magic quadrant for mobile

ResearchPublication Date: 23 September 2008 ID Number: G00161089

© 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Magic Quadrant for Mobile Data Protection John Girard, Ray Wagner

Mobile data protection products secure data on movable devices that can leave the office, including notebooks, PDAs and smartphones. Buyers want products that work equivalently across multiple platforms, need minimal support, provide for common policies and extend protections to removable media.

Publication Date: 23 September 2008/ID Number: G00161089 of 21

© 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

WHAT YOU NEED TO KNOW

Mobile data protection (MDP) systems and procedures are needed to protect user privacy and to comply with audit requirements, and every company must include MDP in its IT operations plan. The Magic Quadrant is a snapshot of the overall market. The Leaders category denotes a vendor with a balance of strengths. However, vendors in any category, as well as those not ranked on the Magic Quadrant (see Figure 1), may support your enterprise's needs.

MAGIC QUADRANT

Figure 1. Magic Quadrant for Mobile Data Protection

Source: Gartner (September 2008)

Market Overview MDP for notebooks and smaller handheld devices (PDAs and smartphones) is a rapidly growing market that began with basic data encryption and has expanded beyond hard drives and local files to encompass external data device controls and rights management. Most vendors in this market started on desktops, but the clearly defined buying center is mobile. The MDP market has been led for years by small independent software vendors (ISVs), some of which have been in the market for up to 25 years. However, mergers and acquisitions are handing the reins over to broader endpoint protection (EPP) vendors, such as Check Point Software Technologies and McAfee. Protection schemes embedded in hardware or the operating system (OS) are



incomplete, and leave plenty of room for ISVs to compete for years to deliver policy management across platforms.

Interest in data protection is fueled by liability and privacy concerns. Across the U.S., legislation is increasing to require public disclosure in the event of the real or suspected mishandling of personally identifiable information. Civil and criminal penalties for data leaks, and pressure to disclose leaks, are also growing in other countries. Even if information is not misused, negative public reaction is expensive and embarrassing, and it damages buyer and investor confidence.

Demand for products in this market continues to grow. The following information is derived from the 2008 Magic Quadrant survey results. Seats sold for 2007 — tallied for 18 vendors (15 reporting, three estimated) — totaled nearly 26 million, approximately 1.8 times higher than the 14 million seats tallied for 15 vendors in 2006. Early reports for 1H08 indicate that the market will double again. Average sales per vendor are about 1.4 million seats, with a median of approximately 650,000. Allowing for omissions and estimates, there is no doubt that the MDP market continues to grow strongly. During the period from 2002 to 2006, the compounded annual growth on global line of business (LOB) revenue tracked by Gartner in this market was greater than 55% per year.

Revenue growth in the market remains strong. According to information derived from the 2008 Magic Quadrant survey results, 2007 worldwide revenues in the MDP LOB are estimated at $611 million, compared with $432 million in 2006 and $287 million in 2005. Performance is spread broadly between a few large vendors and many small vendors, creating a median performance of $11 million and an average of about $34 million. We expect total LOB revenue for 2008 to exceed $1 billion.

Software as a service (SaaS) is available through 13 of the vendors in the survey. At this point, vendors that rely on product sales as their main revenue streams are reporting that SaaS represents, at most, 1% to 5% of their earnings. The few vendors we track that rely more heavily on SaaS are facing challenges to grow revenue.

Client inquiry calls steadily continue to request assistance in understanding, choosing and implementing data encryption. The numbers of calls and the size of pending installations suggest that data protection is still inadequate across industries. Stories of stolen devices containing exposed data continue to proliferate, and have not reduced in severity from prior years. Each year, hundreds of thousands of laptops and potentially millions of smaller devices are estimated by various sources to go missing through loss or theft, or are upgraded or exchanged without first having their data removed. Others fall prey to network-borne attacks and data copying. Data loss and theft are also increasing through removable portable storage devices that impact authorized users, as well as those who lose their storage media.

Client Concerns for 2008 Hardware subsystems, including the trusted platform module (TPM) and Seagate Technology's encrypting hard drives, are raising client awareness and interest in the potential for hardware systems to strengthen data protection and improve performance, but they are not universal solutions for all applications and all platforms. Buyers are not always able to integrate these systems into their plans and will be challenged to attempt large adoption across all their platforms. Additional hardware developments are appearing, which bring more opportunities but also more fragmentation and procurement challenges. Examples include Intel vPro, a certificate-based remote management platform that can directly interface with encryption tools; Intel Danbury, a processor implementation of Advanced Encryption Standard to run in a CPU at pipeline speeds; and competing hard-drive encryption systems at Fujitsu and Hitachi in line with the Trusted Computing Group's Trusted Storage Specification. No hardware system is ready to be a complete solution unto itself. ISVs in the market are increasingly taking advantage of these



hardware systems when they are present, but at the same time, they can offer strong protection in software without them.

