he Evans Wireless Development Survey is a detailed report of extensive, in-depth interviews with almost 500 developers active in wireless application or infrastructure development. It was conducted in the Fall of 2004. All text and analysis herein provided by Evans Data.
Barriers of Adoption: Security
When wireless developers were asked their opinion on whether or not security was a some form of barrier to widespread adoption of mobile devices and services, 85 percent felt that it was. Evans Data respectfully disagrees with this opinion, theorizing that the vast majority of consumers care more about the “gee-whiz” factor of their wireless devices than security.
|Figure 3. Most Common Security Mechanism: This graph shows the type of security mechanism that will be the most common.|
The main problem with wireless networks is that most are unprotected. The simple fact is that 70 percent of wi-fi networks don’t make use of such readily available security offerings like WEP. Those exposed networks are easily exploited by the unscrupulous.
The average user is extremely pleased if they can get devices from multiple vendors working at all, let alone securely. If the widespread consumer base was concerned about security, the current plagues of email “virii” that are dependant on opening attachments simply would not be possible.
The Type of Security Mechanism that Will Be the Most Common
Currently, there is no clear technology leader in the mobile and wireless space with regard to the security mechanism developers choose when building applications. Additionally, unless a developer specializes in security, there can be definite overlap in their selection. For example, choosing PKI does not rule out the usage of SSL, digital signatures, and data encryption mechanisms.
|Figure 4. The Question: Which of the following security mechanisms would you be most likely to use on your wireless apps?|
They are all interrelated and supportive of each other. SSL relies on digitally signed certificates provided by a trusted third-party PKI certifying authority, which enables encrypted data channels and allows for safe user authentication for Web login scenarios.
PKI ranks first in usage by 15 percent of wireless developers surveyed, followed shortly by SSL/TLS. When the two options are combined, PKI/SSL solutions are selected by just under a third of all developers surveyed. Vying for third-place, user authentication/password protection, WAP 2.0 security, and digital signatures are each selected by one out of 10 respondents.
On the next page, we’ll look beyond speculation and find out what security mechanisms developers are actually *using* in their enterprises.
Most Common Types of Security Used in the Enterprise
As with previous questions relating to connectivity/data access, responses to the various types of security in enterprise usage were cross-tabulated by developer type; corporate enterprise or independent. Overall, the disparities between corporate and independent wireless developers are reasonably similar with the exception of a few cases.
Independent developers are far more likely to use SSL/TLS secure channel encryption, which is supported by the vast portion of this segment which chose “Encryption of data before it is sent.”
Wireless developers who identified themselves within the corporate enterprise sub-group we most likely to use “Digital Signatures,” “VPN,” and “Public Key Infrastructure” mechanisms in their solution designs.
How Many Tiers in Enterprise Wireless Apps?
When our survey group was divided into corporate enterprise and independent segments, we cross-tabulated the preferred tiered design choices used in wireless applications architectures. Overall, the divergence was not large, except in a few areas.
Corporate enterprise developers prefer three-tied designs over any other type, by a margin of 12 points?quite a noticeable split. This can be directly linked to the long-term and successful push from various enterprise platforms?corporate developers are very comfortable with this architectural design paradigm.
The largest disparity is the answers in the “Don’t Know” category. Nearly three times as many independent wireless software developers do not know how many tiers will be in use. This is not due to a lack of technical expertise, but is mainly attributable to the consultative, client-driven nature their application designs.