Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘ScanSafe’

Enterprises Want Broad Functionality for Mobile Device Security

Monday, November 1st, 2010

Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market.  There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense.  Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business.  Symantec is in the same boat with antivirus as well as encryption software from PGP.  Networking vendors also see up-side in the mobile device security market.  Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.

These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network.  Will this confuse the market?  No.  Enterprises are actually looking for a wide range of mobile device security functionality.  According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication.  They also want things like DLP, VPN, and device locking.

Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management.  In other words, they want a single software package for device provisioning, configuration, reporting, etc.  They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.

It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well.  Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud.  If this happens, integration will be critical for all leading products.

Note to Cisco: Pick Your Security Battle

Thursday, February 11th, 2010

I’ve written some not too flattering things lately about Cisco. Now I’ve got nothing against Cisco — I’m actually quite impressed with its broad portfolio, M&A strategy, and sales/marketing muscle. Cisco also has a lot of Chutzpah — taking on Dell, HP, and IBM on next-generation servers wasn’t a move you’d see from a risk-averse company.

In general, I admire Cisco, but I’m not sure where it is going with security. I’ve written a few blogs about flat revenue, changing agendas, and product commitments in the past that I’m sure haven’t played well in San Jose. The pushback I tend to get is that Cisco builds security into all of its products so individual security products aren’t the right thing to focus on.

Hmm, this may be so but in my humble opinion Cisco is fighting on two fronts and right now it can’t win on either one. Allow me to elaborate.

Front number one is traditional security products. Aside from a few exceptions like IronPort, Cisco security products haven’t kept up with the competition. You can build all the security you want into products but you still need firewalls, IDS/IPS, gateways, etc. Cisco is losing a lot of these security product sales. The other problem here is that Cisco doesn’t cover all security areas. It has no desktop presence, limited application presence, no database presence, etc. This is the front where I’ve been most critical of Cisco. The only way Cisco can bounce back here is with a big acquisition (McAfee, Check Point?) or with a lot of strategic little ones.

Front number two is business security solutions. What I mean by this is more end-to-end security solutions that secure enterprise or vertical industry business processes. I believe Cisco is trying to go in this direction based on its new positioning and tag lines like, “enabling the next-generation workforce to collaborate with confidence.” Cisco’s instincts are spot on — enterprise organizations are now trying to secure business processes not just IT infrastructure. The move to secure business solutions means that deals get bigger and executives get involved with security decisions. Good news for Cisco except that it can’t hold a business security solutions candle to others like HP, IBM, Accenture, SAIC, etc. When push comes to shove, these others have vertical industry and business process mojo that Cisco just doesn’t have.

Cisco should go after the business security solutions market but it can’t just throw around new marketing initiatives and succeed like it has in the networking space. I suggest that Cisco do one, a few, or all of the following:

  1. Buy a services company. Dell, HP, and IBM are all using services as a differentiator and winning the secure business solutions battles (note:  I realize that a professional services acquisition would be far more strategic for Cisco than security alone). I don’t think Cisco can win by being Switzerland with everyone else. Cisco needs to acquire someone like CSC or (dare I say?) Unisys for services muscle. This will help with UCS sales AND business security solutions. Note that HP is very successful at selling business security solutions yet it has few security products. The reason? Services strength, global reach, business process expertise, and lots of industry experience.
  2. Double down on identity management. In my mind, the identity space is perfect for Cisco. Why? The technology is rapidly changing and it will likely end up as a network service. Identity is also a key component of cloud computing. Cisco owns Securent and Rohati but that’s not enough. Courion is out there as a product and Ping Identity as a SaaS/network service (note: I like the Ping or network services play best). Alternatively, if Cisco buys a professional services company, it could make identity a core skill set and work with independent leaders like CA and Oracle.
  3. Get vertical. Cisco does a bit of this but it is mostly through its sales and marketing effort. My contention is that Cisco should acquire and build vertical solutions for health care, financial services, and the Federal government or get super aggressive with partners (note: HP and IBM may have locked up the best ones). Cisco can’t just deliver pipes, it needs entire secure solutions.
  4. Go deep with compliance. For years Cisco looked at compliance as a subset of security management. This may have been true 4 years ago but is no longer the case. Since increasing regulation impacts all industries, Cisco’s commitment here could complement all of my other suggestions.

Cisco has dabbled with a similar business security solutions strategy. For example, ScanSafe is a potential great adjunct to UCS, data center products, and cloud/service provider sales and marketing. That said, Cisco has yet to jump in with both feet.

Note to John Chambers: If you want to compete with HP and IBM you need more than marketing magic that sits on the network — you need real business security solutions.

Given its security leadership history, I believe Cisco can be successful here with the right investments but I don’t believe that Cisco can fake its way through, or compete on security products and business security solutions from its current weak position.

Search
© 2011 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site