (and associated back-end systems). The typical scenario involves the use of a Captive Web Portal (CWP) to display terms and conditions and to allow the user to authenticate (log in) using one or more methods, such as:

  • Phone Number with SMS verification
  • Social Media integration (e.g. Facebook, Twitter, Google+, or LinkedIn login APIs)
  • Guestbook function where the user fills out a web form

Regardless of the process, the user is agreeing to the use policy in order to obtain a benefit, which is most often free Wi-Fi access, promotional coupons, location services, or perhaps all of these and more. The use policy allows the infrastructure to collect a specific amount of the user’s personal information that is determined by the user at the time of authentication.

Other Types of Analytics

Of course, all of those are just simple examples, but to be honest, analytics can get pretty sophisticated. Consider other types of relevant data, such as Engagement Analytics and Wi-Fi Usage Analytics.

Engagement Analytics 
Engagement Analytics might, for example, consist of:

  • Conversion and Bounce Rates (Did they come inside or stay outside? Did they use the Wi-Fi while in the store? Did they buy anything while in the store?)
  • Social Media Wi-Fi Authentication Visitor Logs (Who are they?)
  • Social Media Wi-Fi Authentication Demographics (How old? Male/Female? Where do they live?)

Engagement Analytics

Engagement Analytics allow the organization owner to pair up the device (which is identified with Presence Analytics capabilities) with the user of the device (which is possible because of Opt-in capabilities) and then tie those capabilities into back-end systems such as their CRM. That CRM system could then be used, in conjunction with the wireless infrastructure system and analytics engine, to:

  • Identify and locate a user’s device when it arrives on-location
  • Understand the owner of the device’s habits and desires (e.g. purchasing habits/desires if in retail)
  • Push context-relevant, location-relevant, and personalized content to the user in a timely fashion
  • Provide an entertaining experience while on-location

It might sound space-age, but it’s the holy grail of the retail market right now, and other markets will likely follow suit when retail has proven that it can be done well, end-to-end.

Wi-Fi Usage Analytics might, for example, consist of:

  • Device Types
  • Data Traffic
  • Session Duration

Having access to data such as average session duration may allow a quick service restaurant (QSR) to make a decision about how to configure their Wi-Fi infrastructure system. Some Wi-Fi infrastructure systems have a “black out timer” that imposes a no-use time after a configured period of use time. This type of data may help a coffee shop decide on whether to write their new mobile app for iOS or Android first. It may allow a financial services firm to decide on whether to upgrade their Internet backhaul pipe or apply protocol filtering to block peer-to-peer file sharing applications. There are 101 uses for Wi-Fi Usage Analytics.

All that rich data is just waiting to be mined for business-transforming information that can be easily organized into useful formats and compared across locations, and can help you decide on marketing spend and business expansion. All you need to get started is the right Wi-Fi solution.

Analytics Data Ownership

“Houston, we have a problem.” Yeah, that’s you when you find out that you don’t own the data…

“Say what? That doesn’t sound right…are you sure? Wait…where’s my contract! What do you MEAN I don’t own the data?” Yep, that’s you again…quickly growing worried and agitated since you’re the one who recommended the Wi-Fi vendor who’s either holding onto your analytics data awaiting ridiculous additional monthly fees or who has an analytics business partner who’s trying to perform unnatural acts with your wallet while the Wi-Fi vendor keeps you distracted.

“But it’s my system! It should be MY data! These are MY customers for crying out loud…who else’s data would it be?”

Oh, don’t worry… your analytics vendor has you covered. They can fix you up for… $_______ per AP per year. Or as my man Alan Jackson might say, “But don’t be downhearted, I can fix it for you, Sonny; It won’t take too long, it’ll just take money.”

Of course, if you buy AirTight Networks Wi-Fi and analytics, YOU own the data.

 

 

 

Retail, WiFi Access ,

AirTight Networks Joins with EarthLink for Social Wi-Fi and Analytics

January 13th, 2014

AirTight Networks secure cloud Wi-Fi will power EarthLink’s new WiFi/WIPS solution designed for the multi-unit retail industry. EarthLink announced the upcoming launch of this solution at NRF 2014.

