The Granite Wall of Safety - Page 2

By Gerry Blackwell

February 11, 2004

Cranite also provides easy roaming between wireless subnets because it relays authentication information from the policy server to every access controller in the network. Maisel admits he didn't appreciate the importance of this feature himself -- until he visited his first hospital customer.

"Each hallway, each unit of the hospital is typically a separate subnet -- psychiatric, medical surgery and so on. As a doctor is doing his rounds, he's moving from subnet to subnet."

Because each subnet is alerted that the doctor has already been authenticated, she doesn't have to re-authenticate as she roams around the hospital. Many other Wi-Fi security solutions do not offer this level of convenience.

One of Cranite's boasts is that, given the architecture of its solution, it can make even inexpensive APs as secure as more expensive enterprise models. So companies using WirelessWall may be able to save money on other infrastructure costs.

"This is not to say that more expensive infrastructure may not have a lot to recommend it," Maisel says. "It could be more durable, for example. There could be a bunch of other values that make it a better choice, but [if you're using WirelessWall], security will not be any stronger."

The Cranite product is not in any case terribly expensive in the larger scheme of things. The company sells licenses for blocks of simultaneous users -- from 10 to 10,000. The cost is typically less than $100 per client.

Cranite right from the start targeted federal government customers. Today, 75 percent of installations are federal departments or agencies. Another 15 percent are state and local government clients. Municipal customers that want to create secure outdoor Wi-Fi networks for use by police, fire and other first responders have proven a good market -- the company just entered an agreement with FireTide , a mesh networking equipment provider, that could lead to more such installations.

Key to this market, was the FIPS certification. It did not come easily.

"It turns out to be a challenging process," Maisel says. "It takes a lot of time, patience and money." Several different entities can be involved and in the end the U.S. federal "spooks" departments give the technology a thorough working over in their "attack labs."

In fact, though, the Cranite product goes well beyond the FIPS specifications. "140-2 doesn't require mutual authorization, for example," Maisel says. "And it doesn't require that encryption be done at Layer 2. Good security demands this, but the standard does not."

The rest of the Cranite installations are enterprises, including the hospitals and other health care installations. The proportion of enterprise customers is on the rise, though, Maisel says. Health care in particular will be important.

"One of the things that has surprised us," he says, "is that hospitals are increasingly driven by concerns over liability. Corporate counsel often gets involved now."

"With the onset of HIPAA [the federal Health Insurance Portability and Accountability Act which requires health care providers to protect the privacy of patients] we've been contacted by a lot hospitals because we provide the only generally accepted [Wi-Fi security] seal of approval. It's a lot better if they get sued, if they can say, 'Well, we used the only thing certified by the federal government.'"

WirelessWall will likely remain Cranite's flagship product, but look for it to be beefed up with new components in the future that will make it a more complete solution.

"Customers are saying, 'We want to make the wireless network as secure as the wired network and that means we need other things to protect us.'"

Maisel is a little vague about details and timing, Cranite, he makes clear, intends to answer the call and provide a comprehensive solution for Wi-Fi networks.

Pages: 1 2

Comment and Contribute
(Maximum characters: 1200). You have
characters left.