Wireless carriers exploit firewall bypass

A new and some say troubling trend is emerging among wireless carriers who are enabling users to lift data remotely from corporate networks without IT oversight, according to industry observers.

Dissatisfied with the slow pace of corporate adoption of wireless, carriers are taking a new route, going directly to employees and bypassing the IT departments.

In the second quarter, Cingular Wireless LLC will follow Sprint PCS Group's lead to become the second major wireless carrier to give users access not only to e-mail, calendars, and contacts residing on the network but to just about any file on any directory, as long as a user's desktop or a delegated co-worker's desktop is active, according to Cingular officials.

"It is sneaking into the firewall, but sometimes you get to the IT department by showing them how many different individual users are already using [a technology]," said John Kampfe, director of business marketing at Atlanta-based Cingular.

Jason Guesman, director of business marketing at Kansas City, Mo.-based Sprint, said that, although Sprint's Business Connection Personal Edition may cause consternation with IT departments, the company does offer a corporate solution to ease concerns.

Behind Cingular's as-yet-unnamed service and Sprint's Business Connection Personal Edition is Redwood City, Calif.-based Seven, which offers its System Seven architecture in two flavors: one for IT departments and another for individuals.

The Seven solution also supports LDAP access, said Bill Nguyen, president and co-founder of Seven. "It makes the cell phone a wonderful extension to the PC," Nguyen said.

Seven establishes an outbound connection and gains access by using Port 443, the same Web link used to surf the Web and send email. The System Seven server registers itself as an available resource, allowing queries back to the desktop. Company officials insist that System Seven conforms to the highest levels of transport security.

But unsupervised port access can be harmful, analysts said. Network intrusions and lost or stolen devices could lead to information loss or theft, said Peter Firstbrook, an analyst at Stamford, Conn.-based Meta Group Inc. "At the very least, companies need to acknowledge the issue. They need to find out what people are doing and put a policy [or device restrictions] in place," Firstbrook said.

But, as others debate, Seven is close to signing up Verizon Communications Inc. and AT&T Wireless Services Inc., industry sources said. Officials at Seven declined commenting on the pending deals.