Cover Image
市場調查報告書

行動安全:行動化主要的障礙

Mobile Security - The Key Barrier to Mobile Enablement

出版商 VDC Research Group, Inc. 商品編碼 338485
出版日期 內容資訊 英文 41 Pages; 4 Exhibits
商品交期: 最快1-2個工作天內
價格
Back to Top
行動安全:行動化主要的障礙 Mobile Security - The Key Barrier to Mobile Enablement
出版日期: 2015年08月28日 內容資訊: 英文 41 Pages; 4 Exhibits
簡介

行動倡議提高生產率,蘊藏抑制營運成本的大幅可能性能,不過,企業從對行動安全的不安,對行動化的積極配合措施顯示阻力。

本報告提供行動化的推動障礙的行動安全的市場相關調查、行動安全市場的成熟度趨勢、終端用戶的行動安全軟體上的疑慮、行動安全市場競爭環境、主要經營者的分類與主要經營者簡介等相關彙整。

摘要整理

  • 主要調查結果

急速成熟化的行動安全

  • 市場分析
  • 近幾年的發展趨勢

行動安全的終端用戶分析

  • 圖1:行動倡議追求中的3大課題、障礙
  • 應用程序設計的安全考慮
    • 圖2:行動應用程式的設計中最重要的功能
    • 圖3:行動倡議的追求中主要的考察點
    • 圖4:行動化的追求中企業致力的標準

競爭環境

  • 表格1:行動安全的生態系統
  • 終端OEM:OS的強化
    • Apple
    • BlackBerry
    • Google
    • Microsoft
    • Samsung
  • EMM供應商:安全供應商的轉彎
    • VMware/AirWatch
    • Citrix
    • Good Technology
    • IBM
    • LANDesk/Wavelink
    • Microsoft
    • MobileIron
    • SAP
    • SOTI
  • 管理、安全的專家的識別
    • Pulse Secure
  • 安全通訊

VDC Research

  • 關於作者
目錄

Enterprises continue to resist moving full speed ahead with mobile initiatives that have real potential to reduce operational expenses and increase productivity. The opportunity to enable access to applications and data repositories, anywhere and anytime, is still largely untapped due to pre-existing perceptions associated with mobile security and the dogged efforts of bad actors that continue breach corporate security constructs. But consumerization trends suggest that the number and variety of mobile devices used to conduct business will continue to grow, making the need for robust security more pronounced than ever. Modern mobile platforms, however, are more vulnerable to greater and more varied security risks than the established IT world is. The right security approach will help enterprises address these threats while taking advantage of the huge benefits that mobile enablement offers.

The three main mobile targets that VDC has identified are information, identity, and availability. Consumerization trends show that personal mobile devices are increasingly used for both private and business purposes. Devices typically store valuable and often sensitive information; keeping that information secure is vital. If a malicious third party gains access to personal financial data, photographs, or information about where the owner lives, works, and spends his or her leisure time, for example, the consequences can be disastrous and irreparable. And since devices are used for work as well as leisure, the possibility of sensitive business information getting into the wrong hands could have much wider-and potentially massive-implications.

What questions are addressed ?

  • Who will enterprises turn to for their mobile security?
  • How will the evolution of Apple's iOS and Google's Android impact mobile security?
  • How is the mobile security landscape evolving?
  • Are EMM vendors well positioned to cater to the mobile security needs in the enterprise?
  • Just how critical is application security?
  • How are security vendors tackling the challenges of BYOD in the enterprise?

Executive Summary

The battle continues to intensify among mobile ISVs to be the primary provider for an increasingly broad range of mobile solutions for today's businesses. Mobile device deployments continue to expand in enterprise environments and are being integrated into workers' daily activities in companies of all sizes. This trend is making mobile IT infrastructure investments for mobile management and security a priority for CIOs, CISOs, and IT leaders. Protecting data on a server is one thing, but protecting data in motion is another. The increased use of mobile devices in businesses means people carry around (and potentially expose) more information than ever. A typical mobile device is likely to contain both personal and work-related data. This includes emails, email attachments, voice mails, text messages, and private corporate data. Essentially, every mobile-enabled worker is potentially holding a gateway into the enterprise network and access to sensitive and/or confidential data. Safeguarding intellectual property and business information from theft and misuse is an increasingly critical management issue, and security is a core business function, regardless of whether a user is in the C-suite or on the lowest rung on the corporate ladder.

The cost of data breaches can be enormous, not only in dollars but also in lost time, productivity, and overall organizational well being. Crafting and implementing comprehensive mobile policies, therefore, is critical for sustainable and effective mobile enablement.

Key Findings

  • Ownership models such as BYOD are continuing to affect mobile security investments because manually managing mobile platforms in heterogeneous deployment environments is not viable or cost-effective.
  • Mobile enablement introduces threats to enterprise IT that cannot be offset, mitigated, or prevented by a single technology solution. Combating those threats requires a layered approach to security to ensure the protection of corporate data.
  • Application security practitioners will be best served by embracing the fact that mobile apps require new protections beyond the use of traditional secure coding techniques.
  • EMM vendors face challenges in their efforts to keep pace with the changing security requirements in larger deployment environments as mobility becomes a strategic issue.
  • Mobile security investments are driven by enterprises' need to conform to stricter data protection and compliance practices. Identity management vendors now report renewed interest in their solutions and are forced to quickly evolve their offerings to incorporate secure cloud SSO, strong authentication, and sophisticated identity lifecycle management capabilities.
  • Handset OEMs are both innovating on design and implementing hardware-enhanced security techniques, and they continue to harden their operating systems. Google's inability to control the cadence of the update process to its Android operating system, however, remains a key barrier to broader enterprise adoption.
  • Security vendors must optimize their platforms to protect an increasingly diverse range of non-traditional endpoints (e.g., ATMs, kiosks, smart vending machines, parking meters, POS devices, etc.)

