Magic Quadrant for Mobile Data Protection
Gartner RAS Core Research Note G00205929, John Girard, Eric Ouellet, 7 September 2010, RV4A4 09122011
Mobile data protection products secure data on movable storage
systems in notebooks/laptops, smartphones and removable
media. They may also be used on desktops and servers. Buyers
want common protection policies across multiple platforms,
minimal support demands and proof that data is protected.
WHAT YOU NEED TO KNOW
Mobile data protection (MDP) systems and procedures are needed to protect data privacy and to comply with audit requirements, and every company must include MDP in its IT operations plan. This Magic Quadrant (see Figure 1) is a snapshot of the overall market that ranks vendors against each other, according to competitive criteria. Vendors in any quadrant, as well as those not ranked on the Magic Quadrant, may be appropriate for your enterprise’s needs and budget.
MAGIC QUADRANT
Market Overview
MDP is an established market with two primary purposes: first and foremost, to protect data by encryption; and second, to provide evidence that the protection is working. Common motivations for protecting data are to comply with government or industry regulations, maintain privacy, and protect intellectual property. Products in this market can work on a wide variety of platforms, but the potential for loss or theft of notebooks/laptops drives most purchases. Mergers and acquisitions are increasingly bringing the big endpoint protection (EPP) vendors into the MDP market. MDP is an attractive complement to the EPP product suites, which already encompass enterprise antivirus (AV), anti-spyware, personal firewall and desktop host intrusion prevention system. Gartner expects more EPP vendors to acquire MDP point solutions during the next three years. In the near term, buyers are still investing with dedicated MDP point solution providers.
There is plenty of room for MDP vendors to continue to sell and compete for many years, because systems that need protection vastly outnumber the sales of MDP products and services. However, the opportunities for competitive differentiation may be limited in the future. All vendors and all products tracked in this research offer similar basic functions and use comparable encryption algorithms. Differences in the ability to execute are based primarily on financial and sales performance, but will be strongly influenced by client feedback and anecdotal research. Differences in vision are scaled according to the breadth of the platform and the ability of a company’s R&D investments to anticipate the hot buying issues of the typical user base.
Interest in data protection is typically fueled by liability and privacy concerns and protection of intellectual property. Legislation across the world enacts increasingly tough penalties, as well as requirements for public disclosure in the event of a real or suspected mishandling of personally identifiable information. Even if information is not misused, the public relations costs to quell negative public reaction are expensive and embarrassing, and a breach event damages buyer and investor confidence in ways that further impact core business performance. Gartner believes that the costs to mitigate a data breach are always higher than the cost to invest in preventive measures such as MDP.
The economic slowdowns in 2008 and 2009 attenuated every vendor’s opportunities; however, in Gartner’s opinion, none of the tracked vendors were at risk of exiting the MDP market. Still, overall seat sales among reporting vendors showed a significant drop in 2009 compared with 2008, and even the largest vendors were affected.
The following information is derived from the 2010 Magic Quadrant survey results: Seats sold for 2009 (15 vendors reporting, plus Gartner estimates) dropped 18% to about 23 million, compared with 28 million for 2008 and 26 million for 2007. Reduced market performance is in line with the 2009 economic slowdown. All but one of the large vendors experienced a drop in seats sold in 2009 compared with 2008, but the average sales for MDP vendors in 2009 remained at about 1.3 million. Three-year cumulative seats sold
(2007 + 2008 + 2009) are estimated at approximately 66 million. Revenue growth in the market is positive. According to information derived from the 2009 Magic Quadrant survey results, 2009 worldwide revenue in the MDP line of business (LOB) was estimated at about $940 million, compared with $716 million in 2008 and $611 million in 2007. Some of the increase can be attributed to the entry into this research of larger EPP companies with other products in the same organizational unit. The market contains a few large vendors and many small vendors, which sets the LOB median performance to $22 million and the average to about $52 million. It should be noted that LOB revenue does not map directly to MDP seat sales, since larger vendors include multiple products in the LOB that supports MDP. LOB revenue is useful to gauge company health and ability to execute, and larger LOB revenue helps fund R&D.
