Magic Quadrant for Mobile Data Protection, 1H06

Magic Quadrant for

Mobile Data Protection, 1H06

Gartner RAS Core Research Note G00141980, John Girard, Ray Wagner, Vic Wheatman, 29 August 2006, R1993 09212007

M

WHAT YOU NEED TO KNOW

Mobile data protection is a tiny market, but these products are needed to protect user privacy and fulfill audits, and every company must include mobile data protection in its IT operations plan. Small incumbent vendors continue to dominate. This Magic Quadrant is a snapshot of the overall market. Leadership denotes a vendor with a balance of strengths. However, vendors in any category, as well as those not ranked on the Magic Quadrant (see Figure 1), may suit your enterprise’s needs.

Market Overview

Data protection for laptops and small mobile devices is a small but growing market that began with basic data encryption and has since expanded to file encryption, external data device port controls and rights

management. With a few exceptions, the mobile data protection market is led by companies that have sold products in this market for more than 15 years. Seat sales reported by 16 out of 18 vendors surveyed total more than 6.8 million for 2005.

Cumulative three-year seat sales (2003, 2004 and 2005) grew to more than 13.8 million. 2005 seat sales per reporting vendor averaged about 428,000 seats, with a median of almost 379,000. 2005 global line-of-business revenue reported by 12 out of

18 vendors totaled more than $287 million, with average revenue at about $26 million. In the previous report, 2004 revenue reported by 10 out of 16

vendors totaled about $96 million, with average revenue at less than $10 million.

Interest in data protection is fueled by liability and privacy concerns. Companies are challenged with legislation that requires public disclosure in the event of real or suspected mishandling of personally

identifiable information. Even if information is not misused, negative public exposure is expensive and embarrassing, and it evaporates buyer and investor confidence. Unfortunately, data protection remains a

MAGIC QUADRANT

Figure 1. Magic Quadrant for Mobile Data Protection, 1H06

challengers leaders

niche players visionaries

completeness of vision

ability to execute

As of July 2006 Pointsec

Utimaco Safeware Credant Technologies SafeBoot

Information Security Corp. WinMagic

PGP Entrust Bluefire Security Technologies

GuardianEdge Technologies Sybase (iAnywhere)

Reflex Magnetics

The Magic Quadrant is copyrighted July 2006 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical rep-resentation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

© 2006 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner’s research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should

Inclusion Criteria

Twenty mobile data protection vendors were

contacted. Eighteen responded to our annual survey. Twelve of those vendors that meet the market

definition and passed the inclusion/exclusion criteria were included in the Magic Quadrant according to the strength of these attributes:

• The vendor must have had products that were generally available in 2005 for a sufficient length of time to gather market attention.

• The vendor must generate client interest and inquiry sufficient to be noticed by security analysts. Analysts must also receive feedback from clients indicating they are using the products.

• Gartner analysts have a generally favorable opinion about the company’s ability to compete in the market.

• The company regularly appears on Gartner clients’ shortlists for final selection.

• The company demonstrates competitive presence and sales to Gartner analysts.

• Gartner analysts consider that aspects of the company’s product execution and vision are important enough to merit inclusion.

• Three-year cumulative seat sales at YE05 considered countable needed to be at least

100,000, and revenue in the market are more than $1 million.

niche market, and stories of stolen devices and exposed data continue to proliferate. Each year, hundreds of thousands of laptops and millions of smaller devices go missing through loss or theft or are upgraded or exchanged without first having their data removed. Others fall prey to network-borne attacks and data copying. Data loss and theft are also increasing through removable portable storage devices that impact authorized users, as well as those who lose their storage media. Despite the facts, some Gartner clients call to ask for reasons to postpone or avoid implementation of mobile data protection.

Market Definition/Description

Products in this market use strong encryption algorithms to protect information on the primary storage system of mobile platforms, including laptops, PDAs and phones. Encryption may be invoked at the level of individual files, as is common on small mobile devices, or at the folder, partition or full disk for larger systems. Users must answer a login challenge to gain access to data. Competitive differences derive from different approaches to management, encryption strength, user

authentication, policy management and value-added features, such as protection of information on

removable media. Vendors must provide centrally managed access controls, lockouts and recovery methods. User demand for small mobile devices has encouraged support for small mobile platforms, but the real profits are still made on Windows

laptop/desktop platforms.

