IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor's position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons.
The recently published IDC MarketScape: Worldwide Mobile Threat Management Security Software 2017 Vendor Assessment (doc # US42373417, September 2017) highlights the trends driving increased adoption of mobile security solutions and vendors leading the market. It is a perfect place to start for security and IT leaders launching a mobile security initiative since it provides a clear and concise evaluation of mobile security vendors.
Mobile Threat Management (MTM) is the term IDC uses to describe a Mobile Endpoint Security or Mobile Threat Defense product. This is the first IDC MarketScape for Mobile Threat Management, indicating that the market is growing and enterprises are more rapidly adopting these solutions. The IDC MarketScape recognizes that Lookout is a Leader in this maturing segment of security technology with the right technology, data, and people to protect enterprises from risks and threats.
Mike Jennett, research vice president, Enterprise Mobility Strategies, at IDC explains, "Mobile threat management is emerging as a must-have puzzle piece for successful enterprise mobility deployment and management.*"
Security & IT executives agree. The report reveals enterprises and SMBs in the U.S. have implemented mobile device security solutions including mobile threat management with, "an additional one-third of U.S. businesses not using MTM today planning to deploy this technology in the future.*"
From the report, we have focused on four key MTM capabilities enterprise decision makers should consider when thinking about moving their organization's mobility security solutions forward. Read on to see our take on the IDC MarketScape's recommendations and observations.
Key capability: Enabling enterprises to find threats and risks to compliance on mobile
As the amount of corporate data moving through employee mobile devices grows, compliance regulations - both internal to the enterprise and government mandated - are growing as well.
It should come as no surprise then that the IDC report indicates compliance as a key driver in MTM buying decisions: "Mobile security/compliance, in general, was the most frequently cited challenge businesses said they face among all aspects of a mobility deployment - before cost, complexity, and vendor-related issues.*"
Vendors should also be compliant
In our opinion, it's essential to determine how an MTM solution currently meets known compliance regulations, as well as whether it can keep pace with known and projected upcoming global compliance changes. For example, Lookout is EU-U.S. Privacy Shield certified as of October 2016 and is in the process of achieving ISO 27018 and GDPR compliance. In addition, Lookout has achieved ISO 27001 certification and FedRAMP In Process status. As you'll see, the need to assess current and forward-looking capabilities a recurring theme within the report and our recommendations.
Key capability: Protection against the complete Spectrum of Mobile Risk
IDC explains that "Most MTM products focus on protecting the device from phishing attacks, man-in-the-middle attacks, and device-specific security issues such as jailbreaking.*" However, these vectors and components do not represent the entire spectrum of risk facing an enterprise employee's mobile device; nor do they adequately respond to the full range of ways a mobile device could be misused in the enterprise.
It is vital to understand the many and varied ways your employees are (and will be) using their mobile devices. As the report points out, "advanced MTM providers cover every aspect of interactions with the mobile device - from user downloaded apps through to network connections,*" and even texting. When you understand the mobile productivity use cases within your organization, you can identify the proper level of protection needed.
Key capability: Data and talented researchers are required to protect against previously unknown threats and risks
If recent security incidents have taught us anything, it's that mobile attacks, threats, breaches, and risks are only going to intensify. As the report explains, "A mobile threat management product must be constantly evolving and able to look for the next threat on the horizon rather than simply focusing on the threats of today.*"
While an MTM product should be able to detect and alert on the full Spectrum of Mobile Risks, it should also be able to protect against previously unknown threats. This requires having a large dataset from which the MTM technology pulls information about risks and threats. From there, the MTM can find and surface anomalous activity, connections to existing malicious actors, similar code snippets, and other indications of malicious intent.
The IDC MarketScape positions Lookout as a Leader here saying, "Lookout's extensive data set and machine learning capabilities provide for exhaustive real-time data from around the world to client administrative consoles.*"
Machine learning is only as good as the data it has. Lookout CEO Jim Dolce explains in this blog post that even Google and Amazon have both open sourced their machine learning tools - called TensorFlow and Amazon Machine Learning (AML) respectively. Companies of this size and success would not give away their IP if it was the true secret sauce behind machine learning. They both have unmatchable data in their fields, however, that make these tools invaluable.
While the technology plays a key role, so do the security researchers who then analyze those indicators and confirm the existence of a previously unknown threat.
The IDC MarketScape explains, "Lookout has one of the largest team of mobile threat researchers among any security company, either MTM vendors or larger traditional enterprise security providers. This coupled with its 100+ million device network across 150 countries and extensive data set gives the company a strong capability of identifying not only headline-grabbing vulnerabilities in major mobile operating systems but also more lower-level threats to customers based on risky corporate app behavior and varying threats to users based on location and region.*"
Key capability: Good customer reviews
Listening to what customers think of a given MTM solution is one of the best ways to assess its "fit" for your organization. As the report highlights, "No matter how many features a product has or how long it's been on the market, if it is does not meet the needs of the customer or if it is cumbersome for the customer to install, support, or use, it will not be adopted.*"
Hundreds of organizations have chosen Lookout for mobile endpoint security. These leading global enterprises and government agencies trust Lookout to protect their mobile data in a way that is appropriate to their needs without disruption. Surveying vendors and their customers about ease of implementation, daily use cases, and outcomes should be high on the to-do list. The IDC MarketScape report says, you want to determine "that the product goes beyond device management or simple virus scanning and is truly a threat management product that will provide IT organizations with a potent tool to fight mobile threats in fashion that is not cumbersome to the user.*"
IT and security decision makers should make sure you're asking the right questions to assure your organization is on the right mobile threat management path now and into the future.
Contact Lookout to learn more about how to get the most value from mobile technology, securely.
*IDC MarketScape: Worldwide Mobile Threat Management Security Software 2017 Vendor Assessment, Doc # US42373417, September 2017.