Six Steps for Securing Your Remote Workforce at Scale

Originally Appearing in Fortinet Blog. Author: By Peter Newton
March 12, 2020

Business continuity and disaster recovery plans are designed to address an organization's need to quickly suspend normal on-site operations in the event of a power outage, illness, or natural disaster that may make it unsafe for employees to travel on-site. This plan needs to include the ability to quickly establish a secure, remote workforce.

Transitioning administrative staff, technical support teams, HR, marketing departments, and other workers who traditionally work from a physical office – along with access to their data and networked resources – to alternate work sites can be a daunting task. In addition to networking considerations, organizations should be aware that cybercriminals are prepared to exploit the weaknesses and security gaps that often arise during such events. Unprepared users and unsecured systems can quickly become conduits for malware and malicious activity. Since time is of the essence, security must be an integral element of any teleworker strategy.

Here are six things every organization should consider when faced with the need to securely move traditional on-site workers to remote locations.

Steps 1 and 2 – General Teleworker Requirements

To start, every teleworker requires access to email, internet, teleconferencing, limited file sharing, and function-specific capabilities (finance, HR, etc.) from their remote work site. They also require access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft Office 365.

VPN and Endpoint Security: Make sure all users have a laptop loaded with all of the essential applications they need to do their job. In addition, that laptop needs to include a pre-configured client to provide VPN connectivity to corporate headquarters.

Multifactor Authentication: Multifactor authentication helps prevent cybercriminals from using stolen passwords to access networked resources. To enable more secure access, every user needs to also be provided with a secure authentication token. These tokens can be a physical device (such as a key fob), or software-based (like a phone app), and are used when making a VPN connection or logging into the network to provide an additional layer of identity validation.

Steps 3 and 4 – Supporting Teleworkers with Advanced Requirements

Some of your teleworkers need advanced access to network resources to do their jobs. Systems administrators, support technicians, emergency personnel, and executive management teams often need to access and process extremely sensitive and confidential information or operate in multiple, parallel IT environments.

Persistent Connectivity: Pre-configured wireless access points enable secure connectivity from a user's remote location to the corporate network through a reliable, secure tunnel. For a more secure connection, a wireless access point can be combined with a desktop-based next-generation firewall to enable persistent connections, advanced admission control, and a full spectrum of advanced security services, including Data Loss Prevention.

Secure Telephony: These users also require a telephony solution that supports voice over IP (VoIP) to ensure secure communications. Both physical and soft client models are available that enable users to make or receive calls, access voicemail, check call history, and search the organization's directory.

Steps 5 and 6 – Creating a Secure and Scalable Headend

The other half of the equation is ensuring that the headend can scale to meet the sudden volume of teleworkers needing remote access to network resources while ensuring that network access is appropriately secured.

User and Device Authentication: A central authentication service connected to the network's active directory, LDAP, and Radius enables remote workers to securely connect to network services at scale. This solution should also support single sign-on services, certificate management, and guest management.

Advanced Perimeter Security: An NGFW solution needs to securely terminate VPN connections, provide advanced threat protection – including the analysis of malware and other suspicious content within a sandboxed environment before it reaches its destination, and high-performance inspection of clear-text and encrypted traffic to eliminate malware and malicious traffic. Scalability for this function is especially critical, as the inspection of encrypted data is extremely processor-intensive. Without advanced security processors designed to inspect high volumes of encrypted traffic, NGFW solutions can quickly become a bottleneck that can impact teleworker productivity.

A Secure Foundation Ensures Scalable Business Continuity

Business continuity and disaster recovery programs require a teleworker strategy that can support a remote workforce with little or no notice, without compromising network security. Such a solution needs to enable secure access to critical resources while scaling to meet the demands of your entire workforce on day one.

These business continuity solutions also need to be easily deployable and configurable, ideally with zero-touch provisioning, to enable a quick transition to a remote workforce while maintaining full security visibility and control regardless of their deployment environment. This ensures that your organization can quickly respond to critical events with minimal impact on productivity and profitability.