BitLocker is an important step forward from Windows Encrypting File System (EFS), but Microsoft has much room for improvement. BitLocker's full-drive encryption (FDE) is limited to a subset of configurations on a single platform (Windows Vista) and is not suited to plug-and-play device protection or for secure data sharing across multiple devices. Microsoft needs years to grow a significant enterprise desktop market share. Buyers should invest now in ISV solutions that cover all their platforms in use. Several ISVs have released management support for BitLocker, so clients can find ways to use it.

The availability of multiple-platform support from a single vendor increasingly plays a role in product selection. Buyers are looking for vendors that can support platforms, large and small, with a similar look and feel, as well as provide common access and audit policies (see the "Vendor Strengths and Cautions" section in this research for lists of vendor-supported OSs and platforms). In 2008, the fruits of mergers between MDP vendors and EPP vendors have raised the value proposition from simple coexistence and point to a future when configuration management, encryption, host intrusion prevention system, personal firewalls and anti-malware defenses will be aligned. Of particular visibility in this regard are Sybase iAnywhere, Check Point Software Technologies (acquired Pointsec) and McAfee (acquired Safeboot). Sophos has an acquisition in progress for Utimaco Safeware, and other EPP players, including Symantec and Trend Micro, can be expected to pay attention. Other opportunities arise when vendors pursue partnerships for software distribution, asset tracking, backup/restore, inventory and other nonsecurity operations. These partnerships make it easier for enterprises to prove that user endpoint systems are secure and up to date, and can reduce the total cost of ownership of supporting multiple endpoint agents.

Multiple-user capability is of growing interest, as companies move beyond knowledge workers and begin encrypting shared workstations, retail and manufacturing systems.

Key management, storage and destruction methods are frequently on buyers' minds because of concerns regarding recovery for lost user/system access credentials, as well as for data destruction. Well-managed key destruction is tantamount to drive wiping and is essential to defend against data breaches on lost systems. It also provides a low-cost, low-risk, green method to dispose of old drives.

Removable media protection is a subject raised in every client inquiry. Vendors are responding with policies based on user certificates, application type, document type and device type. Clients expect more than simple drive blocking and, increasingly, are seeking solutions to provide portable viewing of encrypted documents with some means to track access. However, few users are prepared to deal with the complexity of implementing portable access tracking mechanisms (see "Trusted Portable Personality Devices Promote Secure Access").

Government security certifications are increasingly important to nongovernmental purchases. Enterprise buyers want to see that vendors are serious about delivering the best protection, and they recognize Federal Information Processing Standards (FIPS), Common Criteria (CC) and other designations as proof of vendor commitment (see the "Vendor Strengths and Cautions" section in this research for lists of vendor certifications). Readers should note that vendors may accrue a long list of certifications for algorithms for encryption, key management, quality management and specific countries. This research primarily considers FIPS 140-2 because it is a rigorous and internationally recognized certification for cryptographic engines. CC certification is considered ahead of country-specific and industry-specific certifications, again, because it is, by design, internationally recognized.

In June 2007, U.S. Federal Blanket Purchase Order Agreements were awarded, in a joint effort by the Office of Management and Budget, U.S. Department of Defense and U.S. General



Services Administration, to several of the vendors tracked for the Magic Quadrant. These blanket purchase orders can sometimes be used by other agencies, including state and local governments, and will stimulate sales opportunities by virtue of expedience.

Market Definition/Description Products in the MDP market are software tools that use strong encryption algorithms to protect information on the primary storage system of mobile platforms, including notebooks, PDAs and phones. Secondary protection for server volumes and removable media are increasingly common. All the PC products can work on stationary desktops, but the market demand is for systems that move. Encryption may be invoked at the level of individual files, as is common on small mobile devices, or at the folder, partition or full disk for larger systems. Users must answer a login challenge to gain access to data. The challenge may range from a simple PIN to a complex password, token or smart card, and may combine with biometrics. Competitive differences derive from different approaches to management, encryption strength, user authentication, policy management and value-added features, such as protection of information on removable media. Vendors must provide centrally managed access controls, lockouts and recovery methods. Small mobile devices represent the largest number of platforms overall, but the largest profits are still made on Windows laptop/desktop platforms. Products restricted to Windows PCs may be considered, but the best rankings go to vendors that cross multiple platforms and OSs.

Inclusion and Exclusion Criteria Inclusion Criteria Nineteen data protection vendors with mobile capabilities were contacted for our annual survey, and seventeen vendors responded. Of those vendors, fourteen passed the inclusion/exclusion criteria and were included in the Magic Quadrant, according to the evaluation of these attributes:

• The vendor must have had products that were generally available in 2007 and in 1H08 for a sufficient length of time to attract market attention, and the products must meet all aspects of the functional definition of products in the market. The vendor must offer products for use on PCs, because workstations represent most of the revenue for the market. Vendors that sell and/or source third-party encryption products are allowed; several vendors in this market license parts of their solutions, ranging from cryptographic modules to larger program components. A synchronization agent running on a workstation to support a product that only runs on a handheld device does not qualify for inclusion.

• The vendor must generate client interest and inquiry sufficient to be noticed by Gartner security analysts. Analysts must also receive feedback from clients indicating they are using the products.

• The vendor's product must not be limited to a single or proprietary platform by restriction of an OS or hardware component.