Cloud, analytics, simplicity set AirTight apart

“Consumers are already using their mobile devices in-store to enhance their shopping experience. With EarthLink WiFi, retailers can roll out corporate applications to connect with those consumers and service them more efficiently, while gathering valuable data for marketing and store operations. AirTight’s offering stood apart with its cloud-based management, rich retail analytics and ease of deployment.” — Greg Griffiths, EarthLink Vice President of Retail Solutions

Live social media integration demo at NRF

The solution will be demonstrated at AirTight’s booth #1256 and EarthLink’s booth #1567. AirTight and EarthLink experts will be on hand to demonstrate and discuss the Wi-Fi offering. Visitors to either booth will get to experience the social media integration capabilities by logging into an actual social media portal. The demo will build AirTight’s and EarthLink’s social media reach, and visitors will get something of value – the same experience retailers are now able to provide in their stores.

Wi-Fi – now Infrastructure as a Service

“EarthLink’s full-service network capabilities make our enterprise-class Wi-Fi and security accessible to all retailers, whether small or large. Through our partnership with EarthLink, the technology can now be delivered as Infrastructure as a Service (IaaS). The IaaS model is ideal for multi-unit retail, where IT resources are often not available at an individual store level.” — Kevin McCauley, Director of Retail Market Development at AirTight

Retail-ready, “business first”

AirTight has served retailers for over a decade and has translated that knowledge into an enterprise-grade solution that does not compromise on features and security. AirTight’s secure cloud Wi-Fi dramatically reduces IT resources needed to roll-out and manage the network, resulting in low total cost of ownership. This is Wi-Fi with a “business first” approach, delivering business intelligence and brand engagement. The solution is retail-ready right out of the box, with secure guest and private Wi-Fi, PCI compliance scanning and 24/7 protection from wireless threats.

‘Appification’ of Wi-Fi

“The partnership with EarthLink validates the maturity of our cloud offering and our focus on the ‘appification of Wi-Fi. AirTight has raised the bar on wireless connectivity, converting it from ‘IT plumbing’ to a revenue-generating business initiative. We are excited about partnering with the number one managed service provider in North America and getting this solution into the hands of many more retailers.” — David King, CEO of AirTight

Are you at NRF? See the demo yourself and get a signed copy of The Retail Revival by Doug Stephens courtesy of AirTight. Meet Doug Stephens on our booth between 2 and 3 p.m. on Monday January 13, 2014.

NRF-2014

Retail, WiFi Access ,

Will Target Breach Prompt Retailers to Raise the Security Bar?

January 8th, 2014

Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)

After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?

Don’t be content with “compliance”, demand “security”!

Retailers in these types of breaches often pass the security audits like PCI with flying colors. That exposes the harsh reality that security is distinct from compliance. 2014 is the year of the world cup soccer (football). So let us use soccer analogy to understand this distinction.

Compliance vs security, wireless PCIWhen you are defending a free kick in soccer, you make a wall and your goalkeeper is on alert to block the ball that could go through or around the wall. No soccer team would be comfortable with a sole reliance on the wall and allowing the goalkeeper a break during the free kick. The wall is like “compliance” – it’s one line of defense.

Retailers work hard to get check marks from auditors on their PCI compliance. Vendor marketing does a good job of selling features that help get those coveted check marks. Compliance does help improve the security posture, but is it adequate? Every now and then, this line of defense is breached and if the goalkeeper isn’t standing behind the wall, you are toast! However, if you demand security in addition to the compliance check marks, you can build that inner line of defense.

How will you know if you have the inner line of defense or not?

That is a hard question. One way to answer it is that whether you have it or not depends on the compliance solution you have chosen. If you are using a solution which has compliance reporting bolted on to meet the compliance standard in letter, you probably lack the inner line of defense. On the other hand, if your solution offers PCI compliance as a natural outcome of the strong security fundamentals, you automatically get the inner line of defense.

