Mobile Security Technologies 2015

Today, I'm officially kicking off the 2015 version of the Mobile Security Technology Radar and I need your help! 

Mobile security is one of the fastest changing, most dynamic markets that I have ever seen in my life (and I've been around the block a few times). Just when enterprises think they have it all figured out, a new shiny blinking toy is released that promises to secure mobility better than ever before. I began formally tracking the mobile security space for Forrester in the summer of 2013. One of my early reports was the 2013 Mobile Security Technology Radar which I slightly updated in the winter of 2014. Both enterprises and vendors alike responded very positively to these reports, citing the valuable insights that allowed them to predict the movements of a market that changes faster than Katy Perry at the super bowl halftime show.

What isn't always evident in the reports that we write at Forrester is the depth and details in the research we do. For example, the graphic below represents quantified survey results of industry experts, vendors, and customers of mobile device management technologies that offers insite into the market sentiment on MDM solutions in 2013. MDM was a pretty hot technology in the summer of 2013 and the lack of red market sentiment helped us predict that this technology would thrive in the near future (see graphic below). Things really get interesting when we have year over year trending data to help us gain additional insite into the future market movements.

Read more

Go Play In The Innovation Sandbox


RSAC INNOVATION SANDBOX FINALISTS SPUR INGENUITY IN SECURITY: CISOs SHOULD LOOK TO FINALISTS FOR FUTURE DIRECTION AND INVESTMENT

On Monday April 20, 2015 the biggest security event in the USA, the RSA Conference, kicks off with the ever popular Innovation Sandbox event. This event brings in hundreds of submissions from security startup companies around the world all hoping to make the top 10 finalist list, and eventually be declared the winner. The Innovation Sandbox has been running for the last ten years resulting in a great quantity of security startup data to analyze along with some very notable winning companies.

Previous sandbox winners include SourceFireImpervaAlertEnterprise and most recently Red Owl Analytics. Many security companies have been declared finalists, fared well with additional funding, and found reasonable financial success, specifically acquisition. The graph to the left shows the acquisition trends for Innovation Sandbox finalists since 2009. Security start up success is on the rise and the Innovation Sandbox is there to build on that success.

Read more

Android For Work Upends Multiple Markets

On February 25, 2015, Google publicly announced its latest functionality and updates to the Android OS, titled "Android for Work" (AFW). Some of the new functionalities include secure work profiles, secure personal information management, and an enterprise app store through "Google Play for Work." These new changes in AFW will impact the businesses, the Android ecosystem, and the overall market in a far-reaching way. EMM vendors and enterprise EMM buyers must review these technology changes and understand how they will influence future product direction before making any purchases. It took just a few years for core MDM functionality to commoditize to a $0 price tag. I wonder how long until the advanced security components being folded into Android via AFW are also essentially free? 

 
Read my latest report here to see how this announcement will upend multiple mobile and security markets market: "QuickTake: Android For Work Upends Multiple Markets."

Application Security Technologies List

Roughly a year and a half ago I began a process of measuring the importantance of technologies in the mobile security space. I'm currently beginning that same process for the application security market. Many technologies exist that provide business value to enterprises for the security of their applications, but which ones are better at delivering on the business value that the enterprise really wants? Have any of these technologies outlived their usefullness, falling to innovation and new ideas? Which technologies should the enterprise prioritize spending their limited security budget on? I hope to answer these questions and more!

I've identified nine distinct application security technologies that make up the application security market. (Link to additional details!). I'm sure there are technologies that I've missed and arguments to be made to remove something. As always, my research is significantly improved with your help! 

If you are interested in participating in this research or have feedback on the technology list, respond via this web form, in the comments below, or via email / tweet to tshields@forrester.com (@txs). 

Read more

Security Of Your Data Doesn't Matter To Smart Device Vendors At CES Tech West . . .

The CES Tech West Expo has a number of specific areas of coverage including fitness and health, wearables, connected home, family safety, and some young innovative companies located in the startup area of the section. I spent a few hours interviewing and discussing the Internet of Things (IoT) with as many vendors as I could find. I had many good laughs and shed a few tears during the process. To describe the process, the general communication would go something like this:

Me: "Can you point me at the most technical person you have at your booth? I'd like to talk about how you secure your devices and the sensitive / personal data that it accesses and collects."

Smartest tech person at the booth: "Oh! We are secure; we [insert security-specific line here]."

Me: "Never mind . . ." (dejected look on my face).

Read more

Happy Birthday Angry Birds! Thanks For The (In)Security!