Vendors Considered but Not Included in the

2006 Magic Quadrant

• BeSeQure declined to participate, citing its primary markets as transaction security and remote administration.

• Secude IT Security has a good strategy for this market, but it did not meet the threshold

requirement for sales and client inquiry or competitive response from incumbent vendors.

• SecurStar did not respond to an RFI and did not meet the requirement for client inquiry or

competitive response from incumbent vendors.

• TechSec Solutions won some government contracts after our survey had been completed and will be evaluated for possible inclusion in the 2007 report.

Added

PGP agreed to provide information for this report after several years without participation. Strong sales in evidence, good features and increasing client requests helped the company meet the criteria to be ranked as a visionary.

Dropped

Five vendors did not meet the requirements for inclusion in the 2006 report.

BeCrypt is a niche player selling mostly on the Windows platform, with low-, volume- and high-margin deals aimed at high-security government clients. Its cumulative seat sales fall below our threshold. The company states that the majority of sales have been in the high-margin government market at seat pricing between $200 to $400 per user. BeCrypt made its first appearance in last year’s Magic Quadrant report, but it did not meet the

threshold for seat sales set for the 2006 report, and it does not generate significant Gartner client inquiry demand.

The market is growing, and a threshold for sales is appropriate. Included companies must have

cumulative three-year sales at YE05 of at least 100,000 seats, equaling a mere 0.72% of 13.8 million. Seats in this count are attributed to the vendor. Seats sold by licensees, partners and so forth can only be counted once and are attributed only to the original vendor if the licensee is not already included in this market study. Product seats that can be used on multiple devices will be counted only once unless the vendor provided tangible evidence of the number of instances in use prior to the survey completion date.

New products, new features and estimated sales in the first half of 2006 are also considered in the final ranking. Unofficial road maps, pending contracts and future sales agreements do not significantly

contribute to a vendor ranking nor to inclusion in this report, but vendors that have official road maps and that make consistent progress are recognized.

Exclusion Criteria

Vendors will not be included in the Magic Quadrant if the following conditions are not met:

• Vendors must return an annual request for information (RFI) that is used to collect competitive and historical data.

• Vendors must report seat sales in a format requested by Gartner to allow comparison.

Financial data (12 vendors provided the requested information) is desirable to make execution

comparisons; however, other factors will be

considered, including client interest, overall industry “mind share” and competitive behavior.

Mobile Armor’soverall vision has improved significantly since 2005; however, its seat sales fall far below the threshold for inclusion in this report. Increasing direct sales in 2006 and future original equipment manufacturer (OEM) deals could bring this company back into the 2007 report.

Trust Digitalis highly innovative in the mobile security market. For example, it has powerful inventory discovery tools to complement its PDA/phone security products. Trust Digital

concentrates on small mobile device platforms and OEM channels. It has pending growth, with several service provider contracts. These contracts and OEM sales to other vendors in the mobile data protection market could not be directly counted in this edition of the Magic Quadrant. Trust Digital has recently added sales staff, and it is likely that new direct and

maturing OEM sales in 2006 will take the company over the threshold for the next report. Trust Digital is one of only two companies considered in the report that specializes only in small mobile device

platforms, whereas 18 of the other 20 vendors ranked derive major revenue from laptop and desktop platforms.

Evaluation Criteria

Ability to Execute

This market is well-established but has struggled for years to grow. In general, it’s the vendors that learn to sell the business case for data protection and that spend as much time developing sales as they do R&D that grow in size and influence.

Product/Service compares the completeness and appropriateness of core data protection technology. This factor is critical to demonstrating that the vendor can generate market awareness.

Overall Viability considers company history and demonstrated commitment in the market, as well as the difference between a company’s stated goals for the evaluation period vs. the company’s actual Good Technology provides e-mail solutions for

mobile devices and acquired security technology through JP Mobile, which had previously acquired Asynchrony. Good sells stand-alone security and value-added features for e-mail. In our observation, Good is not cited by clients as directly competing with vendors offering products dedicated to this market, and Gartner client inquiry regarding the company’s security functions is limited. Seat sales data has not been reported in the manner requested by competitive analysis. In addition, the product was not continuously available in the survey period because Good took the product acquired from JP Mobile off the market as of midyear 2005 and did not release it again until February 2006.