Clearing the Air on 5G

Originally Appearing in War on the Rocks. Author: Milo Medin and Gilman Louie, March 13th, 2020

While much of the focus on 5G in the Western press has concerned Huawei, the Chinese telecom behemoth, there is another 5G storm brewing within the United States that involves America's largest telecom companies. Consumers might assume that this storm includes the standard competition between companies for better handsets or faster download speeds. But the fiercest battles are being fought between U.S. companies and the U.S. government over what parts of the electromagnetic spectrum to use for 5G development, and how to use them.

Unfortunately, several questionable proposals have recently bubbled to the surface that threaten U.S. national security and fail to provide an actionable strategy for U.S. 5G development. If enacted, these proposals will set the United States back in the race to 5G and further diminish America's competitive edge against China. Many of these proposals cite the Defense Innovation Board's 5G report published last April, which we co-authored. Unfortunately, many cite it incorrectly. It's time to set the record straight and clear the air on America's 5G development.

The U.S. telecommunications industry is pressing the U.S. government — and the Department of Defense specifically — to give up its critical positions on the spectrum access rights it now has and hand those positions to industry. Such an eviction would cause irreparable harm to U.S. national security and fail to create a viable U.S. 5G solution in time to compete with China. This proposal chooses to ignore a clear and viable alternative that would better support both the Defense Department and industry objectives: sharing spectrum with government instead of kicking government out.

The fight for spectrum began as a debate over spectrum location and has evolved into a debate over spectrum ownership.

The "location" debate revolves around which bands of spectrum businesses should use for building a 5G network. There are two main options: "sub-6" (1–6 Gigahertz, also known as "mid-band") or "mmWave" (24–300 Gigahertz, also known as "high-band") spectrum. Our report argued that, while mmWave can provide exquisite capability in targeted applications — particularly for the military — the telecommunications industry would need to focus on sub-6 to provide nationwide coverage. The mmWave vs sub-6 argument was initially heated as companies tried to justify their mmWave investments, but these claims soon lost traction as early deployments rapidly showed the impracticality of mmWave 5G for broad area area coverage. Industry only began demanding access to sub-6 spectrum within the last year after these problems came to light.

Since then, the debate has moved to spectrum "ownership." This debate addresses the precious bands of sub-6 that will enable nationwide 5G coverage and how to allocate those bands between government and commercial stakeholders. In the United States, government organizations like the Defense Department have traditionally been assigned exclusive access to large portions of the sub-6 spectrum to make use of its broad utility (while mmWave has potential in targeted applications, the majority of Department operations rely on sub-6). There is, indeed, significant room to put Defense Department spectrum to productive commercial use. However, industry now demands that the Defense Department vacate its spectrum positions entirely so that the government can license sub-6 spectrum exclusively to telecom providers. In theory, this would allow telecom would to operate in sub-6 without having to deconflict their operations with government. But in reality, it would both jeopardize U.S. national security and be highly impractical to implement. Most importantly, it would not create a viable 5G ecosystem in time for the United States to compete with China.

The fact is that forcing the Defense Department out of its bands of spectrum would take years to implement, require billions of taxpayer dollars, and ultimately cause critical damage to the Pentagon's global operations. Vacating spectrum is only half the battle; in order to free the desired spectrum for commercial use, the Defense Department would then have to identify new viable bands of spectrum, test systems on those bands, and then replace all relevant systems with new ones that can operate in that new location. Moreover, there is not an abundance of viable spectrum, making relocation even more challenging. Sub-6 is sometimes called the "goldilocks" of spectrum: not too high or too low but able to find a balance between the longer range achievable in lower bands of spectrum while maintaining the discrimination and capacity of higher bands of spectrum. For this reason, much of sub-6 is already crowded with a variety of radars and other systems, and would lack many viable options for relocation if defense systems had to vacate their current positions.

Moreover, evicting defense systems would not create a viable and secure 5G alternative in time to compete with Chinese offerings. Time is of the essence — China has a viable sub-6 5G solution now and is deploying quickly at home and abroad.