• Gartner analysts have a generally favorable opinion about the company's ability to compete in the market.

• The company regularly appears on Gartner clients' shortlists for final selection.

• The company demonstrates competitive presence and sales to Gartner analysts.



• Gartner analysts consider that aspects of the company's product execution and vision are important enough to merit inclusion.

• Seat sales in 2007 needed to total more than one-fifth of the median, or 125,000 seats, slightly less than 10% of the survey average of 1.4 million seats sold. The 2007 revenue in the market must be more than $3 million, slightly less than 10% of the survey average of $34 million. Exceptions may be granted if other inclusion factors merit consideration.

• The product must be commercially supported.

Seats sold by licensees, partners and others can only be counted once if reported. They will be attributed only to the original vendor if the licensee is not already included in this market study. OEM seats shipped without revenue may be attributed at a reduced percentage.

Exclusion Criteria Vendors will not be included in the Magic Quadrant if the following conditions are not met:

• Vendors must return an annual RFI that is used to collect competitive and historical data, within requested deadlines. Under limited circumstances at our discretion, we will estimate vendor status from a prior year's survey, but vendors who decline to report for two years in a row will be removed.

• Vendors must report seat sales in a format requested by Gartner to allow comparison. Under limited circumstances at our discretion, we may estimate unreported seats based on prior history, but vendors who decline to report for two years in a row may be removed.

• Vendors must report financial information in a format requested by Gartner to allow comparison. In a mature market, financial data is desirable to make execution comparisons, and the majority of vendors report their results to Gartner. Wide variations in discounting and OEM contract values make estimations problematic. Other factors will be considered, including client interest, overall industry "mind share" and competitive behavior. Under limited circumstances at our discretion, we may estimate unreported financial performance based on prior history, but vendors who decline to report for two years in a row may be removed.

Vendors Considered but Not Included in the 2008 Magic Quadrant Aliroo, BeSeQure (now Corisecio), Eruces, infoLock Technologies, SecurStar and Verdasys did not return the survey in 2007 and were not contacted in 2008. Motorola was invited to respond to the 2008 survey, but it declined. These vendors do not generate significant Gartner client inquiry in this market to consider placement by indirect information, nor do they appear to have influence among the ranked vendors. They are retained on our grand list of market companies.

Apple's FileVault and encryption for disk image volumes are not enterprise-manageable in a manner comparable to ranked vendors in this market. A lack of presence in the largest target platform — Windows workstations — further disqualifies inclusion. Several ranked vendors support the Macintosh and provide for common enterprise policy management, and still more are developing products for release during the remainder of 2008.

BitArmor Systems provides data control software that secures, tracks and controls sensitive data by attaching tags to the data to facilitate policy management decisions on laptops, removable media, servers and backup tapes. This approach presents a powerful, strategic solution to data protection because every dataset is able to directly assert its access policy. BitArmor's products are not yet selling in sufficient volume to qualify for ranking, but will be re-evaluated in 2009.



Bluefire and Trust Digital are previously ranked companies that did not return the 2008 survey and do not generate much client inquiry. They sell exclusively to the handheld market, and do not meet the current inclusion criteria. Trust Digital's products are sold directly and licensed by GuardianEdge Technologies, while Bluefire sells directly and is licensed by Symantec.

Microsoft's security products remain fragmented and do not meet the inclusion criteria. Windows Mobile 6.1 was the first version to integrate core memory encryption but didn't enter the market until 1Q08. Windows Mobile and Windows XP/Vista have separate management platforms. Windows EFS has not changed since Windows 2000, so concerns raised in reports in the past year continue, particularly on XP platforms. Vista has not penetrated the enterprise market to the point where BitLocker is a competitive platform solution. Microsoft's products resemble niche solutions. They have had negligible effect in attracting users away from ISVs. Several ranked vendors do provide common enterprise policy management and/or key management for Windows Mobile and BitLocker.

Mossec, a Spanish vendor, is pursuing the market to sell a handheld security and management suite as a software service exclusively to the carrier channel. Lack of a Windows workstation product and small sales numbers prevent qualification for this year's Magic Quadrant. Mossec will be re-evaluated in 2009.

Open-source projects, such as AxCrypt (www.axantum.com ) and TrueCrypt (www.truecrypt.org ), offer free data encryption tools, but they are not commercially supported. Gartner monitors open-source projects and will consider future project distributions that provide commercial support.

Seagate Technology has created new awareness and demand for hardware-embedded encryption. Seagate's encrypting drives are enabling technology, rather than a complete solution; thus, they are not ranked on the Magic Quadrant. Buyers are best served by relying on third-party vendors in this market to manage keys, recovery and access policies for Seagate's drives. Vendors that support these drives will help you to use the drive, if it is present, so you get the performance benefits; however, if you do not have the drive, vendors can use other encryption facilities. Six vendors in the MDP market had some ability to manage Seagate's drives as of 1H08 (BeCrypt, Credant Technologies, Secude, Utimaco Safeware, Wave Systems and WinMagic), and several others have Seagate on their road maps.