Microsoftis pervasive on millions of platforms, yet those same platforms are the target of a steady, multiyear flood of press releases documenting real and severe data leakage incidents. The inability of Encrypting File System (EFS) to become the popular legacy solution to routine security problems is a failure that has allowed the third-party market to grow to its present size and that will not improve meaningfully until after 2009, when Windows Vista could be the majority operating system on Windows platforms. Microsoft’s EFS is not activated by

default, and the vast majority of users never switch it on. EFS is challenging to manage because there is no inherent auditing system, although it can be activated and modified through group policies. To mix data access with usage policies requires additional investment in the Microsoft Digital Rights Management toolkit. On many platforms not

configured with strong password protection, it is easy to defeat EFS indirectly through the use of free or inexpensive off-the-shelf tools that have been available for more than six years. Therefore, to continue to list them in this report is misleading. In general, neither end-user clients nor vendors in this market view Microsoft as a competitive threat, and the incumbents have plans to use Vista as a step to future value-added sales.

Completeness of Vision

Vision is subjectively ranked according to a vendor’s ability to show a broad investment in technology developments. The 2005 survey expected vendors to have all the typical functions needed for basic data encryption and power-on security. To reach the right side of the quadrant, a vendor must invest in

functions and features that go beyond the market definition.

Companies that lead in vision typically own, license or partner products in other security markets, including firewalls, malicious-code defense and network access control. They must also demonstrate management features that make their products easy to integrate with enterprise directories and to

interoperate with other enterprise security management systems.

Market Understanding and Marketing Strategy are ranked together as Marketing Strategy, assessed through direct observation of the degree to which a vendor’s products, road maps and mission anticipate leading-edge thinking about buyers’ wants and needs. Gartner makes this assessment subjectively by several means, including interaction with vendors in briefings and by reading planning documents, marketing and sales literature, and press releases. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor and against future trends identified in Gartner research. Vendors cannot merely state an aggressive future goal; they must put a plan in place, show that they are following their plan, and modify their plan as market directions change. Also considered are the vendor’s

partnerships with vendors in related endpoint security markets, including antivirus, anti-spyware,

configuration management, authentication, device identification, virtual private network (VPN), data encryption, gateway firewalls and so on.

performance compared with the rest of the market. Growth of the customer base and revenue are considered.

Sales Execution/Pricing compares the strength of sales and distribution operations of the vendors, as well as discounted list pricing for investments in seats ranging from fewer than 100 to more than 10,000. Pricing was compared in terms of first-year cost-per-concurrent active license seats, including cost of all hardware and support. Buyers want demonstrable peace of mind more than they want bargains, and they respond more strongly to sales techniques led by case studies and return on investment (ROI) projections.

Market Responsiveness and Track Record and Marketing Execution rate competitive visibility as the key factor, including which vendors are most

commonly considered top competitive threats by each other and which vendors respond most effectively during buyer RFPs.

Customer Experience is subjectively rated from client feedback to analysts; from opinions of Gartner

analysts in security, network and platform research groups; and from vendor-supplied references, where needed.

Operations consider the ability of a vendor to pursue its goals in a manner that enhances and grows its influence in all execution categories.

Table 1. Ability to Execute Evaluation Criteria

Source: Gartner (July 2006)

Evaluation Criteria Weighting

Product/Service standard Overall Viability (Business Unit,

Financial, Strategy, Organization) standard Sales Execution/Pricing standard Market Responsiveness and

Track Record standard Marketing Execution standard Customer Experience standard Operations standard

Leaders

Leaders have products that work well for Gartner clients. They have long-term road maps that match Gartner’s vision of the developing needs of buyers in the market. They make their competitors’ sales staff nervous and force competitors’ technical staffs to follow their lead.

Challengers

Challengers have competitive visibility, market share, and financial and channel strengths that are better-developed than similar niche vendors. They have greater success in sales and mind share than similar niche vendors.

