Beautiful Old Gateways, I have seen a few
Many years ago I spent hours each day discussing gateways. Working for a leading mobile operator allowed me the opportunity to speak with businesses and government departments about their security and remote access needs and in turn propose solutions that would meet their needs and usually make their job a little bit easier.
This was the emerging era of mobile cellular data, there was lots to learn and lots to experiment with, it was an amazing time to geek out on mobile. I had just come from working for a well known laptop manufacturer and had been playing with some new tech code-named "bluetooth" which always got a giggle from my colleagues. The closest thing to wireless connectivity I had seen to that point was an IR port on laptop and phone pointed at each other with a dialup cellular circuit switched data call, it worked but boy was it clunky, things moved on rapidly.
I was using cloud services back then, prior to cloud, in the form of Blackberry and was introduced to the concept of gateways. Even back then the businesses I worked with would question the privacy of gateway based services such as the Blackberry relay, if you were around back then you probably remember the "is it store and forward" conversations. Aside from the privacy questions another topic was quite common and centered on the reliability of the gateways, what happens if the gateway goes down? We all found out in 2011 - Uh oh remember this?
The underlying technology that connected a blackberry to the RIM relay is referred to in the mobile operator world as a private APN. For the non-technical this is a direct connection between the mobile operator and a private endpoint. When a mobile device connects to a private APN all of its data traffic is sent to that one endpoint rather than to the public Internet. That endpoint then delivers specific services to the mobile device, it is an architecture that worked great, it still has its place now in certain niche deployments. Over the years I had the pleasure of working on many private APN based deployments with various customers and they were a great tool to have in my arsenal of mobility solutions. And then the music stopped. You see the mobility world moved on and most services became highly mobile friendly. For example Microsoft exchange used to be quite difficult to access remotely from a mobile phone. IT departments used VPNs and APNs to help with security and remote access but these days it all just works out of the box with most businesses providing access over the public Internet minus VPN's/APN's/Proxies.
Gateways became popular for other reasons during the explosion of 3G and 4G data, data control! Pointing all enduser mobile data toward a gateway allowed the business to apply filters to traffic and block many of the worst offending data-hogging apps such as streaming video and audio. The biggest issue with this architecture is that your company is now acting as an Internet Service Provider for your employee mobile devices. All Internet traffic from your mobile devices comes in to your business and then goes back out, commonly referred to as hairpinning, it is less than efficient, can be a poor experience for the enduser and costly for the business. It is one of those solutions that sounds great but in practice it generally doesn't scale well. Luckily a number of solution providers stepped up to the plate and, for a fee, would take your mobile user traffic to their gateway and apply filters at that point, there were some real innovators at this point. Some would go as far as to compress your data at the gateway and reduce the overall data your endusers would consume. Unfortunately time moves on, compression is pointless now with the surge of https making it impossible to see the data and so making impossible to compress it.
Some key facts that should be noted:
- Gateway based solutions take enduser mobile data to their network and inspect it
- The gateway provider is now acting as your entry-point to the Internet
- Your mobile devices may be in a different country than the gateway their data is flowing through
- Geographic distance between the gateway and your endusers will cause latency
- If the gateway goes down your Internet traffic may be impacted
- Upgrades to the mobile network may impact service 3g to 4g to 5g etc
- Some services only see http traffic
- Some services dont see WiFi traffic (huge security hole)
- Some services have hidden charges - extra cost for Wifi for example
The biggest challenge to providers of gateways is cost. Simply put if you are dragging Internet traffic through your network it gets expensive and with 4G/5G that traffic is exploding - one hour of 4k netflix will consume an average of 7GB of data. Providers of gateway based mobile data control services have attempted to wrap a security story around their data control capabilities or partnered with MDM providers to bolster their offering. Security is a huge concern these days and if you are inspecting traffic for data-hogging applications then it is a great opportunity to also inspect traffic for security issues. This poses another challenge in the gateway world, a huge challenge, WiFi.
WiFi represents the vast majority of enduser traffic on mobile devices. Generally a user will use WiFi if they are updating apps or an operating system or indeed if they are watching a movie. If you want to offer mobile device data security you must also inspect WiFi traffic or you are ignoring the majority of traffic from the device and creating a huge blindspot. If that traffic needs to be sent to a gateway for inspection your costs, as the gateway provider, escalate rapidly and ultimately the customer will have to pick up the bill.
The biggest challenge to gateway providers is the sheer investment mobile operators are making in 5G. With one GSMA study finding that USA mobile operators will invest $100 Billion in 5G by 2020 it is hard to imagine that any gateway provider is going to build a network as robust as your existing or future mobile operators network, effectively gateway providers will be the weakest link in the mobile data chain - your enduser data will not be any more secure, fast or free of latency if you are using a third party gateway provider, it will likely be the opposite.
Corrata has a unique zero-gateway architecture that addresses the challenges faced by businesses who wish to secure and control cellular data and WiFi. A solution built for modern 4G/5G networks and the high powered mobile devices that connect to them. Corrata has recently been voted European Cybersecurity Startup of the year 2018. For more information contact me directly.