Vendor Spotlight Template - Symantec

8 downloads 193 Views 253KB Size Report
As iOS devices first ... to security vendors and systems management vendors. ... While the OS/device diversity and compl
I D C

M A R K E T

S P O T L I G H T

Mobile Enterprise Management and Security: The Impact of the Consumerization of IT January 2013 Adapted from Worldwide Mobile Enterprise Management Software 2012–2016 Forecast and Analysis and 2011 Vendor Shares by Stacy K. Crook, Stephen D. Drake, and Ben Hoffman, IDC #236835 and Worldwide Mobile Enterprise Security Software 2012–2016 Forecast and Analysis by Stacy K. Crook, Charles J. Kolodgy, Sally Hudson, and Stephen D. Drake, IDC #233664

Sponsored by Symantec As the trends of consumerization of IT and bring your own device (BYOD) continue to expand, the challenges enterprises face in terms of managing and securing mobile devices and information increase. Along with data security and compliance issues on the corporate side, enterprises must contend with privacy concerns among employees who are using personal devices to access corporate data and applications. In response to these dual demands, there is a growing convergence between the mobile device management (MDM) market and the mobile application management (MAM) market. As a result, IDC has defined a new market called mobile enterprise management (MEM) software. According to IDC, worldwide MEM software revenue will grow from $444.6 million in 2011 to $1.8 billion in 2016 at a CAGR of 31.8%. This Market Spotlight discusses the trends propelling the increasingly important market for MEM software and describes some of the technologies that are available in this growing market.

Introduction Over the past few years, mobility has had a tremendous impact on enterprise IT. As iOS devices first started to infiltrate the enterprise in the 2009 time frame, organizations began to realize they were going to need additional solutions to manage the reality of multiplatform computing. This new world requires management and security platforms that are able to handle multiple operating system (OS) types and that are appropriate for both corporate-owned and BYOD device deployments. In fact, IDC believes that 68% of all business-use smartphone devices worldwide were employee owned at the end of 2012. While remote wipe/lock has been a standard feature of MDM solutions for some time, security traditionally took a backseat to inventory management, configuration management, and other features typical of a PC management solution. Since consumer devices entered the enterprise, information security has become much more important, and a new type of mobile management solution is needed that addresses the various challenges presented by this trend. Consequently, the market has been flooded with new entrants ranging from pure-play MEM vendors to security vendors and systems management vendors. As more and more companies have adopted BYOD as a standard practice, a new type of solution has begun to emerge that focuses on managing the corporate footprint of information on the device as opposed to managing the entire device platform. Called mobile application management (MAM), this segment of the market has brought with it a slew of new companies focused on this space. However, many of the companies that got started in the MDM space have also added MAM capabilities to their products.

IDC 1441

While the OS/device diversity and complexity brought on by BYOD create a bevy of security challenges, some of the most complicated pieces of the equation are not technology issues but issues that fall in the realms of liability, ownership, and privacy. Consumerization is not only about devices but also about other consumer technologies that end users want to leverage for business. For example, as users have become accustomed to superior application experiences on their mobile devices, they won't appreciate being forced to use kludgy business applications that don't meet their needs. Given the breadth of productivity apps in the app stores, mobile workers can easily find workarounds if their company does not offer them suitable mobile working tools — but the security paradigms of these apps typically fall short of IT expectations. Therefore, companies that plan to deploy BYOD strategies must think about meeting not only the security and compliance requirements of IT but also the needs and preferences of end users. It is important that companies take the time to think through all the possible outcomes of BYOD, develop strict policies around any situation that can possibly get into the gray area, and then enforce those policies via technology where possible.