Visionaries

Visionaries have made investments in broad functionality and platform support, but their

competitive clout, visibility and market share don’t reach that of the leaders.

Niche Players

Niche vendors offer products that suit many

enterprise needs. A niche ranking is assigned when the product is not widely visible in competition, and it is judged to be relatively narrow or specialized in breadth of functions and platforms. However, Sales Strategy examines the vendor’s strategy for

selling products, including sales messages, techniques, marketing, distribution and channels. This topic is considered in execution; it does not apply to product vision, which is ranked in terms of investment in functionality.

Offering (Product) Strategy is ranked through an examination of the breadth of functions, platform and operating system (OS) support for the personal firewall client. R&D investments are credited in this category. Supported platforms are listed in the vendor comments below. References to Windows refer to currently supported full versions of the Windows OS. Vendors cited with support for Windows Mobile may also have support for earlier versions of the mobile OS, including Pocket PC and Windows CE.

Business Model takes into account a vendor’s underlying business objectives for its products and its ongoing ability to pursue R&D goals in a manner that enhances all vision categories.

Vertical/Industry Strategy considers a vendor’s ability to communicate a vision that appeals to specific industries and verticals. This Magic Quadrant doesn’t consider verticals as a distinctive ranking factor; therefore, this category is irrelevant.

Innovation takes into consideration the degree to which vendors invest in core requirements for successful use of their products.

Geographic Strategy takes into account a vendor’s strategy to direct resources, skills, products and services globally. All vendors are ranked in this Magic Quadrant for their performance as a whole and in the frame of reference of Gartner clients; therefore, this category is not required.

Table 2. Completeness of Vision Evaluation Criteria

Source: Gartner (July 2006)

Evaluation Criteria Weighting

Market Understanding no rating Marketing Strategy standard Sales Strategy no rating Offering (Product) Strategy standard Business Model standard Vertical/Industry Strategy no rating Innovation standard Geographic Strategy no rating

because the mobile data protection market is a niche area in IT security, mobile data protection niche players include stable, reliable and long-term players.

Vendor Comments

Bluefire Security Technologies

Main product evaluated: Bluefire Mobile Security (BMS) Suite 3.6

Platforms: Palm OS, Windows Mobile High-level certifications: Federal Information

Processing Standard (FIPS) 140-2, Cisco Systems’ Architecture for Voice, Video and Integrated Data (AVVID)

Bluefire Security Technologies is the only company appearing on the 2006 Magic Quadrant that

specializes exclusively in PDA and smartphone platforms. BMS is a comprehensive security platform combining personal firewall, VPN, URL filtering and mobile data encryption. Interoperability has been tested with eight mobile antivirus vendors, and the company has active partnerships with Symantec to build out its mobile security platform, Cisco for Cisco Network Admission Control and Microsoft for

Microsoft Network Access Protection. Early growth was fueled by government buyer concerns over Bluetooth, because BMS can eliminate, enforce and audit Bluetooth usage. 2005 sales were stimulated by a large (500,000-seat) OEM deal with Motorola, which brought total seat sales to a respectable 595,000. The company had 95,000 seats outside of the Motorola OEM agreement and generally good visibility and Gartner client feedback; therefore, it met the threshold for inclusion. Bluefire also captured users seeking an alternative to Certicom’s

movianVPN, which was discontinued in the fourth quarter of 2004. Bluefire could be challenged if mobile data protection vendors begin to flaunt their firewalling features, but overall, BMS is the most-complete security suite on a small device. Without

support for the majority of Windows platforms, Bluefire earns a niche ranking. If sales continue to mount, especially direct sales to enterprises, the company might achieve a challenger ranking in 2007.