I can testify to this dichotomy from my experiences with the wireless PCI compliance standard and solutions that are touted to facilitate meeting that standard. Many Wi-Fi vendors have come up with bolt-on WIPS (Wireless Intrusion Prevention System) features with check mark PCI reporting. The real question to ask is: While these systems generate PCI reports in letter and may please your auditor, will they pass the security scrutiny in spirit? So, what are some of the questions you should be asking when scrutinizing the wireless PCI solution to ensure that you are getting the security in addition to the compliance?

  • How much of the security information that the PCI report contains is based on actual scanning of the environment? I have seen many PCI reports based mostly or even entirely on the Q&A type documentation or PASS/FAIL check marks merely based on what feature configuration in enabled in the system. That is fail on security.
  • Is threat scanning 24×7 or is it only occasional spot scanning? PCI does not require 24×7 scanning. It only requires quarterly scanning, but didn’t we just say that we are not interested in mere PCI check marks, we want security. Notably, entire Target breach occurred only over 3 weeks – that is much smaller period than a quarter!
  • Does the scan merely throw raw data at you or does it filter out genuine threats so you can actually act to mitigate them? All too often, I have seen wireless PCI reports simply document all APs seen across all locations to satisfy the so called rogue AP scanning requirement. So, if the report shows 10,000 APs found in of the scan of 100 remote retail locations or 100,000 APs found across 1000 remote retail locations, how in the world are you going to distinguish threat posing APs from this list? If you can’t, this report will meet the PCI clause in letter, but fail miserably on improving the security posture.
  • Is the solution capable of detecting all types of vulnerabilities? For example, can it identify various types of rogue APs? If it only can identify a few types of rogues (such as rogues with correlation between their wired and wireless MAC addresses – so called MAC adjacency), how can you trust that report since there could be unidentified rogue APs connected to your CDE (Cardholder Data Environment) among the large number of APs detected during the scan?
  • Is the solution capable of automatically containing the identified vulnerabilities? Although automatic mitigation is not a PCI requirement, in large nationwide deployments, automatic containment is a requirement for security. Automatic containment reduces the window of vulnerability. Moreover, automatic containment has to occur without  false alarms which can disrupt your  and neighbors’ legitimate operations.
  • Is the solution certified against security standards other than PCI? Again, this is not a PCI requirement, but it meets the litmus test of strong security fundamentals of the solution.
  • Is the solution capable of full security operation at the store level without critical dependence on WAN links?

Does security have to cost more than compliance?

Again, the answer depends on the compliance solution you have chosen. If the solution has PCI compliance reporting bolted on to check against clauses in the standard, you will probably have to add security on top of it, paying considerably more from a total cost of ownership perspective or continue to carry the risk of a breach. On the other hand, if the solution offers PCI compliance as a natural outcome of the strong security fundamentals, you can get security without the extra effort or cost.

With Airtight, there isn’t a chasm between compliance and security

AirTight provides a wireless PCI compliance solution that also meets the critical security criteria. Central to AirTight’s solution is its best in class wireless intrusion prevention engine, the only one today to earn the highest industry ranking. It excels both in the depth of security and the ease of use at the same time – due to core innovations and patented technology. So with this PCI solution, retailers can enjoy the same level of security that financials, governments and defense organizations demand without the additional complexity and cost.

In order to simplify the deployment and management across 100’s or across 100’000’s locations, AirTight provides cloud managed PCI solution with its plug & play APs/scanners in stores and centralized management console in the cloud. In fact, it was the first to launch such a solution when wireless scanning was added in the PCI standard after the TJX breach in the past.

24×7 wireless PCI scanning and WIPS are an intrinsic part of AirTight’s Secure Wi-Fi offering and is provided at no extra licensing cost. It also offers pure OPEX pricing model for its solution to further alleviate the cost burden. Moreover, retailers can also leverage AirTight’s social Wi-Fi and business analytics built into its retail Wi-Fi offering to increase brand following, recruit into brand loyalty programs and offer secure guest Wi-Fi services in stores. It can’t get better than that!

Wishing you a happy and SECURE 2014!

Upcoming events

Meet AirTight at NRF14 on Jan 13-14 and at ACTS event on Jan 15.

Tune in to AirTight’s technology sessions at WFD6.

 

Best practices, Compliance, PCI, Retail, Wireless security , , , , , , , ,