株式会社グローバルインフォメーション
TEL: 044-952-0102
表紙
市場調査レポート

モバイルセキュリティ:モバイル化の主な障壁

Mobile Security - The Key Barrier to Mobile Enablement

発行 VDC Research Group, Inc. 商品コード 338485
出版日 ページ情報 英文 41 Pages; 4 Exhibits
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=114.58円で換算しております。
Back to Top
モバイルセキュリティ:モバイル化の主な障壁 Mobile Security - The Key Barrier to Mobile Enablement
出版日: 2015年08月28日 ページ情報: 英文 41 Pages; 4 Exhibits
概要

モバイルイニシアチブは生産性を向上し、運営コストを抑制できる大きな可能性を秘めていますが、企業はモバイルセキュリティに対する不安から、モバイル化に向けた積極的な取り組みに抵抗を示しています。

当レポートでは、モバイル化の推進の障壁となっているモバイルセキュリティの市場について調査し、モバイルセキュリティ市場の成熟化の動向、エンドユーザーによるモバイルセキュリティ上の懸念、モバイルセキュリティ市場の競合環境、主要事業者の分類と主要事業者のプロファイルなどについてまとめています。

エグゼクティブサマリー

  • 主要調査結果

急速に成熟化したモバイルセキュリティ

  • 市場分析
  • 近年の発展動向

モバイルセキュリティに対するエンドユーザーの分析

  • 図1:モバイルイニシアチブの追求における3大課題・障壁
  • セキュリティを念頭に置いたアプリケーション設計
    • 図2:モバイルアプリケーションの設計においてもっとも重要な機能
    • 図3:モバイルイニシアチブの追求における主な考察ポイント
    • 図4:モバイル化の追求のなかで企業が取り組むメトリクス

競合環境

  • 表1:モバイルセキュリティのエコシステム
  • 端末OEM:OSの強化
    • Apple
    • BlackBerry
    • Google
    • Microsoft
    • Samsung
  • EMMベンダー:セキュリティベンダーの旋回
    • VMware/AirWatch
    • Citrix
    • Good Technology
    • IBM
    • LANDesk/Wavelink
    • Microsoft
    • MobileIron
    • SAP
    • SOTI
  • 管理・セキュリティのスペシャリストの特定
    • Pulse Secure
  • セキュアメッセージング

VDC Research

  • 著者について
目次

Enterprises continue to resist moving full speed ahead with mobile initiatives that have real potential to reduce operational expenses and increase productivity. The opportunity to enable access to applications and data repositories, anywhere and anytime, is still largely untapped due to pre-existing perceptions associated with mobile security and the dogged efforts of bad actors that continue breach corporate security constructs. But consumerization trends suggest that the number and variety of mobile devices used to conduct business will continue to grow, making the need for robust security more pronounced than ever. Modern mobile platforms, however, are more vulnerable to greater and more varied security risks than the established IT world is. The right security approach will help enterprises address these threats while taking advantage of the huge benefits that mobile enablement offers.

The three main mobile targets that VDC has identified are information, identity, and availability. Consumerization trends show that personal mobile devices are increasingly used for both private and business purposes. Devices typically store valuable and often sensitive information; keeping that information secure is vital. If a malicious third party gains access to personal financial data, photographs, or information about where the owner lives, works, and spends his or her leisure time, for example, the consequences can be disastrous and irreparable. And since devices are used for work as well as leisure, the possibility of sensitive business information getting into the wrong hands could have much wider-and potentially massive-implications.

What questions are addressed ?

  • Who will enterprises turn to for their mobile security?
  • How will the evolution of Apple's iOS and Google's Android impact mobile security?
  • How is the mobile security landscape evolving?
  • Are EMM vendors well positioned to cater to the mobile security needs in the enterprise?
  • Just how critical is application security?
  • How are security vendors tackling the challenges of BYOD in the enterprise?

Executive Summary

The battle continues to intensify among mobile ISVs to be the primary provider for an increasingly broad range of mobile solutions for today's businesses. Mobile device deployments continue to expand in enterprise environments and are being integrated into workers' daily activities in companies of all sizes. This trend is making mobile IT infrastructure investments for mobile management and security a priority for CIOs, CISOs, and IT leaders. Protecting data on a server is one thing, but protecting data in motion is another. The increased use of mobile devices in businesses means people carry around (and potentially expose) more information than ever. A typical mobile device is likely to contain both personal and work-related data. This includes emails, email attachments, voice mails, text messages, and private corporate data. Essentially, every mobile-enabled worker is potentially holding a gateway into the enterprise network and access to sensitive and/or confidential data. Safeguarding intellectual property and business information from theft and misuse is an increasingly critical management issue, and security is a core business function, regardless of whether a user is in the C-suite or on the lowest rung on the corporate ladder.

The cost of data breaches can be enormous, not only in dollars but also in lost time, productivity, and overall organizational well being. Crafting and implementing comprehensive mobile policies, therefore, is critical for sustainable and effective mobile enablement.

