Google is at it again, and you don’t have to look very hard to find press coverage on the “coming soon!” next edition of Google Glass. Here’s one to orient you in case you’re not caught up yet. Beyond “Enterprise Edition”, I’m also seeing it referred to as “For Work”, and even 2.0. Let’s see which one sticks… With the words “enterprise” and “for work” being associated with the new version, I’m here to tell you that trouble may be brewing for the WLAN industry, for clients, and for those who run wireless networks. I hope I’m wrong on this. But regardless, there’s a big fat stinky elephant in the room.
Let’s zoom in on some of what’s getting people all excited about New Glass. This screen scrape comes from the above-linked article:
That the new unit has dual-band support (2.4 GHz and 5 GHz) on Wi-Fi is indeed a step forward. But of the dozen of so articles I looked at on New Glass, I see no mention whatsoever that this model will support enterprise wireless security (based on 802.1X). The first one did not, which brings us to a number of points of concern:
- The fact that “IT journalists” can look right past wireless security when they get all gushy about new devices is troubling. I’ve ready cheesy articles about Original Glass being a wonder tool in the operating room (kind of like the worshiper/journalist who declared Chromecast as being perfect for enterprise board rooms far and wide). Evidently if the product is COOL, wireless security is irrelevant to many writers.
- The once-great Wi-Fi Alliance HAS been security-focused in the past. They came out with pre-802.11i security measures to plug holes in early 802.11 standards, and did wonders for the industry by advancing the message that WLAN very much can be as secure as wired networks if designed and implemented right. But somewhere the Alliance backed off, and became an advertising agency for it’s members rather than a steward of secure WLAN. Rather than beating the drum for clients that can work at home AND in the enterprise setting where many migrate to, the recent message is basically “wireless is good, buy more wireless.” Ugh. We need cheer-leading for SECURE wireless, not just wireless, now more than ever.
- When Glass 2.0 hits, it will have a line of wannabe users stretching out the door, from all professions. It’ll spark as many “wouldn’t it be cool to use it like THIS…” ideas just as the original did. Users then didn’t care about WLAN security, and they won’t with 2.0 either. That should be Google’s responsibility- if the powerhouse company wants it used At Work, the device needs to be made to fit into Work Wireless. It can’t demand that we all change our business WLAN environments or build one MAC-bypass portal after another because WLAN security was left out. Where Enterprise WLAN admins can’t easily put one-offs on the WLAN (and original Glass was very much a one-off), users get pissed off. This many years into the wireless thing, the industry ought to be past the fragmented state of client device capabilities.
- Those of us in the business of secure wireless are trained that security counts (read CWNP’s Certified Wireless Security Professional course materials for reference). One common mantra is “if clients can’t do enterprise security, replace them with ones that can”. But we’re getting barraged with clients that can’t do enterprise security anymore. One side of the industry is not talking to the other, and the current dichotomy is not sustainable.
- If there is a delineation between “consumer” and “enterprise” anymore from the client device perspective, it’s getting harder to find. Whether it’s the Amazon Echo, Google Glass, Apple TV, Chromecast, wireless weather stations, or printers and projectors, devices used at home 100% will find their way to work. In the current fragmented client space, we frequently have to violate our own policies to dumb down network security to accommodate the devices that were built on the lazy/cheap. Again, this is unsustainable.
Back to the new Google Glass. I don’t know that it won’t support enterprise security. But I really don’t expect it to. If that’s how Google plays it, well then shame on them. But one fact prevails- you can’t have low-security devices on high-importance networks and not have eventual breaches as a result. I’d love to see Google draw a line in the sand here, and say “Glass 2.0 is 802.1X capable!” and then play that up big-time to educate the masses on why that’s important.
And, I want a pony.