Gartner client inquiry calls steadily continue to request assistance in understanding, choosing and implementing data encryption. The number of calls indicating lack of knowledge about data leakage and the tendency to protect subsets of vulnerable devices provide additional validation that data protection is still inadequate across industries. At the same time, the stories of lost, stolen and misused devices are always in the news. Each year, hundreds of thousands of laptops, phones and removable media devices are estimated by various sources to go missing through loss or theft, to have their data copied without consent, and to be upgraded or exchanged without having their data removed.
Increasing legal and regulatory demands for the protection of data will maintain a hot interest in this market and topic for many years. In the U.S., for example, most states have enacted data breach disclosure laws. The number of systems that lack protection continues to outrun the sales in this market by margins that ensure
© 2010 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner’s research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.
Figure 1. Magic Quadrant for Mobile Data Protection
Source: Gartner (August 2010)
challengers
leaders
niche players
visionaries
completeness of vision
ability to execute
As of August 2010 McAfee
Sophos
Check Point Software Technologies Symantec
Credant Technologies
Sybase, an SAP Company Wave Systems Safend SafeNet Novell Secude Becrypt Verdasys Mobile Armor Trustwave WinMagic
continued MDP sales. For example, Gartner’s 2010 forecast for new shipments of PCs is expected to reach more than 370 million units, including more than 90 million professional desk-based PCs and more than 90 million professional mobile PCs. That estimate does not include home PCs used for business purposes, nor does it include millions of smartphones that need managed protection. To date, many companies have only made small investments in MDP products, and the three-year cumulative seat sales estimated in the section above suggest that, as a whole, unprotected systems continue to outrun the provisioning of MDP.
MDP earns a cautiously promising assessment for growth in 2010. Buyer concern over data protection remains strong, and requests for purchasing guidance are frequent. As the economy improves, the purchases of MDP products and services should again increase in value. Early estimates for 2010 could bring the year’s performance, in terms of seat sales, up to 2008 levels. There is room for several years of innovations — for example, increased support for self-encrypting drives and other hardware enhancements, new methods for user authentication key and access recovery, expanded support for different types of removable media (as well as data copy filtering based on content-aware data loss prevention [DLP]), improved compliance auditing and reporting, more robust key management, new products for smartphones, MDP as a service, and industry-specific feature developments to better address the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), and so on.
Since most companies that invested in MDP to date conducted only partial installations that were mostly made for notebook/ laptop computers, there is considerable room to upgrade and upsell on all platforms. Buyers should consider the benefits of broad-based MDP to reduce data loss, but must be prepared to reassess vendors on an annual basis, taking into account future consolidations and exits of point solution vendors. The factors impacting incumbent solution replacements with alternatives will be the subject of planned future research.
Client Concerns for 2010 and 2011
Gartner clients know that data leakage can cost them money and their reputations, and eventually most companies will make MDP investments, whether they are small or large enterprises, or bound by compliance rules or not. They will make those purchases faster when the solutions are easy to understand and manage, easy to use, and priced affordably.
Stability and performance: Longtime users of MDP products may have experienced problems on legacy platforms, including extended boot times and slow file operations. New workstations with ample memory will provide good performance even when software-based encryption is used.
Entry price: MDP products can be purchased competitively in quantities over 1,000, but in smaller quantities, it is difficult to get discounts. In very small quantities (e.g., 100 seats or fewer), the cost of the management console becomes a limiting factor. Encryption offered as a managed service (“software as a service,” or SaaS): Gartner believes that MDP SaaS offerings
will be more readily received as buyers become comfortable with cloud-based services. SaaS could have a special appeal for entry-level buyers to encourage small pilot projects and to facilitate small or midsize businesses (SMBs) that may lack the IT resources to install, monitor and support MDP projects in-house. SaaS currently represents a small percentage of earnings for the majority of vendors tracked in this research.