Key Findings

  • Ownership models such as BYOD are continuing to affect mobile security investments because manually managing mobile platforms in heterogeneous deployment environments is not viable or cost-effective.
  • Mobile enablement introduces threats to enterprise IT that cannot be offset, mitigated, or prevented by a single technology solution. Combating those threats requires a layered approach to security to ensure the protection of corporate data.
  • Application security practitioners will be best served by embracing the fact that mobile apps require new protections beyond the use of traditional secure coding techniques.
  • EMM vendors face challenges in their efforts to keep pace with the changing security requirements in larger deployment environments as mobility becomes a strategic issue.
  • Mobile security investments are driven by enterprises' need to conform to stricter data protection and compliance practices. Identity management vendors now report renewed interest in their solutions and are forced to quickly evolve their offerings to incorporate secure cloud SSO, strong authentication, and sophisticated identity lifecycle management capabilities.
  • Handset OEMs are both innovating on design and implementing hardware-enhanced security techniques, and they continue to harden their operating systems. Google's inability to control the cadence of the update process to its Android operating system, however, remains a key barrier to broader enterprise adoption.
  • Security vendors must optimize their platforms to protect an increasingly diverse range of non-traditional endpoints (e.g., ATMs, kiosks, smart vending machines, parking meters, POS devices, etc.)

Mobile Security Market Has Quickly Matured

Market Insights

The current mobile boom has CIOs and IT leaders actively investing in solutions to help mitigate the increasing risks associated with using mobile devices for work-related purposes. The line between personal computers and mobile devices has already blurred, and the portability, connectivity, and storage capacity of smartphones and tablets pose a significant data leakage risk. The mobile hardware race is in full swing. Chip manufacturers continue to enhance their embedded security while handset OEMs expand their respective operating systems with important security and API enhancements. At the same time, venture funding continues to flow to a vibrant ecosystem of security-oriented ISVs. With each new smartphone activation, however, a new target is born. One unfortunate side effect of the explosive growth in smartphones has been the problem of security, particularly in corporate settings. Consumer demands for mobile platforms to offer the same conveniences as modern PCs has created new risks. Vulnerabilities such as malware, direct attacks, data interception, exploitation, and social engineering all have transitioned into the mobile space as fluidly as the operating systems themselves. Several prominent organizations, such as Anthem Inc., BlueCross BlueShield, JP Morgan Chase, The Home Depot, The Department of Veterans Affairs, and WellPoint Inc., have been negatively affected by lost or stolen unencrypted devices, the most common cause of security breaches.

Organizations understand the need to employ a layered approach that will create additional protections to keep their devices and infrastructure secure. The rising risk of infection from malicious applications has compelled organizations to invest in solutions that offer real time antivirus and malware scanning, along with the ability to identify vulnerabilities in web and mobile application source code. Context-aware detection and prevention capabilities are also increasingly important. Organizations find that they require secure access and authentication to a wider range of back-end services from multiple mobile apps/platforms.

The security landscape is in a state of constant change. IT departments must constantly assess the best ways to secure and manage a multitude of mobile devices on diverse platforms. Changing work styles increase employees' desire or need to work at any time, from any location, with data that is accessible from the company network, the Web, or the cloud. IT departments are thus dealing with a moving target and require a broad range of protective measures, depending on their organization's security posture. Due to the multilayered security dynamics of mobile platforms, neither an ideal hardware configuration nor one type of communications network can reliably catch all threats and assure security. Operating systems, applications, devices, and networks all affect security in a dynamic market. Investing in IT staff with mobile-first expertise that is specific to security is important, as is implementing the appropriate infrastructure to enable secure remote access to pre-existing data stores and application platforms.

Without the appropriate policies, training, and governance mechanisms in place, our personal and corporate data will become comingled, potentially resulting in data leakage and putting organizations at risk. Educating employees is critical to minimizing the threats mobile enablement introduces to an IT infrastructure. Typical users either don't understand the available security mechanisms or cannot properly use the appropriate protection mechanisms to their (and their organization's) full benefit.

Mobile-first security vendors have seen core device management capabilities commoditize. They have been actively engaged in developing security solutions focused on managing mobile applications as well as providing secure access to existing corporate data stores to their mobile workforce. Prominent enterprise mobility management (EMM) vendors have also shifted their focus away from managing devices and have developed secure content, collaboration, and application management solutions. The enhanced security functionality that has become central to these vendors' platforms, however, is the ability to keep applications and data in a designated area. This type of application-layer solution (often referred to as a “secure container” or “containerization”) is a key area for differentiation in the market. Not all containers are created equal, as vendors deploy different approaches that rely on device-side and chipset-level features, which vary depending on the device.

Table of Contents

Inside This Report

  • What questions are addressed?
  • Who should read this report?

Table of Contents

Executive Summary

  • Key Findings

Mobile Security Market Has Quickly Matured

  • Market Insights
  • Recent Developments

End User Insights on Mobile Security

  • Exhibit 1: Top Three Challenges/Barriers in Pursuit of Mobile Initiatives
  • App Design with Security in Mind
    • Exhibit 2: Most Important Features When Designing Mobile Applications
    • Exhibit 3: Key Considerations when Pursuing Mobility Initiatives
    • Exhibit 4: Metrics Organizations are Tracking as They Pursue Mobile Enablement

Competitive Landscape

  • Table 1: Mobile Security Ecosystem Landscape
  • Handset OEMs - Hardening the OS
    • Apple
    • BlackBerry
    • Google
    • Microsoft
    • Samsung
  • EMM Vendors - Pivoting to Security Vendors
    • VMware/AirWatch
    • Citrix
    • Good Technology
    • IBM
    • LANDesk/Wavelink
    • Microsoft
    • MobileIron
    • SAP
    • SOTI
  • Identity Management and Security Specialists
    • Pulse Secure
  • Secure Messaging

VDC Research

  • About the Author
Back to Top