As Research Director for the Business Technology and Software group at Current Analysis, Andrew manages the Enterprise Security, Data Center Infrastructure, and Enterprise Network Systems coverage. As the lead analyst for Enterprise Security coverage, he focuses on the market and technology dynamics that are transforming the industry, including virtualization, mobility, the consumerization of IT, embedding of security into the broader IT fabric, and a shift to data centric security.
If a vendor can possibly tie its messaging to BYOD, it has.
Vendors need to be careful though; the game is changing.
One of my takeaways from attending Interop a couple of weeks ago was the pervasiveness of BYOD as an addressable use case in vendor pitches. At some point, a line from TheGodfather Part II came to mind. Neighborhood crime boss Don Fanucci tells the young godfather (played by Robert De Niro), “You should let me wet my beak a little,” by which he means he wants a piece of the action. It’s a colorful phrase, and it’s exactly the attitude of many technology companies today. Continue reading “Wet Your Beak, or Drown Trying”→
Nobody ever got fired for buying BlackBerrys. Embrace device diversity but incentivize best practices
Anyone old enough to remember the phrase: “Nobody ever got fired for buying IBM equipment”? If uttered by an IBM sales person it could be considered classic fear, uncertainty and doubt (FUD). But it was based on an industry axiom at the time: IBM hardware was the known quantity and the safe purchase. For a long time, nobody got fired for buying BlackBerry either, but the ‘consumerization of IT’ has thrown those old assumptions out the window and organizations are back to really taking a hard look at the features of each mobile OS and trying to keep the FUD at bay. I sat in a panel at Interop last week that basically asked the question: is it safe to hitch your wagon to any one mobile OS, BlackBerry or otherwise? Continue reading “Mobile Operating System Choice”→
Several vendors have announced enhanced network access control (NAC) products for addressing BYOD
The Trusted Computing Group announced a new revision to an important NAC standard (TNC IF-MAP)
I spent the week in Las Vegas at Interop and one of the meta-themes at the event was the issue of how to deal with consumerization of IT and the associated business policy of allowing employee-owned devices on corporate networks. (i.e., BYOD). As I have noted before on this blog, consumerization of IT has far-ranging impacts on enterprise IT requirements and product development strategies. This includes products being enhanced to support the increasing traffic requirements inherent in broad deployment of mobile devices, but it also includes old products finding new life when applied to mobile use cases. A great example of the latter is the re-emergence of NAC to address consumerization of IT. Continue reading “Interop: NAC is Back”→
Consumerization of IT is having a pervasive impact on enterprise IT.
It is much broader than simply worrying about device management and security.
My CEO asked me for a comprehensive, non-technical definition of the mobility market. It got me thinking about how pervasive the impact of consumerization of IT has become. I am buried in the day to day of a lot of our Enterprise Mobility coverage, but that is just the most obvious place that mobility impacts our enterprise coverage. Consumerization of IT is an important trend in our Application Platforms, Collaboration Platforms, Enterprise Networking, Unified Communications, and Enterprise Security coverage. Certainly no other topic, with the possible exception of the cloud, gets as many cross-disciplinary conversations going in our enterprise group. The following are short summaries of the impact of consumerization of IT on several of our coverage areas: Continue reading “Consumerization of IT Is the Mega Trend”→
Prepare for breaches through better visibility and forensic tools.