BYOD Trends Require New Approaches to Security In a recent IDC survey, nearly 60% of respondents reported that mobile technology has become a driver of increased spending on IT security management. In another survey in which questions were asked specifically about top security concerns with tablets, respondents stated that mechanisms to control access, monitor for violations, and secure the data are the top priorities. Although these considerations exist for all mobile devices, a number of additional security concerns must be taken into account when companies allow users to access corporate information on personal devices. Data Loss One key area of concern is data loss. For example, while tablets have made mobile working more enjoyable with their mix of portability and larger screen size, the lack of basic office tools along with missing native file systems has often required users to find workarounds to their normal desktop processes. The ubiquity of cloud services and applications available for mobile devices makes it easy to find these workarounds — secure or not. A common example is a user who saves an attachment from her corporate email box into her personal Dropbox account. Now this attachment — which may contain sensitive company data — is sitting in a public cloud. Unfortunately, IT has no visibility into this action and therefore has no control to prevent it from happening again unless IT implements an enterprise solution to secure file sharing on mobile devices. Granular App Security Although enterprises need to manage risk, it is imperative to find solutions for BYOD devices that offer a balance between user privacy and corporate responsibility. While tools that allow companies to manage mobile devices are still needed, especially for corporate-owned devices, many companies are now looking for tools that will allow them to manage only the corporate footprint of information on the device. Driven by the need to more granularly manage and secure corporate applications on employee-owned devices, vendors are now offering solutions that allow companies to provide security policies for individual apps. This approach, sometimes described as "app wrapping," allows companies to apply very specific policies to individual applications such as password protection, VPN tunneling, geofencing, and advanced encryption, among others. While there have been solutions to manage and secure a container of applications in the past, these solutions take that a step further so that instead of the same rules being applied to all apps within that container, companies can pick and choose the various functionality needed by app. These kinds of solutions are attractive in BYOD scenarios because IT manages and secures only apps and information that are important to the enterprise instead of having control over the user's entire device.

2

©2013 IDC

Identity and Access Management In addition, IDC has recently seen a greater focus on identity and access management (IAM) technologies across the mobility spectrum. Enterprises need ways to make sure that only devices that should have access to the corporate network do have access and that the people using those devices are actually employees of the company. Thus, authentication to both the device and the application is important. In the case of BYOD devices, corporations may only require users to authenticate to the application. For mobile apps containing highly sensitive information, corporations may require additional layers of security, such as two-factor authentication. In addition, integrating mobile applications into a company's broader IAM infrastructure offers the ability to provision and deprovision applications and data on personal devices in an efficient and compliant manner. Access control technologies for mobile may also include data loss prevention (DLP) and security information and event management (SIEM). Even biometric solutions are becoming available to address these issues. Threat Management A personal device will contain a number of consumer apps downloaded from third-party app stores — which may or may not have good security controls in place — and if a consumer app compromises the device platform, enterprise apps running on that same device may be compromised. While malware on mobile devices has not been a major security concern for enterprises as of yet, Android mobile malware has spiked along with the OS's popularity. So, as Android gains more enterprise acceptance, malware will be a growing concern for companies. Apart from apps, Web browsers on mobile devices can provide another entry point for malware attacks on corporate devices. It is clear that mobile devices introduce a plethora of new concerns for the enterprise to deal with, so an integrated, layered approach to mobile management and security is required to effectively combat these new threats. As MDM solutions evolve to encompass features for mobile device management, the technology increasingly can be deployed as part of a holistic approach to mobile security.

Definitions The MEM software market represents a merger of MDM enterprise software and MAM software markets and includes products that offer standalone MDM, standalone MAM, or combined MDMMAM functionality. An MDM solution includes many of the standard features in PC management solutions as well as additional functionality that addresses the unique needs of mobile devices such as smartphones and media tablets and, increasingly, other areas (i.e., M2M modules or printers). MDM functionality typically includes device provisioning and managing configuration settings, inventory/asset management, software distribution, remote wipe/lock, remote control for systems diagnostics, policy/compliance management (encryption management, device posture, etc.), authentication and certificate management, real-time device monitoring, location information, GPS breadcrumbing, and reporting and analytics on devices. MAM refers to a solution by which specific mobile applications can be managed, secured, and distributed by IT organizations and typically allows for enhanced policies to be applied to individual applications. MAM solutions can either supplement MDM functionality or stand alone, and they typically include some combination of management of the application life cycle and granular security management and corporate policy control of applications and content. Mobile content management solutions are often offered alongside MEM solutions. Mobile enterprise content access and collaboration solutions offer IT a secure way to provide access to files/content/data sitting in various data stores to mobile devices. Such solutions may also provide mechanisms to collaborate on this content. These products allow IT to manage who gets access to