Secude is an 11-year-old Swiss company that has been developing its Finally Secure product in stealth mode for the past two years. Sales through 1H08 amounted to approximately 53,000 seats. The company is betting on SaaS and preferred partnerships with Seagate and others to ramp up sales through the remainder of 2008. Their product will run as stand-alone software encryption or it can use hardware systems including Seagate encrypting drives, and it runs on Windows XP and Vista. The current sales record is too low for inclusion; however, Secude will be monitored and re-evaluated for 2009.

SMobile Systems offers a broad range of mobile security technologies for major handheld platforms that are licensed by a number of companies, including carriers, such as AT&T and BT, and some vendors in the MDP market, such as Sybase iAnywhere. Lacking a PC product, it does not qualify for inclusion. Also, its encryption tool needs to be more visibly marketed. SMobile Systems will be monitored and re-evaluated for 2009.

TechSec Solutions did not meet sales and revenue thresholds in 2007, did not return the 2008 survey, and does not generate client inquiry.

Venafi characterizes its product as system management for encryption (managing EFS in this context) and is, therefore, not directly comparable with or competitive to products in this market.

http://www.axantum.com/

http://www.truecrypt.org/



Added McAfee has entered the Magic Quadrant through its 2007 acquisition of Safeboot.

Mobile Armor has responded to the 2008 survey and met the inclusion criteria.

SafeNet has reported a qualifying market share and will now be tracked.

Wave Systems is becoming visible, with an attractive niche configuration for managing Seagate drives and trusted platform modules (TPMs), initially on Dell platforms.

Dropped Entrust sells an OEM version of Check Point Software Technologies' Pointsec product, and its market contribution is now attributed to Check Point.

Evaluation Criteria Ability to Execute This market is well-established, and global pressure for data protection means that almost anyone can find investment money and may sell enough seats to keep their doors open. Vendors that learn to sell their products on the merits of ease of use and convergence with device management processes win the largest sales across markets. Other factors, such as the U.S. General Services Administration's SmartBUY program (www.gsa.gov/smartbuy ) help stimulate sales, but are not a substitute for a good business strategy.

New products, new features and estimated sales in 1H08 are also considered in the final ranking. Unofficial road maps, pending contracts and future sales agreements do not significantly contribute to a vendor ranking or to inclusion in this research, but vendors that have official road maps and that make consistent progress are recognized.

Product/Service compares the completeness and appropriateness of core data protection technology. This factor is critical to demonstrating that the vendor can generate market awareness.

Overall Viability considers company history and demonstrated commitment in the market, as well as the difference between a company's stated goals for the evaluation period and the company's actual performance compared with the rest of the market. Growth of the customer base and revenue are considered.

Sales Execution/Pricing compares the strength of sales and distribution operations of the vendors, as well as discounted list pricing for investments in seats ranging from fewer than 100 to more than 10,000. Pricing was compared in terms of first-year cost-per-concurrent active license seats, including cost of the management console and all hardware and support. Buyers want demonstrable peace of mind more than they want bargains, and they respond more strongly to sales techniques led by case studies and return on investment projections. In past years, that urgent need for protection meant that vendors in this market could charge up to hundreds of dollars per seat (obviously, lower prices are frequently negotiated). The arrival of EPP vendors in the market changes the rules because antivirus (AV) products have been heavily discounted. MDP buyers will expect deep discounting, and the average seat price can be expected to erode by as much as a factor of 10 during the next three years. This will stimulate market penetration but will challenge the survival of stand-alone and specialty vendors.

Market Responsiveness and Track Record, as well as Marketing Execution, rate competitive visibility as the key factor, including which vendors are most commonly considered top

http://www.gsa.gov/smartbuy



competitive threats by each other and which vendors respond most effectively during buyer RFPs.

Customer Experience is subjectively rated from client feedback to analysts; from opinions of Gartner analysts in security, network and platform research groups; and from vendor-supplied references, where needed.

Operations consider the ability of a vendor to pursue its goals in a manner that enhances and grows its influence in all execution categories. Operations are already considered in the other execution ranking categories (see Table 1).

Table 1. Ability to Execute Evaluation Criteria

Evaluation Criteria Weighting

Product/Service standard

Overall Viability (Business Unit, Financial, Strategy, Organization)

standard

Sales Execution/Pricing standard

Market Responsiveness and Track Record standard

Marketing Execution standard

Customer Experience standard

Operations no rating Source: Gartner

Completeness of Vision Vision is subjectively ranked according to a vendor's ability to show a broad investment in technology developments that predict user wants and needs.

Companies that lead in vision typically own, license or partner on products in other security and configuration management markets. They must also demonstrate management features that make their products easy to integrate with enterprise directories, and to interoperate with other enterprise security and management systems.

Market Understanding and Marketing Strategy are ranked together as Marketing Strategy, assessed through direct observation of the degree to which a vendor's products, road maps and mission anticipate leading-edge thinking about buyers' wants and needs. Gartner makes this assessment subjectively by several means, including interaction with vendors in briefings and by reading planning documents, marketing and sales literature, and press releases. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor and against future trends identified in Gartner research. Vendors cannot merely state an aggressive future goal; they must put plans in place, show that they are following their plans and modify their plans as market directions change. Also considered are the vendor's partnerships with vendors in related endpoint security markets, including antivirus, anti-spyware, configuration management, authentication, device identification, virtual private network (VPN), data encryption, gateway firewalls and others.