In Western cultures, Friday the 13th is considered a particularly unlucky day. The superstition is of relatively recent vintage, though it seems to derive from the separate but long-standing considerations that 13 is an unlucky number and Friday is an unlucky day. Security folks are not a particularly superstitious lot, but I think we can all agree that we can use all the luck we can get. However, any discussion about luck brings to my mind a famous quote that is usually remembered as “Luck favors the prepared (actually, the quote by Louis Pasteur is “Chance favors the prepared mind”). Continue reading “Security Worries: Friday the 13th Edition”→
Galen Gruman had an interesting article in InfoWorld last week, “Virtualization No Silver Bullet for Macs or Mobile” that got me thinking. While the article is actually chiefly about virtualization on non-Windows PCs/laptops it does make some important points about what is needed (and not needed) on mobile devices. To cut to the chase, what is needed is data/application partitioning. That is not news, of course, but the more interesting question that Gruman tackled is whether virtualization is the way to achieve partitioning of personal and corporate data and applications on mobile devices. He sees partitioning as one of the more compelling use cases for virtualization on mobile devices and I agree with that. But it is important to keep in mind that virtualization is just one of numerous techniques that are currently being developed to handle privacy, compliance and security concerns associated with dual-use devices. Continue reading “Preparing for Dual Use (Corporate and Personal) Mobile Devices”→
Where policy for mobile devices is managed is a critical question.
To say we are moving into a post-PC era does not imply that the PC is going away, only that much of the energy in the computing markets is moving to newer, more nimble devices. PC shipments in 2011 were down about 4% year over year. This is attributed mostly to the rise of interest in tablets and smartphones, which can both assume some of the tasks traditionally performed by PCs. This is an important point to emphasize when thinking about the endpoint security markets. Firstly, there will be a strong market for PC client security products for years to come. And because of this, traditional endpoint security vendors believe they have potent leverage when moving into the markets for securing tablets and smartphones: namely, that enterprise customers want to consolidate and integrate endpoint security policy across all end user devices. (Everybody better start thinking more holistically about identity management by the way. But that is a discussion for another post). Continue reading “Endpoint Security in 2012”→
The MDM market is not just growing, it’s expanding
Leading vendors had a very good year in 2011
Before talking about market growth, I should make it clear that Current Analysis does not do market sizing. (We aren’t a quant house.) That being said, we look at market numbers just like anyone else, and sometimes with a bit of amusement. A serious difficulty in trying to size the MDM market is that it is a moving target. The question is not so much what is MDM today, but rather what will it be in two or three years? If you don’t scope the market correctly then sizing it is impossible. One of the quantitative analyst firms this summer upwardly revised their MDM forecasts for 2015 from $3.9 billion to $6.6 billion. That is a huge resizing, but it makes sense in light of the expanded scope of the MDM market that the firm now anticipates. Continue reading “2011 Was a Great Year for MDM”→
Let’s try to avoid a security strategy that relies on a placebo effect.
Assuming the worst is a good way to start the new year.
The Wall Street Journal ran an interesting article this week called “Why placebos work wonders.” It seems there is much more to the “placebo effect” than simply tricking someone into thinking they are getting a “real” drug. Research has shown that it doesn’t seem to matter whether patients know they are getting “real” treatment or a sugar pill. The body can benefit. I used to think about the placebo effect when I would take my very old dog in for acupuncture treatments. I assume that if they worked for him (and they did) then there must be more to acupuncture than just a placebo effect. Dogs need “real” treatments, while humans can benefit from both “real” and “fake” treatments. Some of the check box security products that enterprises spend their money on seem like fake treatments. This might be ok, if computers and networks were more like humans and less like dogs. Continue reading “Placebos, Dogs, Burglars and Security”→
Vendors’ predictions are often worth what you pay for them.
Take predictions with a grain of salt.
Does any other market lend itself to self-serving predictions quite as readily as the security market? Don’t get me wrong, I like predictions as much as the next guy; in fact, I have been working on some this week with partner in crime Paula Musich. That said, our predictions do not end with an outright recommendation that you buy our products. Security vendors benefit from often having very good threat research personnel on staff. These teams see more threats and see them sooner than almost anyone else. They are indeed very well positioned to look over the horizon at new attacks that might well go mainstream. However, some security vendors seem to cherry pick threats that align with product suites. (Of course, in a perfect world, vendor threat teams are informing product development decisions.) Tech Target’s Rob Westervelt called McAfee/Intel out on its predictions on Twitter this week. Two of McAfee/Intel’s predictions involved more rootkits and the need for more chip-based security. See what they did there? Continue reading “‘Tis the Season for Predictions”→