Over the past few years, Satellite Wi-Fi Hubs (commonly referred to Satellite Wi-Fi Hotspots) have become the long-awaited answer to communicating with off-the-shelf smartphones (iOS & Android) over satellite networks. The major satellite network providers like Inmarsat, Iridium and Thuraya offer low-cost portable Wi-Fi hubs that enable data connections globally. Leveraging voice over IP and messaging apps, end-users can now easily communicate from anywhere around the globe over satellite networks by pairing smartphones and Wi-Fi Hubs.
The attractiveness of this solution for enterprises operating offshore, or in remote locations, is readily apparent-a one phone vs. a two phone solution (a smartphone and a satellite phone) and a shared data plan supporting diverse devices including smartphones, tablets, and laptop and multiple users. However, satellite networks provide little or no security; therefore, enterprises face the tradeoff of productivity vs. privacy. Satellite communications of sensitive information face a high risk of being hacked due to both weak satellite network security and widely available & low-cost satellite intercept systems.
Typically, network layer encryption is adequate protection against satellite communications threats; however, many satellite networks don’t come with support for native network layer encryption, according to a report from The Hacker News, which details how a Russian hacker group is exploiting satellite network vulnerabilities. And, when satellite network providers do support network layer encryption, Dark Reading reports that many widely used satellite terminals have weak encryption algorithms (e.g. keys have been compromised), and other design flaws, leaving communications exposed to interception.
At the same time, the capability of satellite interception technology, and the number of products available, has greatly expanded. The cost of these systems, due primarily to software-defined radios, has fallen dramatically – to less than $1000. Lower cost and wider availability, combined with greater portability/mobility, make it easier than ever to intercept communications running over satellite networks.
As a result, any mobile device connecting to a satellite network through a Wi-Fi hub runs the risk of being intercepted and, consequently, can also easily be “geo-located.” Bad actors are able to prey on unsuspecting enterprises and end-users potentially exploiting strategic and/or sensitive information.
So, what can enterprises do to protect corporate communications? Enterprises operating offshore, and in remote locations, cannot rely on satellite network providers, or Wi-Fi hubs, to protect sensitive communications. Enterprises need to protect their own communications; however, encryption alone is not enough.
In addition to the highest-grade encryption, secure communications solutions for enterprises must have four crucial characteristics: Control, Accountability, Ease-of-Use, and Flexibility.
Enterprises need tight control of who uses the encrypted communications network and to whom each user is authorized to communicate with; they must be able to provision and de-provision users instantly. In addition, centralized management of users and the ability to create closed user groups are both important features in proper control of encrypted communications.
For compliance and accountability, an enterprise must be able to dictate, and easily set policy for, which metadata is saved and which metadata is wiped.
The enterprise must have the option to deliver secure mobile communications through a hosted service or from software installed on-premise depending on the enterprises security requirements.
The right solution must be easy to use, deploy, and administer. If the secure mobile communications app is not easy to set-up and use, employee adoption is likely to be low. Furthermore, administrators must be able to manage users from anywhere at any time, and provision/de-provision users instantly.
Enterprises cannot rely on satellite network providers to protect corporate communications due to weak satellite network encryption, low-cost interception technology, and sophisticated hackers. Enterprises must take responsibility for securing corporate communications containing sensitive/critical information. Before deploying a secure communications solution, enterprises should consider the four critical characteristics noted above in combination with enterprise-grade encryption to deploy a best-of breed solution. Enterprises should purchase such a solution from a Trusted Source that can support, as well as properly protect, sensitive enterprise communications.