Credant Technologies

Main product evaluated: Credant Mobile Guardian (CMG) Enterprise Edition v.5.1.1

Platforms: Palm OS, Windows Mobile, Research In Motion (RIM), Symbian, Windows

High-level certifications: FIPS 140-2, Common Criteria (CC) Evaluation Assurance Level (EAL) 3 (in progress)

Credant Technologies had an excellent year, selling more than 1.1 million seats in 2005 and achieving a three-year cumulative total of 1.8 million, second place among reporting vendors after Pointsec. Its growth is particularly impressive because the product has been available for only three years. Credant consistently delivers a strong vision for encryption management and a solid grasp of encryption fundamentals. The company is particularly adept at explaining its product in terms of ROI that appeals to business managers, and its listed prices are among the lowest in the market. Credant is one of only a few vendors that do not offer full disk encryption. While Gartner considers full disk encryption to be the best practice, Credant was the first to present an efficient alternative by making it possible to protect files by type and creator, rather than simply by location on the drive. For example, you can set a rule to protect all Microsoft Word documents at time of creation, anywhere they are saved, on a local or removable storage system. Year after year, Credant delivers complete and superior answers to RFI questions. The company’s skill in answering RFIs contributes to strong execution and also explains why it is the second-most-often-cited thorn in the side of other vendors in this market. While Credant does sell a

large number of discounted OEM licenses, it regularly reports new customer wins with large companies, and Gartner clients who select Credant cite as a benefit that the file-based product works the same way on all platforms. Credant’s low-entry cost may also appeal to small buyers, as well as to large companies with limited budgets.

Entrust

Main product evaluated: Entrust Entelligence Security Provider (ESP) v.7.x and Entelligence Disk Security

Platforms: Java, Linux, Mac OS9, Palm OS, Windows Mobile, RIM, Symbian, Windows High-level certifications: FIPS 140-1, CC EAL4 Entrust has hit its stride in the second year of its serious pursuit of this market, selling more than 591,000 seats and reaching a three-year total of more than 1.43 million. Entrust offers a better-than-average set of data protection features and a

globally recognized, mature public-key infrastructure (PKI). If all other factors were equal, Entrust’s vision ranking would be equivalent to PGP, but it gained extra recognition for Entrust IdentityGuard, a clever and inexpensive strong authentication platform that can be used for a wide variety of remote and mobile security applications, including mobile data

protection. Entrust began in 2004 to treat data protection as a target market, forming an alliance with Pointsec that complements and surpasses its legacy data protection products.

GuardianEdge Technologies

Main product evaluated: Encryption Anywhere Data Protection Platform 8

Platforms: Palm OS, Windows Mobile, RIM, Symbian, Windows

High-level certifications: FIPS 140-2-1, CC EAL1, CC EAL2

GuardianEdge Technologies is the new name for PC Guardian Technologies. GuardianEdge has widened its focus, with a new management team and a focus on quality and enterprise sales growth. The new name breaks the PC focus, and a technology

licensing and cooperative sales agreement with Trust Digital has completed its product line and is helping both companies grow. The new name also causes recognition challenges, and the company needs to adopt more-aggressive marketing and

communications campaigns. GuardianEdge seat sales are still below the average sales for 2005 (210,000), but they are respectable and increasing. Revenue from seat sales is strong and is being reinvested for R&D, expanded sales and support.

Information Security Corp.

Main product evaluated: SecretAgent 5.9 and SecretAgent Mobile 1.1

Platforms: Linux, Mac OS, Windows Mobile, Unix, Windows

High-level certifications: FIPS 140-1 with Advanced Encryption Standard (AES)

Information Security Corp. (ISC) is a 15-year-old company that has focused on the niche role of file encryption in data protection solutions, driven by customer needs to enhance, support or otherwise address specific secure data sharing/protection issues. ISC sold 250,000 seats in 2005, reaching a cumulative three-year record of 1.25 million seats. Its R&D follows customer feature requests; as such, ISC does not earn a strong vision ranking as is given to companies that invest in R&D ahead of customer demand. As of 2006, ISC has chosen to withhold its financial data. The company’s combination of good overall seat sales and client feedback merits a

continued challenger ranking, but this might change because sales are accelerating more quickly across the market. ISC should strengthen its market

presence by pursuing alliances and partnerships with companies in the personal firewall, vulnerability management, mobile application gateway and configuration management markets, as well as by expanding beyond basic data protection features. ISC’s certification situation is unusual on two counts: First, because the National Institute of Standards and Technology determined that ISC’s early certification for AES with FIPS 140-1 is equivalent to FIPS 140-2, ISC will wait to recertify with FIPS 140-3 when it is released at a future date. Second, ISC does not pursue CC Certification; instead, it has adopted a National Information Assurance Partnership evaluation process that it considers to be equal.