EPP package deals: Leading vendors from the AV market have acquired MDP products to sell in package deals (e.g., Check Point Software Technologies acquired Pointsec, McAfee acquired SafeBoot and Trust Digital, Sophos acquired Utimaco, and Symantec acquired PGP and GuardianEdge). Console and client integration makes it easy for buyers to choose MDP as an add-on. All EPP vendors also continue to sell MDP as stand-alone to stay fully competitive with point solutions. The remaining EPP vendors are still studying the landscape and have yet to make their moves. Pricing ranges: MDP products historically commanded prices several times higher than AV suites. However, some EPP vendors engaged in deep discounts in 2009, to the point of giving away the first year for the cost of support on a multiyear contract. In other cases we have seen, MDP was offered at the same price as or less than the AV component. When prices for similar products can vary by an order of magnitude, buyers get confused and can’t tell when their negotiations are successful. We expect pricing variations to reduce during the latter half of 2010.
Government security certifications: The 140 series of U.S. Federal Information Processing Standards (FIPS) and Common Criteria (CC) are generally recognized by all buyers as signs of competence and commitment by an MDP vendor. FIPS 140-2 is the current standard for robust cryptographic engines in the MDP market, and is a requirement for federal government purchases. CC certification is a true international moniker that documents product specifications in a standard format. Gartner recommends FIPS-certified products for all purchases.
Non-Windows workstations and phones: Gartner sees strong interest in supporting Apple workstations and emerging platforms, including the iPhone and Android smartphones as well as the iPad. In 2010, lack of cross-platform support can be a deal breaker. Product features are not always complete on secondary platforms, and buyers are advised to perform thorough evaluations as well as request road map presentations during the RFP phase.
Hardware subsystems: Buyers have an increasingly interesting set of tools available to improve the performance of MDP investments. These include:
• Trusted Computing Group’s (TCG’s) Trusted Platform Module (TPM), a motherboard chip that can securely store certificates and encryption keys
• Intel Advanced Encryption Standard New Instructions (AES-NI), a set of processor pipeline instructions that substantially accelerates software-based AES encryption engines
• Intel vPro and Intel Anti-Theft (AT), asset tracking, remote control and remote lock toolsets built into Intel motherboards • Hardware self-encrypted flash drives that can be managed
by MDP vendors, Seagate proprietary self-encrypted drives based on DriveTrust technology, and TCG open standard self-encrypted drives based on TCG Opal and other TCG drive specifications
• The Extensible Firmware Interface (EFI), which enhances the basic input/output system (BIOS) with new 32-bit and 64-bit boot and runtime features
All these technologies will help improve performance, reliability and strength of data protection. However, none of them are de facto standards to the point where buyers could rely on finding them on every platform. Buyers should use hardware enhancements where possible, but select MDP tools that can provide all the necessary functions and compliance certifications in software to compensate for platforms that lack a particular hardware component.
Key management, storage and destruction methods: These issues are frequently on buyers’ minds because of concerns regarding the recovery of lost user/system key/access credentials, and regarding data destruction. Poorly managed and/or too-easy key recovery methods can diminish system protection. Well-managed key destruction is tantamount to drive wiping, and is essential to defend against data breaches on lost systems. It also provides a low-cost, low-risk, green method to dispose of old drives. Buyers are advised to perform thorough evaluations on all applicable use cases. MDP SaaS could provide a low-complexity method of key management.
In June 2007, U.S. federal Blanket Purchase Agreements were awarded to several of the vendors tracked for this Magic Quadrant, in a joint effort by the U.S. Office of Management and Budget, the U.S. Department of Defense, and the U.S. General Services Administration (GSA). These blanket purchase orders can sometimes be used by other agencies, including state and local governments, and can stimulate sales opportunities by virtue of expedience. Non-federal-government organizations should always ask if they are eligible to use the purchasing program.