Image Source: http://www.jbgnews.com/2014/09/angry-birds-developer-rovio-entertainment-struggling/430304.html

We’ve all done it. We've spent hours flinging birds at pigs, only to be frustrated with that one little piggy that got away. We can all thank the phenomenon “Angry Birds” for this wonderful experience. Today marks the fifth birthday of the release of the original Angry Birds. Since its release, the highly successful mobile game creator Rovio has gone on to sell hundreds of millions of dollars of mobile apps, licenses, and merchandise amassing $216M in revenue in 2013 alone. Who knew that a simple change in game mechanics could gain such a cult foothold with the public? From a business perspective, the team at appfigures did a great write-up on the history of the franchise, along with its successes and failures in the eyes of the public. If you’re interested in the business life cycle of apps in the public app store, I highly recommend you go read their research: Angry Birds Turns Five: What We Can Learn From The Franchise’s Success.

Read more

Mobile Application Security - The Fight Results

A few months ago I posted a blog entry entitled: "Containerization vs. Application Wrapping: The Tale Of The Tape." Well... the bout is finally over and a winner has been decided. Using a virtual tape measure, I analyzed the mobile application technology spectrum to determine which technologies are better suited to deployment in the enterprise and why. The results were about what I expected. The fight went right down to the wire and nobody scored a knockout with the winner being decided with a slim margin over the 8 rounds. Here is the judge's score card:

You can read all about the data behind the analysis and the justification for the results in my latest report: "In The Mobile Security Bout Of the Year, App Wrapping Beats Containerization On Points." 

Google Acquires Divide -- Shaking Up The Mobile Security Landscape

On May 19, 2014, Google announced that it is acquiring containerization and dual persona vendor Divide. Divide's technology is designed to create a security and user interface division between the personal and the enterprise content, applications, and data on a single mobile device. This model meets the goal of separating the highly sensitive work data from the games and other potentially malicious content of a consumer nature. The big question is what is Google going to do now that it owns a technology leading containerizaiton play.

Selling Divide as a standalone solution isn't going to be lucrative enough, in the long term, to make the acquisition worthwhile. It makes a whole lot of sense for Google to embed Divide into the Android operating system. Just as rising tides raise all ships, containerization in Android will help the entire Android ecosystem shed the market perception of a technology that isn't quite yet enterprise appropriate. If this acquisition is any indication, Google has just put some power behind its push into the enterprise market and I don't expect it to subside any time soon.

All enterprises and vendors in the mobile security space should reconsider their future purchases and road maps based on this acquisition. Even if you are creating or buying mobile security technologies that don't play at the application layer, mobile security technologies are inseparably intertwined and this acquisition will have ripple effects that must be considered.

Read more in my full report here: Google Acquires Divide And Shakes Up The Mobile Security Landscape.

Containerization Vs. App Wrapping - The Tale Of The Tape

If you have implemented or used either application wrapping or containerization technologies, please COMPLETE THIS SURVEY.

Application wrapping versus containerization: Which technology provides better security to an enterprise mobile deployment? What are the use cases for each technology, and which technology has a longer shelf life when it comes to being the de facto standard for enterprise mobile security? Are there times when containerization provides a better user experience than application wrapping? And more simply speaking . . . what the heck is the difference between these two technologies, and which one should you purchase?

In the sport of boxing, "the tale of the tape" is a term used to describe a comparison between two fighters. Typically, this comparison includes physical measurements of each fighter as taken by a tape measure before the bout, thus the term "the tale of the tape." I'm currently conducting research for a "tale of the tape" report between mobile containerization technologies and mobile application wrapping. There has been a significant amount of discussion lately regarding which of these technologies is better suited for enterprise deployment. In order to settle this dispute, I'm going to get out the virtual tape measure and analyze the fighters!

Read more

BlackBerry Jakarta Edition Success Is Irrelevant To US Enterprises

Jump straight to my latest Quick Take report: "S&R Pros Desperate To Ditch BlackBerry Should Rethink Their Strategy -- BlackBerry Finally Opens BB10 OS To Third-Party Management.

This morning, BlackBerry announced the release of the BlackBerry Z3 Jakarta Edition. This new device is targeting the lower end of the market in Indonesia with lessened technical specifications and a reduced price point. It is unclear if the new device will be successful with the Southeast Asian buyer; however, I don't think it matters much to the US-based enterprise.

In the United States, BlackBerry has lost its hardware brand cachet. Over the last five fiscal quarters, BlackBerry total revenue has decreased by 64% from $2.7B to $976M. If we break out the revenue into separate streams -- hardware, software, and services -- we see that all three segments slowed in that same time period. The hardware revenue stream continues to be the boat anchor that is pulling down the other revenue segment, with a loss of 78%, while the software revenue stream only lost 15%.

Read more