China has directly assigned 600 Megahertz of sub-6 spectrum to its three national carriers and is already rapidly building out networks. Since the first mover in 5G stands to gain billions of dollars in revenue and massive job creation, the United States should move quickly to reap any such benefits. The United States simply does not have the five to 10 years it would take to move defense systems out of their current positions and hand exclusive spectrum rights to commercial users.

There is a better way for the Defense Department to promote commercial wireless. Instead of impracticable option of vacating its positions, the Pentagon should share parts of its sub-6 spectrum bands with the commercial sector. Sharing spectrum could take just two to three years instead of the 5 to 10 years that vacating requires, would cost millions of dollars instead of billions, and would not put national security operations at risk. Sharing spectrum provides the strongest path forward for the United States in the race to 5G, both to gain first mover economic advantage awarded to the first mover and to provide a trusted, secure, and reliable 5G alternative to the Chinese 5G model for the global community to use overseas. Building on lessons learned with Citizens Broadband Radio Service shared spectrum, which now provides 150 MegahertzHz of mid-band shared military radar spectrum to commercial users, the Defense Department can be even more effective in sharing additional mid-band spectrum blocks.

Since the Pentagon already shares spectrum abroad, it has many incentives to pursue spectrum sharing within the United States. The Defense Department operates globally, working with allies and fighting against adversaries that are not bound by U.S. rules regarding spectrum use. The United States is only able to ensure exclusive spectrum access inside its own territory; outside the United States, sharing spectrum is the norm. For this reason, the Defense Department should embrace the prospect of sharing domestically as it already shares spectrum overseas. The good news is that the Pentagon is taking proactive steps in the right direction. For example, in the fall of 2019, it named four military bases that would host 5G testing and then assigned Hill Air Force Base as the focal point for spectrum sharing experimentation. Additionally, not only is the Defense Department participating in ongoing discussions with the National Telecommunications Information Association and Congress to share hundreds of Megahertz of its spectrum, it has subsequently taken steps to work with industry in that regard.

For all this progress, it is important to bear in mind that the Defense Department is not the arbiter of spectrum allocation. That role belongs to the National Telecommunications and Information Association and the Federal Communications Commission, which control government and commercial spectrum, respectively. The success or failure of U.S. 5G development depends on these organizations taking rapid, aggressive action in the coming months to support spectrum sharing.

The Pentagon can further support spectrum-sharing efforts by dynamically balancing the needs of different users. Rather than wait for the development of new technologies and algorithms, or implement overly prescriptive sharing rules for each defense system, the Pentagon can — in the near term — take advantage of statistical patterns of spectrum use, and coordinate prioritized operation in those bands. This dynamic allocation would reflect demands on the network over the long term and would likely be possible using modern base station equipment. By coordinating use instead of setting static rules for sharing on each discrete system, it may be possible to protect Defense Department operations while guaranteeing telecommunications vendors a baseline of connectivity and optimizing network use for both groups. The Defense Department should consider new and innovative methods of sharing spectrum now, and engage the U.S. industrial base to ensure its access to available, reliable, secure, and trusted 5G networks both at home and abroad.

Industry efforts to completely remove military access to it's current spectrum positions are damaging to national security and will not create a viable U.S. 5G option in time to compete with China. Global telecom operators are making choices about how to deploy 5G now. U.S. 5G spectrum policy should make useful spectrum for 5G deployment available quickly and create incentives for network infrastructure to be deployed rapidly. Spectrum is only useful if services are deployed within it.

In the race to 5G, time matters — not just for making spectrum available but for the broad deployment of network infrastructure across all of the United States. A solution that takes the better part of a decade to deploy will not make the United States a leader but a slow follower. As China races ahead to to deploy their 5G technology and infrastructure across the globe, the US cannot afford to sit on the sidelines. This debate should not be about a false choice — National Security vs commercial 5G deployment. Spectrum sharing technology enables both objectives to be fulfilled within timeframe that is relevant. Choosing otherwise when better options are available would be a bad deal.