Sales Strategy examines the vendor's strategy for selling products, including sales messages, techniques, marketing, distribution and channels. This topic is considered in execution; it does not apply to product vision, which is ranked in terms of investment in functionality.



Offering (Product) Strategy is ranked through an examination of the breadth of functions, platform and OS support for the MDP client. R&D investments are credited in this category. Mergers that bring EPP vendors into the market have a strong impact on vision rankings for all vendors, because these vendors are driving the types of integration that Gartner considers strategic and competitive. Supported platforms are listed in the vendor comments. References to Windows refer to currently supported full-end-user versions of the Windows XP and Vista OS. Support may be available for older versions of Windows end-user platforms (9.x, 2000 and others) and servers. Vendors cited for support of Windows Mobile are ranked for support of Windows Mobile 6.0 and 6.1. Support may be available for other mobile OSs from Microsoft.

Business Model takes into account a vendor's underlying business objectives for its products and its ongoing ability to pursue R&D goals in a manner that enhances all vision categories.

Vertical/Industry Strategy considers a vendor's ability to communicate a vision that appeals to specific industries and vertical markets. The Magic Quadrant doesn't consider vertical markets as a distinctive ranking factor; therefore, this category is irrelevant.

Innovation takes into consideration the degree to which vendors invest in core requirements for the successful use of their products.

Geographic Strategy takes into account a vendor's strategy to direct resources, skills, products and services globally. All vendors are ranked in the Magic Quadrant for their performance as a whole and in the frame of reference of Gartner clients; therefore, this category is not required (see Table 2).

Table 2. Completeness of Vision Evaluation Criteria

Evaluation Criteria Weighting

Market Understanding no rating

Marketing Strategy standard

Sales Strategy no rating

Offering (Product) Strategy standard

Business Model standard

Vertical/Industry Strategy no rating

Innovation standard

Geographic Strategy no rating Source: Gartner

Leaders Leaders have products that work well for Gartner clients in small and large deployments. They have long-term road maps that follow and/or influence Gartner's vision of the developing needs of buyers in the market. Leaders make their competitors' sales staffs nervous and force competitors' technical staffs to follow their lead. Their MDP products are well-known to clients, and they encounter little resistance in selling their products.

Challengers Challengers have competitive visibility, market share, and financial and channel strengths that are better-developed than similar niche vendors. They have greater success in sales and mind share than similar niche vendors. Challengers offer all the core features of MDP, but typically their



vision may not contain forward planning that will drive competitive sales in the overall market for MDP. Challengers may have difficulty in communicating the effectiveness of their vision. For example, if a vendor has implemented features ahead of the demand curve that do not attract buyers, do not trigger new competitive responses and do not change the developmental course of the market, then their vision is not improved by those features.

Visionaries Visionaries have made investments in broad functionality and platform support, but their competitive clout, visibility and market share don't reach the level of those of leaders. Visionaries tend to be effective in making planning choices that will meet future buyer demands.

Niche Players Niche players offer products that suit many enterprise needs. A niche ranking is assigned when the product is not widely visible in competition, and it is judged to be relatively narrow or specialized in breadth of functions and platforms, or, for other reasons, the vendor's ability to communicate vision and features is not meeting Gartner's prevailing view of competitive trends. However, because the MDP market is a niche area in IT security, MDP niche players include stable, reliable and long-term players. Some niche players work from close, long-term relationships with their buyers, in which customer feedback sets the primary agenda for new features and enhancements. This approach can generate a high degree of customer satisfaction, but also results in a narrower focus on R&D than would be expected of a visionary.

Vendor Strengths and Cautions BeCrypt

Strengths

• BeCrypt is a respected and mature company selling more than 90% in European markets, especially in the U.K. Though volumes are small, sales revenue is strong, showing 50% year-over-year growth and a 100% increase from 2006 to 2007.

• Its European certifications are numerous and indicative of a solid product. For example, BeCrypt is Communications Electronics Security Group (CESG) Assisted Products Service (CAPS)-approved to Top-Secret level, and can export this level to major countries.

• Embedded system support includes ability to manage BitLocker and the TPM, and BeCrypt can provide key management for Seagate's drives.

• BeCrypt has the following FIPS and CC certifications: FIPS 140-2 (pending); CCTM (equivalent to CC EAL1).

• Platform support is provided for: Linux (several distributions), Windows Mobile, and Windows XP and Vista.

Cautions

• Seat sales rates are low for the time in business and compared to the overall market, but the company has a baseline and market activity sufficient to continue appearance in the Magic Quadrant.



• Strong earnings are indicative of higher per-seat revenue from its classified solutions. Downward pricing pressure from major new entrants, such as McAfee, are a threat to BeCrypt's commercial market expansion.

• The company needs to develop aggressive and competitive marketing messages, combined with increased sales efforts outside Europe, to increase visibility.