Market Definition/Description
Products that Gartner tracks in the MDP market are software utilities that enforce data privacy policies by managing data encryption on the primary storage system of workstation data storage platforms, ranging from hard drives, solid-state disks, and removable media used in conjunction with workstations and smartphones. A typical MDP product consists of a central console, an active endpoint agent for the target device, and an offline/stand-alone agent for removable media. The market is called “mobile data protection” because the primary buying decision has always centered on portable devices that cannot rely on traditional physical security. However, the technology works well and has value on nonmobile systems, such as desktops and servers. MDP products provide active services bound to the operating systems (OSs) and BIOS services of their host platforms so that they can control primary storage input/output and assert themselves in the primary steps of user authentication. With few exceptions, MDP products
are capable of providing all encryption/decryption processes in memory as a service to the OS. New developments have allowed MDP products to offload part or all of this work to hardware elements, including the CPU and drive controller. However, MDP products cannot simply be replaced or made obsolete by hardware components. They will always be the focal point for encryption policy management, key access and storage, system recovery and audit reports.
Encryption may be invoked at the level of individual files, as is common on small mobile devices, or at the folder, partition, or full disk for larger systems. Users must answer a login challenge to gain access to data. The challenge may range from a simple PIN to a complex password, token or smart card, and may use biometrics. Competitive differences derive from various approaches to management, encryption strength, user authentication, policy management and value-added features, such as the protection of information on removable media.
The largest profits are still made on Windows laptop/desktop platforms; however, the mix of revenue has begun to shift to a broader base. Products restricted to Windows PCs may be considered, but the best rankings go to vendors that cross multiple platforms and OSs. MDP vendors typically offer flash drive protection, but there is much room for improvement in support for network drives and third-party data transfer tools, such as CD burners. External media protection via encryption becomes a crossover opportunity for MDP vendors to sell into adjacent markets such products as trusted portable personality devices (secure applications and workstations “on a stick”) and content-aware DLP (using DLP rules to decide what and where to encrypt). Companies that sell port controls and external/removable media protections as their only features, or as their main features, without meeting other core aspects of the MDP definition did not qualify for inclusion in this research.
Inclusion and Exclusion Criteria
Inclusion Criteria
Twenty-two data protection vendors with MDP capabilities were notified of the annual survey. Fifteen passed the inclusion/exclusion criteria test and appear in the 2010 Magic Quadrant, according to the evaluation of these attributes:
• The vendor must have had products that meet the market definition and were generally available in 2009 and in 1H10 for a sufficient length of time to attract market attention. The products must also meet all aspects of the definition of products in the market, as set forth in this research. The vendor must offer products for use on PCs, because workstations represent most of the revenue for the market. Vendors that sell and/or source third-party encryption products are allowed; several vendors in this market license parts of their solutions, ranging from cryptographic modules to larger program components. A synchronization service running on a workstation or server to support a product that only runs on a handheld device does not qualify for inclusion.
• The vendor must generate sufficient client interest and inquiries, attention at conferences, case study references, and general
public and press interest to be noticed by Gartner analysts. Our analysts must also receive feedback from clients and case study reference organizations indicating that they are using the products.
• The vendor’s product should not be limited to a single or proprietary platform by the restriction of an OS, OS version or hardware component. If considered, then vendors with these restrictions will have their ratings downgraded.
• Gartner analysts have a generally favorable opinion, based on analysis, about the company’s ability to compete in the market. • The vendor should appear regularly on Gartner clients’ shortlists
for final selection.
• The vendor must own or license FIPS-140-certified encryption. A vendor will be considered if its FIPS 140 application is processing during the study year.
• The vendor should appear regularly in other sources (such as publications and support forums) as a product that’s competitive with companies that are already qualified for this market.
• The vendor must demonstrate competitive presence and sales to Gartner analysts. Competitive presence is improved greatly if the product is sold and supported in multiple countries — or, even better, in multiple geographies; however, North America and Europe generate the highest revenue.
• Given the economic challenges of 2008 and 2009, the minimum revenue and seat thresholds have been kept at 2009 levels. Seat sales in 2008 needed to total more than 125,000 seats, and 2008 revenue in the market must have been more than $3 million. Exceptions may be granted if other inclusion factors merit consideration.