Milo Medin is the vice president of wireless services at Google and a member of the Defense Innovation Board. Gilman Louie is the founder of Alsop Louie, the founder and former CEO of In-Q-Tel, and an advisor to the Defense Innovation Board. They are co-authors of the Defense Innovation Board's report on 5G. The authors do not represent the Department of Defense or the Defense Innovation Board; their views are theirs alone.

Image: U.S. Air Force (Graphic by David Perry)

Putting Wi-Fi 6 to the Test

Putting Wi-Fi 6 to the test: How fast can it speed up your home devices?

Originally Appearing in USA Today, Mike Feibus, December 18, 2019

If you're like many Americans, your home broadband connection is much faster than your cellular service. And you're convinced it's the other way around. The reason for the perceptual mismatch isn't raw data rates, which are typically several times faster on broadband. Rather, it's because traffic on the slower service – that is, cellular – is much more intelligently managed. So before you pile on the cable company, you should know that this time, at least, it isn't really their fault. It's bad Wi-Fi.

Wi-Fi 6, the latest-generation wireless networking tech, is billed as the cure for crowded home networks. Just now coming to market, Wi-Fi 6 is packed with sophisticated management features designed to keep all the devices on your home network humming. So in theory, at least, the more computers, smartphones, tablets, thermostats and voice assistants you have on your network, the more Wi-Fi 6 should be able to help.
To put that to the test, I'm evaluating Netgear's new Orbi Wi-Fi 6, which appears to be one of the first whole-home mesh network available with the latest-generation wireless tech.

Is broadband really faster?

Yes, it's true: U.S. broadband speeds are more than 3.5 times faster on average than mobile internet, according to Ookla's Speedtest measurements. Yet a recent Deloitte survey found that 34% of Americans believe their cellular data service is faster than their home connection, while only 21% said that home was faster.

Credit LTE for that. The fourth-generation cellular technology is packed with management features to ensure all our smartphones, tablets and smartwatches are getting the data they need when they need it. Next-generation 5G cellular promises even better management for seemingly instant responsiveness – and much faster connection speeds, to boot.

It's a much different story at home with your broadband internet connection. Internet speeds are already fast – and getting faster. At the same time, though, the number of devices is growing. Voice assistants, security cameras, connected thermostats and smart deadbolts all are clamoring for attention from a Wi-Fi network that was built to feed loads of bandwidth to just a few PCs.

Wi-Fi 6 Command and Control

Wi-Fi 5, or 802.11ac, was the first generation of Wi-Fi developed with an eye toward managing traffic. And Wi-Fi 6 takes that much further. Wi-Fi 6 greatly enhances a Wi-Fi 5 feature called MU-MIMO, for example, which boosts speed and reliability. Wi-Fi 6 also incorporates a 4G/5G cellular technique called OFDMA, which lets the router slice up capacity according to demand.

That way, a light bulb listening for an on/off command would get a fraction of the spectrum than, say, esports streaming on a game console. Altogether, the new and expanded features enable Wi-Fi 6 routers to manage 100 devices at once.

But there's a catch

The benefit you'll see by upgrading to Wi-Fi 6 isn't just about how many connected devices you have on your home network. It also has to do with how hip those devices are to the Wi-Fi 6 community concept.

Older devices, for example, won't know they can share Wi-Fi spectrum using OFDMA. So they'll just take an entire channel, whether they need it or not. And they won't know they can get their performance-minded tasks done in no time with MU-MIMO. So they'll stay on the network longer, adding to congestion.

The silver lining here is that a Wi-Fi 6 router installed today will keep getting better as you upgrade your electronics. The latest smartphones and laptops are already moving quickly to Wi-Fi 6. Unfortunately, the same can't be said for locks, cameras, thermostats and other smart devices. Many of those ship with Wi-Fi 4, or 802.11n.

Bottom line

If you have a Wi-Fi 4-capable router and at least 10 devices connected to it, expect to notice a dramatic improvement in network performance with a router like the Orbi Wi-Fi 6. But even if you bought a Wi-Fi 5 router a year or two ago, and then went all-in on the connected home, you should see still some benefit today. Wi-Fi 6 does have some management features that benefit any network, like the ability to limit the drag on network performance from older devices.