Check Point Software Technologies

Strengths

• Check Point Software Technologies acquired Pointsec in 2007, and continues to use the Pointsec brand name. The company did not provide updated financial or seat sales information for the 2008 survey. Historical extrapolations suggest that its estimated growth is above industry average.

• The company tied with Utimaco Safeware as the second most commonly cited competitive threat named by other vendors in the market (11 out of 16 vendor responses).

• Check Point Software Technologies has the following FIPS and CC certifications: FIPS 140-2 (all products); CC EAL2 (removable media); CC EAL44 (FDE).

• Platform support is provided for: Linux, Mac OS, Palm OS, Windows Mobile and previous, Symbian, and Windows 2000, XP and Vista.

Cautions

• The company's successful integration between Pointsec and its EPP suite earns some vision points, but has not influenced buying decisions reported by Gartner clients.

• Platform instabilities during and after installation were reported by several clients. The problems were resolvable, and would have been avoidable if buyers had been given better preparation and direction by Check Point Software Technologies' resellers.

• The key business and product management leader from Pointsec (Bob Egner) has departed.

• Seat pricing is above average. Buyers expect EPP vendors to offer steep discounts, in keeping with the trend for AV and firewall products.

Credant Technologies

Strengths

• With four million seats sold cumulatively in years 2005 through 2007, Credant Technologies continues to demonstrate that data-centric, data-policy-driven encryption products can compete in a market dominated by FDE vendors.

• Embedded system support includes the ability to manage BitLocker, EFS, Seagate's encrypting drives and the TPM. Credant had a strong early partnership with Intel for integration with vPro.

• It was included in the U.S. General Services Administration's SmartBUY award.

• Credant has the following FIPS and CC certifications: FIPS 140-2-1; CC EAL3.



• Platform support is provided for: Palm OS, Symbian, Windows Mobile, and Windows XP and Vista.

Cautions

• Credant invests more effort in sales and education than many of the FDE vendors. In past years, this has created strong growth potential in a market oriented toward FDE. Earnings in 2007 were impressive, given the company's alternative market position as a file encryption vendor, but seat penetration is behind key FDE vendors. Seat sales for 2007 were average and 1H08 has dropped to the market median (about one-third of average), while many vendors are selling at rates that will exceed 2007. Credant's performance earned a somewhat lower execution than 2007.

• The company must use more-informative and aggressive sales tactics to dispel industry beliefs about drive versus file encryption, especially because FDE doesn't apply to the largest-growing device populations, consisting of removable media and handheld devices.

GuardianEdge Technologies

Strengths

• Growth continues to be strong, following a surge that began in 2006. Seat sales for 2007 and 1H08 are above average, and appear on track to stay that way.

• GuardianEdge Technologies' OEM relationship with Trust Digital provides commonly managed products for handheld devices and is protected from loss through acquisition. The relationship with Symantec has brought a surge in sales and encourages risk-averse buyers.

• It was included in the U.S. General Services Administration's SmartBUY award, and it benefited from a large deployment by the U.S. Veterans Administration.

• GuardianEdge Technologies has the following FIPS and CC certifications: FIPS 140-2; CC EAL1; CC-EAL4 (in evaluation).

• Platform support is provided for: Palm OS, Symbian, Windows Mobile and previous, and Windows XP and Vista.

Cautions

• The company needs to expand its revenue base outside the U.S.

• A stronger and deeper alliance with a major EPP vendor is recommended to hold its visionary rating against the major EPP vendors.

Information Security Corporation

Strengths

• Clients have reported that Information Security Corporation is very responsive to its user community.

• The company was included in the U.S. General Services Administration's SmartBUY award.



• It is the only ranked vendor besides Credant that specializes in file encryption instead of FDE.

• Information Security Corporation provides its own certificate authority.

• Support for Apple platforms includes legacy PowerPC processors.

• Information Security Corporation has the following FIPS certification: FIPS 140-2.

• Platform support is provided for: Linux, Mac OS (Intel and PowerPC processors), Unix, Windows Mobile, and Windows XP and Vista.

Cautions

• The company did not provide updated information for the 2008 survey. Historical extrapolations suggest that its estimated growth is below industry average.

• Information Security Corporation lacks visibility in the Gartner client base (it is rarely mentioned), and is not considered a competitive threat by any company that Gartner tracks in the market.

• It lacks visibility in nongovernment markets. A limited set of buyers, combined with no competitive sales and marketing, is a risk to growth, given that several of the SmartBUY award winners have established strong and visible track records.

McAfee

Strengths

• McAfee is the most commonly named competitive threat (12 out of 16 vendor responses). This is a promotion from 2007, when McAfee was No. 2 and Check Point Software Technologies and Utimaco Safeware tied for first place.

• Seat sales for 2007 and 1H08 are the best reported by a wide margin.

• McAfee was included in the U.S. General Services Administration's SmartBUY award.

• Client feedback is positive, especially noted on large installations.

• Audit reports are designed to prove that a device was protected when lost or stolen.

• McAfee has the following FIPS and CC certifications: FIPS 140-2; CC EAL4.