©2013 IDC

3

what information and may tie in with other back-end or mobile-specific policy systems. Preventing data loss is a key goal of these products, and they do so by providing IT with a mechanism to control data flow into and out of the secured app. These solutions assist with compliance and governance by offering reporting on user activity with mobile content. Two other key mobile enterprise security components are mobile threat management and mobile identity and access management: 

Mobile threat management includes antimalware (which includes antivirus and antispyware), antispam, intrusion prevention, and firewalls for mobile devices.



Mobile identity and access management (MIAM) solutions provide authentication and authorization technologies (PKI certifications, SSL certifications) for transactions conducted from mobile devices and that support network access for mobile devices. Various MIAM technologies may be included as a component of a MEM solution or stand alone.

Benefits Companies that deploy MEM and security solutions often look to realize the following benefits or gain the following capabilities:

IT Benefits 

Meet compliance mandates



Avoid data loss and enhance data protection



Prevent malicious apps from gaining access to sensitive data on devices or corporate networks



Prevent compromised devices from accessing corporate networks



Provide granular role-based access to information — and hold users to the same level of security practices across all of their devices



Set different levels of security/policy by app type



Manage device and application inventories, life cycles, and policies in a centralized way



Integrate policies with file/document management



Streamline the security of mobile devices, apps, and data

End-User Benefits 

Offer mobile employees the ability to work anytime and anywhere on any device — most companies will not feel comfortable deploying mobile applications without a MEM framework in place



Allow mobile workers to use their personal devices for business without sacrificing privacy



Leverage enterprise application stores so that businesses have a streamlined way for users to access business applications and know that they are always working with the most current versions and data



Give mobile workers peace of mind that the applications they are using are secure and that they won't be compromising security while working on the device of their choosing

4

©2013 IDC

Considerations IT organizations are being approached by a range of different vendors claiming to have solutions to BYOD. However, because enterprise security and management architectures vary from company to company, there is no one-size-fits-all solution. Understanding where the risks are will help organizations figure out which approach to mobile security works best for them. The mobile market is dynamic, and as a consequence, the MEM and mobile security landscape is complex and confusing. The vendor landscape itself is quite broad, with new companies and incumbents constantly entering the market. With rapid consolidation, it may make sense to select vendors with a solid track record and a promising future. At a high level, the MEM market can be segmented into the following categories: 

Systems management and security vendors. These players tend to pursue one of three strategic approaches: extend the existing device configuration/management offering designed for desktops to support handheld devices, acquire a pure-play MEM vendor and gradually integrate the MEM solution with the existing desktop solution, or provide MEM capabilities through a partner solution.



Mobility companies and others with mobility platforms. These vendors offer mobile enterprise application platforms (MEAPs) or devices or other mobile software where MEM is either a core aspect of the platform or a component that can be added on.



Pure-play MEM ISVs. These vendors almost exclusively address the challenges of managing a mobility deployment.

Dealing with consumerization is tricky because it requires organizations to undertake a comprehensive analysis of both technology and end-user needs. While companies are being offered a range of new solutions to help them tackle these issues, the breadth of options can be confusing. Another challenge is the fast-moving nature of the mobility market, which means that an organization's requirements may look quite different within a 6- to 12-month time frame. IDC suggests that companies take the time to do a deep analysis of their current and future mobile needs to develop a mobile enterprise strategy that helps them assess where the potential security risks may lie. Once those needs are determined, enterprises should have a better idea of which vendors offer road maps that meet their needs today — and tomorrow.

