As recent acquisitions have shown, mobile security is an area of growing interest for enterprises, with remote management and data protection capabilities at the top of the list.
McAfee's July 29 agreement to acquire TenCube was its second
attempt to purchase its way deeper into the mobile security business this year,
and one of multiple plays in the space by other vendors.
Vendors are right to be interested. A June survey of
enterprises by The 451 Group found two-thirds of the 91 respondents were either
"highly concerned" (23 percent) or "moderately concerned"
(44 percent) about a mobile security breach. This increased agita about
security and management is likely to continue.
"As smartphones and tablets, which are running on
smartphone OSes, increasingly take share away from desktop and laptop
computers, perpetrators will move to target these users," said The 451
Group analyst Chris Hazelton. "These smart devices will be the primary
portal for mobile banking and social networking, so the data stored and
traveling across these devices will steadily increase in value."
Click here to read about how smudges on touch screens can endanger security.
According to analyst company Infonetics Research, the mobile
security client software market is projected to grow to more than $1.6 billion
by 2013. McAfee's decision to buy TenCube was preceded by its purchase of Trust
Digital, as well as Juniper Networks' purchase of SMobile Systems and Awareness
Technologies' acquisition of LegiTime Technologies. Other companies have made similar
moves without acquisition; for example, Symantec released a beta security
program for Google Android devices.
Mobile malware has increased steadily since 2003, but has
not notably accelerated in 2010, said Jan Volzke, worldwide head of mobile
marketing at McAfee.
"What has increased is media attention around privacy
concerns [to do with] certain apps ... besides app security the discussion should
be expanded to cover mobile Internet usage, family safety and-what is probably
the most likely mobile security incident users face today-mobile device theft
or loss," Volzke said.
For enterprises, the primary challenge posed by smartphones
remains the same: remote management and data protection. Most enterprises allow
the use of Research In Motion's BlackBerry platform because it has all the
security functionality they need, said Gartner analyst John Pescatore.
"The minimum security features we tell enterprises they
need are: enforceable mandatory password to unlock, enforceable activity
timeout timer and password retry limit, mandatory device content encryption,
[and] over-the-air kill [remote wipe] capability," Pescatore said.
has reached the point where it meets that
minimum with a few caveats, like lack of FIPS [Federal Information Processing
Standard] 140-2 certification for the crypto; Android phones not yet,"
Pescatore continued. "So, enterprises who are being forced to allow use of
iPhone and/or Android phones that want more than the minimum level of security
policies need to add third-party mobile device management products, like
Sybase, Credant, MobileIron, etc. Or they can take a more limited approach and
force the phones to have a VPN client on them and the phones have to VPN to the
enterprise and run through the existing security infrastructure."
What enterprises today don't really need is an antivirus
client added to smartphones, he said, as it won't be effective or manageable.
Future acquisitions by security vendors should focus on
related areas such as device management, Hazelton said.
"There are still some major players out there that need
to increase their mobile security and management capabilities," he said. "There
are several companies that are good targets. The main threat today is still
lost or stolen devices, so security players will need to acquire both mobile
security and mobile device management vendors."