• Platform support is provided for: Linux, Palm OS, Windows Mobile, Symbian, and Windows XP and Vista.

Cautions

• McAfee needs to continue discounting its protection suite to displace other vendors. It has the resources to undercut average and best-case pricing against most other vendors on the market.

• The company must release support soon for embedded encryption systems, especially Seagate's encrypting drives and the TPM, to maintain a strong visionary axis ranking.



Mobile Armor

Strengths

• Mobile Armor is one of the few vendors to offer embedded support for visual passwords.

• Network-aware preboot authentication can process system updates without unlocking the hard drive or starting the host OS.

• A firewall and VPN are included for handheld devices (using technology licensed from Certicom).

• The company was included in the U.S. General Services Administration's SmartBUY award.

• Mobile Armor has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4+.

• Platform support is provided for: Palm OS, RIM, Linux, Windows Mobile, and Windows XP and Vista.

Cautions

• The major source of growth for Mobile Armor stems from military agencies and is developing after the closing date for the survey. Aggressive and competitive sales techniques are needed to get Mobile Armor recognized by potential buyers outside the SmartBUY program.

• Seat sales are slightly above the inclusion threshold after three years of selling openly in the market.

PGP

Strengths

• PGP has relatively high reported worldwide LOB revenue, attributable to the market definition, although seat sales are average in all categories, suggesting strong earnings per seat and a base of profitable complementary products, but less than leading penetration. Clients frequently ask about PGP, which demonstrates that visibility drives sales opportunities.

• The company offers shared key infrastructure across multiple PGP products, including e-mail and instant messaging.

• PGP has the following FIPS and CC certifications: FIPS 140-2; CC EAL4+; U.K. CAPS (in progress).

• Embedded system support includes the ability to manage the TPM and integration with Intel vPro.

• Platform support is provided for: Linux (several distributions), Mac OS, RIM (e-mail only), Unix, and Windows XP and Vista.

Cautions

• PGP needs to develop deeper alliances and licenses with EPP vendors to hold up against McAfee.



• Its open-source heritage could be better-leveraged as a sales and marketing concept.

SafeNet

Strengths

• SafeNet is authorized to develop and sell U.S. Government Type 1 (Classified) encryption products. Approximately 50% of LOB revenue comes from Type 1 products.


• SafeNet has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4.

• Platform support is provided for: Linux, Macintosh, Unix, and Windows XP and Vista.

Cautions

• SafeNet generates few inquiries in the MDP area from Gartner clients — end users and other vendors — and lacks visibility in nongovernment markets. It is not considered a competitive threat by any company that Gartner tracks in the market. ProtectDrive was acquired less than three years ago, and investment in the product has increased in the past 18 months.

• Platform support for small handheld devices should be expanded. Currently, the mobile product, ProtectMobile, is deployed on a narrow basis for law enforcement in Europe, the Middle East and Africa, and is available for OEM use.

• SafeNet cannot coexist with BitLocker; it will not install.

Secuware

Strengths

• Secuware is leveraging a unique position, selling in Spanish and Latin markets.

• The products have low-memory and high-performance characteristics because they are developed as assembler-level programs.

• Secuware has the following FIPS and CC certifications: FIPS 140-2 (in review); CC EAL2 (pending); CC EAL4 (certifying). Secuware pursued certification quickly since 2007.

• Embedded system support includes the ability to manage BitLocker and the TPM. Secuware had a strong, early European partnership with Intel for integration with Intel vPro, and has an early integration with Intel Danbury. The ability to diagnose and recover an encrypted disk by remote control is included.

• Secure Virtual System (SVS) shields/encrypts virtual machine RAM so it cannot be read by the host.

• Platform support is provided for: Windows Mobile (it manages it, rather than replacing it), and Windows XP and Vista.

Cautions

• Secuware needs an effective multinational sales and marketing plan.



• Sales are better than the minimum inclusion threshold, but must increase substantially in 2009 to fight off the effect of EPP vendors entering the market.

Sybase iAnywhere

Strengths

• Sybase iAnywhere offers the most complete set of configuration management and MDP features owned by a single vendor.

• The company also offers a mobile e-mail platform that is competitive with Microsoft Exchange and a bundled AV (SMobile Systems) for handheld devices.

• Sybase iAnywhere has the following FIPS certification: FIPS 140-2 (licensed from Certicom for handheld devices); FIPS 140-2 (pending; licensed from BeCrypt for Windows workstations).

• Platform support is provided for: iPhone (e-mail now, with full security in development), Palm OS, RIM, Symbian, Windows Mobile, and Windows XP and Vista.

Cautions

• It has remarkably low sales, given the billion dollar investment power of parent company Sybase. This is due, in part, to a preferential interest to ignore the PC market in favor of the handheld market, where sales and revenue are more challenging. Sales have been below market average for four years of history, including 2007, but are sufficient to continue placement in the Magic Quadrant as niche execution.

• Unfortunately, the confusing naming and bundling of Sybase's products discourages buyers. Gartner has recommended changes and simplification for several years.