PGP

Main product evaluated: PGP Universal Platforms: Mac OS, RIM, Windows

High-level certifications: FIPS 140-1, FIPS 140-2 For the last four years, PGP did not participate in this Magic Quadrant. During that time, its products did not generate noticeable client inquiries in the mobile data protection market. Late in 2005, its mobile data protection product began to attract client interest, and the company agreed to supply information. PGP earns a strong visionary position in its first

appearance, with a good balance of features, a strong legacy reputation for encryption thought leadership, a well-integrated PKI, e-mail protection and cumulative three-year seat sales exceeding 1.1 million. To reach leadership in 2007, PGP would have to continue to grow at a strong rate (727,000 seats were sold in 2005), appear on the majority of shortlists reported by Gartner clients, venture into Windows Mobile, and be viewed as a major competitive threat by other leading vendors in the

market. PGP also needs to develop new ways to communicate superior competitive value: Buyers respond to best in class, and “Pretty Good Privacy” as a label should be reviewed to determine if it conveys the intended message of strong protection.

Pointsec

Main product evaluated: Pointsec names its product according to platform.

Platforms: Linux, Palm OS, Windows Mobile, RIM, Symbian, Windows

High-level certifications: FIPS 140-1, FIPS 140-2, CC EAL44

Pointsec transformed into an aggressive global company owing in large part to a very successful move of its headquarters into North America and large investments in new staff and sales positions. Pointsec has demonstrated leadership in strong sales, good client feedback and good references since 2004, as well as comprehensive treatment of data protection functions. Its relationship with Entrust has brought new market energy and success for Entrust, but Pointsec has grown independently and reports the largest share of three-year cumulative seat sales, at 1.9 million. Vision challenges come from the appearance of PGP and its extensively integrated PKI experience, from the ability of Credant to challenge full disk encryption vendors with a strong vision of file-based protection, and from Utimaco Safeware’s complete rewrite and modularization of its product line in the same ranking period. Pointsec, however, has made improvements in protection of removable media and shared data, fast client installation, and other important usability features. Pointsec is the most-often-cited competitive threat by other companies Gartner tracks in this market, and its extensive distribution network and partner list indicate the company is setting the stage to maintain its leading execution rating.

Reflex Magnetics

Main product evaluated: Reflex Disknet Pro v.4.61 Platforms: Windows (others are supported through partners)

High-level certifications: Information Technology Security Evaluation Criteria (ITSEC) E2; in progress: FIPS 140-2, CESG Assisted Products Scheme (CAPS), CC EAL2

Reflex Magnetics came to our attention in 2004 because of its OEM relations that have served to augment products of other vendors in the market. The company’s protection methods are limited compared with those of the leaders, but its respectable income and sales, combined with increasing client awareness, are sufficient to maintain a niche ranking.

SafeBoot

Main product evaluated: SafeBoot Device Encryption v.4.2.15

Platforms: Linux, Palm OS, Windows Mobile, Symbian, Windows

High-level certifications: FIPS 140-1, FIPS 140-1-2, CC EAL4

SafeBoot is a steady player and a consistent performer in this market. It is also the fourth-most-often-cited competitive threat by other vendors in this market. In our last report, SafeBoot moved to the Leaders quadrant, with strong sales execution and good client feedback, and by following a vision road map with expanded support for access controls and enterprise management. SafeBoot has continued to execute on this strategic plan and has maintained

strong sales through another year of evaluation, reaching cumulative three-year sales of more than 1.6 million seats. Gartner receives positive feedback from clients regarding SafeBoot, and no pattern of complaint is evident. SafeBoot retains its leadership position, therefore, through a quiet demonstration of consistent success.

