Mobile device management is a fully commoditized market. In the strictest definition of MDM, the available functionality is limited to those application programmer interfaces that are made available by the operating system vendor (Google or Apple). There is very little that traditional MDM offerings can do to differentiate themselves from the other 100+ vendors in the market. This causes significant price pressure on the offerings. Value for MDM is rapidly approaching zero. As we have seen over the past year-and-a-half, core MDM component offerings have been continuously lowering their prices in an attempt to maintain market share. There is a transition by the major MDM players to expand well beyond the traditional "wipe," "lock," and "locate" concepts available to them into more advanced technologies such as content and collaboration systems, security components at the network and application layer, as well as partnerships and integrations with secondary market offerings. These features have value. MDM at its core does not.
I think it's about time someone came out and said it. Just like Dobby from the Harry Potter books, MDM should be free. I've been telling all of the vendors that I work with that if they don't put out their MDM offering in a freemium model very shortly, the other vendors will beat them to the punch. Traditional MDM offerings are a land grab for enterprise market share and should be used as an upsell or wedge into more advanced and differentiable offerings. I predict that in the next 6 to 9 months we will see most, if not all, of the leading MDM vendors giving away their core functionality.
It's hard to believe that a company could burn through $225 MILLION dollars in 11 months, but it looks like that may have been exactly what AirWatch did. According to data released by AirWatch and written by financial analysts (links to all data sources at bottom of post), AirWatch likely had burned through nearly all of its available cash in record time. Based on an assumption of $120K burn per employee (fully loaded) per year and an assumed removal of $50M in equity at the time of the venture round, AirWatch would have had somewhere between 5 and 6 months of runway left as of January 2014. These assumptions are corroborated by the fact that VMware has contractually extended AirWatch an offer to provide a bridge loan if the acquisition deal does not close in the next 6 months.
What did AirWatch do wrong? It sounds like they may have made some over-assumptions with regards to their growth rates for 2013. It could have possibly been the adoption rates in countries outside of North America. It may have just been bad luck. Or it could even be a cooling off of interest in mobile device management technologies based on containerization. We won't know exactly why they were getting near the end of the runway, but what we can say is that VMware may have overpaid in multiple. Based on the data provided by VMware of AirWatch bookings for 2013, VMware paid somewhere around 16x bookings for AirWatch. Man, that's a lot of bread!
On January 22, 2014, a new mobile security player was born. This is the date that VMware announced its intention to purchase the mobile device management (MDM) firm AirWatch. With a price tag of $1.5 billion, this acquisition confirms that the mobile security market is scorchingly hot. This news comes on the heels of the November acquisition of Fiberlink by IBM. I expect additional mobile security market consolidation to occur throughout the remainder of 2014. This acquisition is a shot across the bow of any other major vendor looking to play in the mobile security market. If you don't step up and spend now, you might just be left holding the bag.
There is a 14-dog race going on, with a goal to win the wallets of the enterprise for mobile security spend. When lined up in the starting blocks, the racers may all seem to have equal chances, but a few are better poised to cross the finish line first and bask in the glory of the winners' circle. Three of these technologies are the odds-on favorites to lead from start to finish, with the rest of the racers struggling to remain relevant.
Coming off the starting block with the "holeshot" are the mobile device management vendors. With huge engines of revenue, large customer counts, and first-mover advantage, this dog is the odds-on favorite to take the championship trophy. Mobile device management vendors are already expanding their technologies and products into security platforms to diversify their rapidly commoditized product offerings. The move is paying off for the biggest and toughest MDM participants in the race, giving them the early, and potentially insurmountable, lead.
All of the fighting has resulted in multiple casualties. BlackBerry couldn't keep up the pace and was eventually chopped off at the knees. Microsoft has yet to gain enough developer volume to be a real threat and will eventually reinvent itself as a new company under new leadership. Third-party app stores are distributed and nimble but really amount to nothing more than splinter groups using guerrilla tactics against the major nation states. They just can't compete in the long term.
In the United States, Google Play and Apple iTunes have become the two superpowers in the mobile app war. With exceptional mobile application uptake, these two players have come to dominate the consumer mobile space. Phones don't sell phones. . .applications sell phones, and these two players have won.
What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team over a week ago (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of green tea, and meeting new people and learning new things. In general, I like to keep an eye and ear out for startups to see what’s bubbling up, and came across a few at BlackHat:
Co3 Systems. Co3 Systems* help to automate the four pillars of incident response (prepare, assess, manage, and report) and break down responsibilities and response to ensure best practices are followed along with compliance with regulatory requirements. They just updated their security module to include threat intelligence feeds from iSIGHT Partners, AlienVault, Abuse.ch and SANS, and recently rolled out an EU data privacy and breach notification update to the product. I’m a numbers nerd, so when they let me play with the solution, I immediately started running simulations that estimated the cost of a breach.
FileTrek. FileTrek provides visibility and transparency into where data resides, how it’s being accessed, moved, used, changed, and shared between people, devices, and files. No, it’s not DLP. It’s more like the mother of all audit trails that takes context and sequence of events into account. That way, if someone who is supposed to have access to data starts to do things with it beyond what they normally do, FileTrek will flag it as suspicious activity.
Understanding the terms and technologies in the mobile security market can be a daunting and difficult task. The mobile ecosystem is changing at a very rapid pace, causing vendors to pivot their product direction to meet the needs of the enterprise. These changes in direction are creating a merging and twisting of technology descriptions being used by sales and marketing of the vendor offerings. What we considered “Mobile Device Management” yesterday has taken on shades of containerization and virtualization today.
Mobile antivirus used to be a standalone vision but has rapidly become a piece of the mobile endpoint security market. Where do we draw the lines, and how do we clearly define the market and products that the enterprise requires to secure their mobile environment?
In an attempt to help the enterprise S&R professional understand the overlapping descriptions of mobile security products, I am working on new research that will help organize and quantify the market. Understanding the detailed state of each of the technology offerings in the market, and their potential impact on a five- to 10-year horizon, will help enterprises make more-educated purchasing decisions.
To begin the process of covering all of the technologies being offered today, I’ve divided the solutions in the space by technology type. Not only am I analyzing technologies that are available now, but I’m also researching any additional products, services, and vendors in the mobile security space that have innovative new concepts that they are bringing to bear. These new-age offerings will help shape the future of mobile security, and we need to get ahead of the concepts now if we wish to have a better understanding of the impact of the innovation.
Traditional antivirus techniques have been fighting a losing battle for years. Popular hacker exploit kits pounce on new vulnerabilities quickly while advanced tools such as polymorphic viruses propagate their malicious intents. As a result, signature databases (known as “blacklists”) have ballooned in size, causing strain on a company’s infrastructure and endpoint performance. Combined with the fact that antivirus vendors miss a significant number of the unknown or zero-day threats, many security professionals are left questioning their antivirus-centric approach to endpoint protection. As the number of malware samples rise, this traditional "Whack-A-Mole" blacklist strategy of signature-based antivirus protection is simply unscalable.