• The breadth of the management platform is not driving sales, so vision is hampered when, in fact, Sybase iAnywhere should be competitively challenging to the EPP vendors that have entered this market.

• The company is behind the average with respect to access policies for data on removable media.

Utimaco Safeware

Strengths

• Despite weaker name recognition in the U.S. than in Europe, Utimaco Safeware has the second-highest-reported worldwide LOB revenue attributable to the market definition after McAfee, and is tied with Check Point Software Technologies as the second most commonly named competitive threat mentioned by other vendors (11 out of 16 vendor responses).

• The proposed acquisition by Sophos would create a combined company that can challenge McAfee. Company missions and management goals are highly compatible. A successful merger will disruptively recalibrate vision for the 2009 Magic Quadrant.

• It is highly interoperable with other key management systems, and will generate its own key structure if no certificate authority is present.



• Embedded system support includes the ability to manage BitLocker, Seagate's encrypting drives and the TPM. It is also integrated with Intel vPro, and has a long-term relationship with Lenovo, which includes integration with Lenovo Rescue And Recovery.

• Utimaco Safeware has the following FIPS and CC certifications: FIPS 140-2; CC EAL4.

• Platform support is provided for: Linux, Palm OS, Symbian, Windows Mobile, and Windows XP and Vista.

Cautions

• The U.S. market penetration has been slow.

• Gartner client recognition of Utimaco Safeware on shortlists has improved, but still is not on a par with its strengths.

Wave Systems

Strengths

• Wave Systems offers a self-contained solution for managing keys, reporting and recovery for PCs that are equipped with a Seagate encrypting drive and a TPM. The company supports TPMs from many manufacturers.

• Released in late 2007, its product has gained visibility among Gartner clients.

• A stand-alone version of the product is included on qualified Dell PCs and is upgradable to an enterprise managed platform. Additional bundling is available with some motherboards from Intel, NEC (in Europe) and Acer.

Cautions

• Wave Systems must provide managed encryption on removable media as soon as possible. This is a basic competitive requirement, and an immediate need that can't wait for the Trusted Computing Group's specification to be adopted on flash drives.

• Primary distribution is by an OEM-embedded stand-alone client on selected PC platforms. Users can deploy the client without purchasing Wave System's enterprise management. The company should develop additional sales channels to sell its full enterprise solution, to increase revenue and the opportunity to add value for customers.

• Wave Systems' solution is a management platform with no security certifications; it relies on Seagate's encrypting drives and the TPM. Gartner recommends a CC certification for the company's management framework.

• Wave Systems has shipped many tens of millions of OEM seats, but receives only a small royalty, which generates revenue that is below the median and far below average (even if some of those seats become enterprise accounts). The company's market impact is, therefore, only fractionally considered, because stand-alone OEM seats are not trackable and do not advance the goals of enterprise managed data protection.

WinMagic

Strengths

• WinMagic had better-than-average seat sales in 2007 and solid earnings, after a sales lull in 2006.




• WinMagic has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4.

• Platform support is provided for: Linux, Windows Mobile, and Windows 2000, XP, and Vista.

Cautions

• Recognition of WinMagic and the appeal of some of its innovative features is low among Gartner clients posing inquiries. For example, methods to catalog encryption keys to aid archival recovery have not generally caused Gartner clients to revise their shortlists to prioritize WinMagic.

• Sales and emphasis continue to lean toward the high-security specialty markets, earning a niche player ranking. WinMagic must position the product to appeal to the majority of users that resist strong security products, and, in anticipation of the changes caused by EPP vendors in the market, it should seek an alliance with a major EPP vendor.

RECOMMENDED READING

"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market"

"Windows Vista BitLocker: Good, but Not Great"

"Implementation Advice for Mobile Data Protection"

"Market Overview: Portable Storage Device Control Products, Worldwide, 2006"

"Use Pointsec Acquisition to Gain Incentives From Check Point"

Vendors Added or Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor.

Evaluation Criteria Definitions

Ability to Execute

Product/Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills, etc., whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.

Overall Viability (Business Unit, Financial, Strategy, Organization): Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue investing in the



product, to continue offering the product and to advance the state of the art within the organization's portfolio of products.

Sales Execution/Pricing: The vendor's capabilities in all pre-sales activities and the structure that supports them. This includes deal management, pricing and negotiation, pre-sales support and the overall effectiveness of the sales channel.

Market Responsiveness and Track Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.

Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message in order to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional, thought leadership, word-of-mouth and sales activities.

Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements, etc.

Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers' wants and needs, and can shape or enhance those with their added vision.

Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the Web site, advertising, customer programs and positioning statements.

Sales Strategy: The strategy for selling product that uses the appropriate network of direct and indirect sales, marketing, service and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.

Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature set as they map to current and future requirements.

Business Model: The soundness and logic of the vendor's underlying business proposition.

Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including verticals.

Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.



Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.

REGIONAL HEADQUARTERS

Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 U.S.A. +1 203 964 0096

European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611

Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600

Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo 153-0042 JAPAN +81 3 3481 3670

Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9° andar—World Trade Center 04578-903—São Paulo SP BRAZIL +55 11 3443 1509

magic quadrant for mobile

Documents