Which is what I've seen so far with Orbi Wi-Fi 6. Setup was easy, even with more than 30 connected devices in the house. Network responsiveness at the far corners of the house is improved even over a year-old Orbi system.

Thus far, though, the biggest benefits I've seen are improvements in lag times with the apps that control the smart stuff. I find those seemingly interminable delays to be among the most annoying aspects of the connected home phenomenon. I hate – hate! – sitting in the driveway waiting for those apps to get to the point they'll let me turn on the cameras and lock the doors. The lags are better now with Orbi Wi-Fi 6. But they're still there.

That could change over the long haul, as more devices are equipped with the latest wireless tech. One day, in fact, Wi-Fi 6 could be just the thing to boost home network performance to the point we all understand that our faster internet connection is actually faster than the slower one. But if that happens, don't worry. By that time, I'm sure we'll have something else we can blame on the cable company.

New report: “Wi-Fi is better than cellular”

Originally Appearing in Wi-Fi Now Events Blog, Claus Hetting (Wi-Fi Now CEO & Chairman), November 6, 2019.

A couple of weeks ago Wi-Fi Now Events reported on a new mobile services study released by mobile analytics company Tutela – but we may actually have missed the importance of one of the findings: Unlicensed band services in the US (by MVNOs) outperform cellular, which runs on billion-dollar dedicated bands. That consequential finding was yesterday clearly articulated by consultant and analyst, Dr William Webb on LinkedIn.

Wi-Fi (unlicensed) bands are free and can be used by anyone, while mobile broadband spectrum often costs billions of dollars and realistically can only be acquired by huge telcos. The argument in favour of spending billions of dollars on spectrum – and in turn allocating more licensed spectrum to mobile broadband – has always been that the quality of mobile services (as consequence of exclusive access to bands) is better than anything running on unlicensed bands.

Turns out that the assumption is false – and that this is now documented.

"Wi-Fi is better than cellular," says Dr William Webb.

The basis of the findings is recent report by mobile analytics company Tutela. The consequences of the findings are articulated in a recent LinkedIn blog post by analyst, consultant, and former regulator at Ofcom UK, Dr William Webb.

In the blog post Dr Webb says the following: "…the performance of Wi-Fi is seen further into the Tutela report, where they provide performance data for Wi-Fi hotspots alone. Altice achieves 87%/96% while Xfinity gets 86%/97%. Both of these are substantially better than the average of the MNOs." (for more about the methodology and use of percentage scores, see the report itself).

The conclusion is that "Wi-Fi is better than cellular," Dr William Webb says.

Regulatory decisions on 6 GHz are approaching

The report's findings and Dr Webb's analysis are timely and consequential as regulators are approaching final decisions on releasing the 6 GHz band to unlicensed use. The FCC initially voted strongly in favour of releasing 1.2 GHz of spectrum in 6 GHz to unlicensed use (Wi-Fi) but have recently been pressured by mobile industry giants, including T-Mobile, Ericsson, and Huawei.

Some mobile industry giants contend that the upper part of the 6 GHz band should be allocated for cellular use, while Huawei and Ericsson are attempting to introduce a new ITU work item on 6 GHz for mobile services, which could delay the international expansion of regulation on unlicensed 6 GHz bands by several years.

Quality metrics for Wi-Fi services delivered by US MVNOs. For all the details click on the image to see the Tutela report. Source: Tutela.

As the Internet of Things and Proptech Takes Off, Red Bison Provides Extreme Connectivity as a Service

Originally Appearing in The Registry, October 14, 2019. Author: Meghan Hall

Technological innovation has disrupted the commercial real estate industry in a myriad of ways, from how tenants search for homes, to Blockchain to virtual reality. Increasingly, technology is also finding a home within the built environment, inside of buildings and infrastructure previously deemed as non-technical. Proptech companies can now provide specific data points on everything from energy efficiency to how tenants utilize their property on a day-to-day basis. By many accounts, technology's impact on the commercial real estate industry has been largely positive, and one company, Seattle-based Red Bison, is striving to help landlords, property owners and managers recognize the impact and importance of technological integration into real estate assets through its in-building networks.