Market Trends The trend toward consumerization of IT is moving forward at a rapid pace. Mobile device adoption is moving very quickly, and IDC expects this proliferation to continue, especially as price pressures increase and the devices become more accessible to more people. As the number of mobile endpoints with sensitive corporate data increases, so too does the need to manage them. While mobile device management will continue to play an important role in mobile enterprise management, however, consumerization has moved the focus of the market from being device centric to being app, data, and user centric. As employees increasingly expect to be able to work anywhere on the device of their choice, managing the corporate footprint of data on the device becomes essential. Thus, a consolidation has taken place within the mobile management market whereby a single vendor may look to offer mobile device, application, and content management. Often, the MDM and MAM components are tied together in a single offering. While the device and application life-cycle components of these solutions are key features, security is now a driving force of these deployments. By enabling consumerization with MEM technologies, enterprises are also able to support security initiatives such as prevention of data loss and adherence to compliance mandates. ©2013 IDC

5

IDC has seen MEM solutions continue to take on a larger role in providing identity services, from both a device perspective and an application perspective, in reaction to enterprise needs. MEM solutions often provide mobile certificate management that can tie into existing certificate authorities as well as Active Directory (AD)/LDAP solutions. Mobile application management solutions can look to provide single sign-on capabilities for mobile apps to simplify the end-user experience as well as tie into these directories. As enterprises look toward developing cloud strategies in conjunction with mobile, it is becoming increasingly apparent that identity, protection, and trust must be intertwined at the core of these plans. Technologies in the strong authentication space are being evaluated in a new light. Once used only in high-level, high-risk situations, data encryption is increasingly necessary at all levels of a transaction for many organizations as they open up to distributed computing and a wider variety of mobile devices and remote access scenarios. Furthermore, new end-user behaviors that come along with consumerization are driving needs around mobile management and security. End users want to be able to procure their own applications from consumer application stores and leverage those applications for business use, but the security paradigms of these app stores and apps themselves are not enterprise grade. Enterprises must do a thorough evaluation of end-user needs for mobile working or risk that those users will find their own (nonsecure) solutions to their problems.

Conclusion While mobile devices have always posed some level of risk to the enterprise because they are more easily lost, the trends of consumerization of IT and BYOD have significantly increased the potential security issues that can arise. The fact that BYOD devices are personal devices not only impacts how IT must think about managing and securing the device from a technology perspective but also affects how these solutions may impact user experience and privacy. In a BYOD world, companies need to find solutions that strike a balance between the need for data security and compliance and the need to protect employee privacy. Mobile enterprise management solutions that consider needs on both sides of the equation can be effective tools for maximizing worker productivity without compromising security. When evaluating solutions, organizations that think strategically should consider vendors that can provide a comprehensive solution over the long term. From a technology perspective, it is clear that a holistic approach to mobile management and security is required. Companies need to prepare for the myriad security risks that mobile devices and end-user behavior pose. The first consideration is the management of the devices themselves. Although companies can now choose whether they need to secure and manage the entire mobile device or whether being able to secure a portion of that device is sufficient, steps must be taken to prevent data loss. If an organization does not lock down the entire device, it should look for a solution that allows policies to be applied to either a corporate container of apps or each app itself to prevent sensitive information from being leaked to other applications or public clouds. An organization should also look for DLP solutions to protect content that resides outside applications. In addition, companies must plan for the fact that consumer devices come with consumer applications residing on them that may be infected with malware that can compromise the entire device platform. Deploying mobile threat management technologies that can detect these malicious activities and remove them before they are able to do damage is essential. Furthermore, a user-oriented approach that employs identity as the underlying mechanism to ensure secure access to all of the user's devices, applications, and data will be a beneficial approach for many organizations.

6

©2013 IDC

A B O U T

T H I S

P U B L I C A T I O N

This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T

A N D

R E S T R I C T I O N S

Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-7610 or [email protected]. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

©2013 IDC

7