Sybase (iAnywhere)

Main product evaluated: Afaria 5.5

Platforms: Linux (via a Java client), Palm OS, Windows Mobile, RIM, Symbian, Windows

High-level certifications: FIPS 140-2 (small devices), FIPS 140-2 (in pre-validation stage for Windows) Sybase has built a presence in the data protection market, selling enough seats to cross the threshold for inclusion (158,000 in 2005; 460,000 for a three-year period). However, Sybase is generally behind other companies. It went for several years without a full Windows client, and it is in a pre-validation phase for an OEM FIPS-certified Windows client from BeCrypt. Sales over the life of the product have been primarily value-added sales to iAnywhere’s

configuration management and e-mail services. Client inquiry regarding Sybase’s security functions is limited and was not increased by the strength of the company’s configuration management business. The largest customer deployment, for example, was 10,000 seats, whereas Credant, Entrust, PGP, Pointsec, SafeBoot and Utimaco have client deployments exceeding 100,000 seats. Given the size, resources and global reach of the company, Sybase’s performance merits a somewhat reduced niche rating. To remain in the report, Sybase must show evidence of an ability to compete in 2006.

Utimaco Safeware

Main product evaluated: SafeGuard Enterprise Platforms: Linux, Palm OS, Windows Mobile, RIM, Symbian, Windows

High-level certifications: FIPS 140-2 IP, CC EAL 3, CC EAL4 IP, Restreint UE VS-NfD

Utimaco had an above-average 2005 sales year of more than 507,000 – a three-year total of nearly 1.2 million seats at YE05. It is the third-most-often-cited competitive threat by other companies in this market. Utimaco completely reconstructed its product line in 2005, switching from technically focused siloed products to a modular, extensible framework that not only accelerates in-house developments, but also makes it very easy for third-party vendors to link to Utimaco’s infrastructure. In addition, the company enjoys an important strategic relationship to supply managed data protection on future Lenovo platforms. Client awareness of Utimaco is good globally, even though buyers stumble over the company’s name, and its effort to expand operations in North America was not as successful as it was for its close

competitor, Pointsec. Utimaco now excels for simplicity: one product, one architecture, a wide range of features and a common experience regardless of platform. A new partnership with BeSeQure to add configuration management and push e-mail, plus a long history in PKI to rival Entrust, earns Utimaco a strong vision ranking for this year’s report. In addition, Utimaco has been able to compete with Credant and other file-based

protection vendors by offering its own file-based features. To maintain leadership, Utimaco must apply aggressive energy to facilitating global sales for 2007, similar to what it has invested in rebuilding its product line.

WinMagic

Main product evaluated: SecureDoc Enterprise v.4.2 Platforms: Palm OS, Windows Mobile, Windows High-level certifications: FIPS 140-1 Level 2, FIPS 140-2, CC EAL4

WinMagic is one of the most successful government specialty players, but Gartner client recognition is very low across the market as a whole. The

company’s continued growth is impressive – 820,000 new seats and a total of more than 1.5 million for three years – especially given that it pursues clients who prefer authentication methods that are not popular at this time, such as smart cards. WinMagic lacks the competitive clout and the nongovernmental market experience to reach leading execution. To increase its vision ranking in this Magic Quadrant, with a broad view of the enterprise market, WinMagic would need to broaden its technology R&D to pursue typical enterprise IT operation business challenges. Currently, the company’s priority is to continue to increase the performance and efficiency of its core products.

Evaluation Criteria Definitions

Ability to Execute

Product/Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills and so forth, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.

Overall Viability (Business Unit, Financial, Strategy, Organization): Viability includes an assessment of the overall organization’s financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue investing in the product, to continue offering the product and to advance the state of the art within the organization’s portfolio of products.

Sales Execution/Pricing: The vendor’s capabilities in all pre-sales activities and the structure that supports them. This includes deal management, pricing and negotiation, pre-sales support and the overall effectiveness of the sales channel.

Market Responsiveness and Track Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor’s history of responsiveness.

Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization’s message in order to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This “mind share” can be driven by a combination of publicity, promotional, thought leadership, word-of-mouth and sales activities.

Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so forth.

Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers’ wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers’ wants and needs, and can shape or enhance those with their added vision.

Marketing Strategy:A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the Web site, advertising, customer programs and positioning statements.

Sales Strategy:The strategy for selling product that uses the appropriate network of direct and indirect sales, marketing, service and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.

Offering (Product) Strategy: The vendor’s approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature set as they map to current and future requirements.

Business Model:The soundness and logic of the vendor’s underlying business proposition.

Vertical/Industry Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including verticals.

Innovation:Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.

Geographic Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the “home” or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.