Mobile Security Market Has Quickly Matured

Market Insights

The current mobile boom has CIOs and IT leaders actively investing in solutions to help mitigate the increasing risks associated with using mobile devices for work-related purposes. The line between personal computers and mobile devices has already blurred, and the portability, connectivity, and storage capacity of smartphones and tablets pose a significant data leakage risk. The mobile hardware race is in full swing. Chip manufacturers continue to enhance their embedded security while handset OEMs expand their respective operating systems with important security and API enhancements. At the same time, venture funding continues to flow to a vibrant ecosystem of security-oriented ISVs. With each new smartphone activation, however, a new target is born. One unfortunate side effect of the explosive growth in smartphones has been the problem of security, particularly in corporate settings. Consumer demands for mobile platforms to offer the same conveniences as modern PCs has created new risks. Vulnerabilities such as malware, direct attacks, data interception, exploitation, and social engineering all have transitioned into the mobile space as fluidly as the operating systems themselves. Several prominent organizations, such as Anthem Inc., BlueCross BlueShield, JP Morgan Chase, The Home Depot, The Department of Veterans Affairs, and WellPoint Inc., have been negatively affected by lost or stolen unencrypted devices, the most common cause of security breaches.

Organizations understand the need to employ a layered approach that will create additional protections to keep their devices and infrastructure secure. The rising risk of infection from malicious applications has compelled organizations to invest in solutions that offer real time antivirus and malware scanning, along with the ability to identify vulnerabilities in web and mobile application source code. Context-aware detection and prevention capabilities are also increasingly important. Organizations find that they require secure access and authentication to a wider range of back-end services from multiple mobile apps/platforms.

The security landscape is in a state of constant change. IT departments must constantly assess the best ways to secure and manage a multitude of mobile devices on diverse platforms. Changing work styles increase employees' desire or need to work at any time, from any location, with data that is accessible from the company network, the Web, or the cloud. IT departments are thus dealing with a moving target and require a broad range of protective measures, depending on their organization's security posture. Due to the multilayered security dynamics of mobile platforms, neither an ideal hardware configuration nor one type of communications network can reliably catch all threats and assure security. Operating systems, applications, devices, and networks all affect security in a dynamic market. Investing in IT staff with mobile-first expertise that is specific to security is important, as is implementing the appropriate infrastructure to enable secure remote access to pre-existing data stores and application platforms.

Without the appropriate policies, training, and governance mechanisms in place, our personal and corporate data will become comingled, potentially resulting in data leakage and putting organizations at risk. Educating employees is critical to minimizing the threats mobile enablement introduces to an IT infrastructure. Typical users either don't understand the available security mechanisms or cannot properly use the appropriate protection mechanisms to their (and their organization's) full benefit.

Mobile-first security vendors have seen core device management capabilities commoditize. They have been actively engaged in developing security solutions focused on managing mobile applications as well as providing secure access to existing corporate data stores to their mobile workforce. Prominent enterprise mobility management (EMM) vendors have also shifted their focus away from managing devices and have developed secure content, collaboration, and application management solutions. The enhanced security functionality that has become central to these vendors' platforms, however, is the ability to keep applications and data in a designated area. This type of application-layer solution (often referred to as a “secure container” or “containerization”) is a key area for differentiation in the market. Not all containers are created equal, as vendors deploy different approaches that rely on device-side and chipset-level features, which vary depending on the device.

Table of Contents

Inside This Report

  • What questions are addressed?
  • Who should read this report?

Table of Contents

Executive Summary

  • Key Findings

Mobile Security Market Has Quickly Matured

  • Market Insights
  • Recent Developments

End User Insights on Mobile Security

  • Exhibit 1: Top Three Challenges/Barriers in Pursuit of Mobile Initiatives
  • App Design with Security in Mind
    • Exhibit 2: Most Important Features When Designing Mobile Applications
    • Exhibit 3: Key Considerations when Pursuing Mobility Initiatives
    • Exhibit 4: Metrics Organizations are Tracking as They Pursue Mobile Enablement

Competitive Landscape

  • Table 1: Mobile Security Ecosystem Landscape
  • Handset OEMs - Hardening the OS
    • Apple
    • BlackBerry
    • Google
    • Microsoft
    • Samsung
  • EMM Vendors - Pivoting to Security Vendors
    • VMware/AirWatch
    • Citrix
    • Good Technology
    • IBM
    • LANDesk/Wavelink
    • Microsoft
    • MobileIron
    • SAP
    • SOTI
  • Identity Management and Security Specialists
    • Pulse Secure
  • Secure Messaging

VDC Research

  • About the Author
Back to Top