"There's a tremendous amount of opportunity and activity in this space right now," explained Kip Spencer, original co-founder of, and now executive vice president at Red Bison. "Office buildings are becoming supercomputers. Buildings originally primarily functioned as buildings, but now there is incredible data that is eyeopening, and it is this huge open space that nobody has really seized. I think what we are doing is really disruptive relative to this industry."

Red Bison, founded in 2014, offers Extreme Connectivity as a Service through its high-performance fiber optic network. According to Admiral William Owens, Red Bison's cofounder and executive chairman, the idea to form Red Bison arose after an extensive Naval career and years of industry experience acting as chairman of the board of CenturyLink for ten years and as CEO of companies such as Nortel and Teledesic. Through these avenues, Owens was exposed to advanced communications networks,
something he generally found lacking in buildings throughout the United States.

"I have been very concerned over the years as to why the United States is failing in technology," said Owens, who pointed out that the United States ranks 37th in the world for mobile connection speeds, thereby impacting digitization of certain industries, including commercial real estate. "Our buildings do not run as fast as other nations, like South Korea, Hong Kong, some parts of China, or like some of the smartest cities in the world, like Kigali, Rwanda…So with the realization that we are not doing too well in
the United States, and that we need to do better with finding ways to be engaged with the large structures in our country, and seeing lots of companies that have the ability to do this, we started Red Bison about 5 years ago."

In many other countries aside from the United States, connectivity, where wireless internet has almost attained the status of a public utility, countries invest heavily in bandwidth and wireless infrastructure.

"In other countries, billions of dollars are spent from the government on research and development and support to companies that do these kinds of things, to make sure that companies are keeping up with the innovation of the world," continued Owens.

Despite the United States' lag in broadband capacity and technologies, Spencer noted that companies and property owners are eager to learn more about Red Bison's offerings and the opportunity to enhance their building performance—and also increase employee productivity. Because of tenant and market demand, such technologies will quickly transform from the exception to an industry standard.

"Brokers are telling me that they have got clients that go on tours, the tenant is a tech firm, and they walk in the door and do a speed test, and will choose assets [based on that]," said Spencer. "That is real; that is happening, and that is going to happen a lot more. So, not only do you want to make sure the asset remains strong from a tenant attraction standpoint, but it will be a requirement."

Spencer and Owens estimate that the value of Red Bison's network, for a 500,000 square foot asset, is about $400,000. However, Red Bison provides the capital for the installation of the network while building a working relationship with building owners and tenants, who maintain ownership of the data that Red Bison's network can collect.

"[Other networks] were piecemeal; there was no ubiquitous, single, high-quality network in any building," said Owens. "And just like our bodies need a nervous system to function, buildings need a fiberoptic nervous system to make a big difference. So, we decided that is our business model…. It is not too cheap to build out a fiber network, but if you have that nervous system, then everything will change for the building. All of
the sensors that go on that network, the security systems, there's huge economy for the building owner."

The goal is to provide hundreds of gigabits to every user in the building, not just to the building itself, explained Owens. Doing so can not only increase productivity, but also serve as a sound basis for different proptech companies.

"There are hundreds of proptech companies out there, and we see ourselves as not just a propetch company, but we want to energize all of the proptech that is available because we have the network to bring it all into the building," said Owens. Red Bison, like other proptech companies, can also provide additional services such as security management and machine learning capabilities.

Red Bison is currently working on several projects in the San Francisco Bay Area that will be delivered in the next several months. The firm has also partnered with CBRE as a preferred provider. Owens hopes to expand the company's reach across the country, catering not just to major technology companies, but smaller businesses in less urban environments looking to improve their efficiency.

"We are really trying to be selective out of the gate here to work with players that really understand [the product], going in at the top level and developing a true partnership structure," said Spencer. "…That is our ultimate goal here, to provide the highest performing asset possible. And if you start with that, it is amazing where the conversation goes."