• The vendor must provide centrally managed access controls, lockouts, and key recovery and system recovery methods. • The product must be commercially supported.
Seats sold by licensees, partners and others can only be counted once if they are reported. They will be attributed only to the original vendor if the licensee is not already included in this Magic Quadrant. OEM seats that are shipped without revenue may be attributed at a reduced percentage.
Exclusion Criteria
Vendors must return an annual request for information that is used to collect competitive and historical data within requested deadlines. Under limited circumstances, and at our discretion, we estimate a vendor’s status from a prior year’s survey, but vendors that decline to report for two years in a row and cannot otherwise be verified may be removed from ranking consideration. Essential information that falls under this rule includes:
• Count of client companies under contract
• Count of seat sales (actual and estimated) over a three-year period
• LOB revenue and other basic financial and organizational metrics
Vendors Considered for, but Not Included in, the 2010
Magic Quadrant
Absolute Software combines an encryption feature with its asset-tracking system, called Computrace. Absolute Software has never portrayed its encryption as a differentiated competitive feature; in fact, it is not currently mentioned on the company’s product and service pages. Absolute Software is not generally identified as an encryption provider. A discounted proportion of its seat sales was counted in the market size estimate. The company will be reconsidered for next year’s report.
Microsoft’s encryption security products remain fragmented and are difficult to match to the inclusion criteria. Windows Mobile 6.5 supports core and removable memory encryption, and is well-managed by Exchange using ActiveSync. However, Microsoft is now pursuing Windows Phone 7, which supports only a few Exchange security policies, lacks embedded encryption and is not initially intended to support third-party management applications. Furthermore, the supported features vary widely if ActiveSync is used on a non-Windows device. The Windows XP Encrypting File System (EFS) has not changed since Windows 2000, so vulnerability concerns that were raised in past reports continue. Windows BitLocker Drive Encryption has a new chance on the Windows 7 platform, but there also are implementation challenges: • Windows 7 BitLocker only works on two versions of Windows
7.
• A TPM chip is required; otherwise, the user must carry his or her access key on a flash drive or remember a long number string.
• In FIPS mode, many useful features are switched off; however, in non-FIPS mode, BitLocker is vulnerable to recovery key access by Active Directory administrators.
• BitLocker To Go is limited to read-only access on Vista and XP, and cannot be read on other platforms.
• Value-added features found in other MDP products, such as self-service recovery and compliance reporting, are not currently available.
• Gartner advises buyers to monitor improvements from Microsoft and to periodically reassess the suitability of BitLocker.
Gartner sees limited demand for the adoption of BitLocker among clients requesting guidance, and the situation will not improve until
Windows 7 has a chance to build an enterprise presence. Microsoft has no common policy management platform for any of its
encryption tools, which relegates them to the status of a collection of point solutions that doesn’t form a cohesive whole. Many ranked vendors provide common enterprise policy management and/or key management that works across all Microsoft platforms. Lastly, Windows 7 BitLocker and BitLocker To Go are considered a new product family, and were not generally available for a sufficient length of the study period to establish a competitive position. Open-source projects AxCrypt and TrueCrypt offer free data encryption tools, but they are not commercially supported. Gartner monitors open-source projects and will consider future project distributions when we see evidence of commercial support. SecurStar performs at the low end of point solution providers in the market. The company is now being tracked for market share numbers, but it does not qualify for ranking based on competitive visibility, and because it does not have FIPS 140 certification (nor had it submitted an application for FIPS 140 during the market study period).
Hardware encryption subsystems, offered by vendors listed in the Market Overview section (above), are enabling technologies rather than complete solutions; thus, they are not ranked on the Magic Quadrant.
Added
• Secude is a Windows workstation encryption vendor selling in limited European markets.
• Symantec has entered the market through its acquisition of GuardianEdge and PGP, both of which were ranked vendors from the 2009 Magic Quadrant.
• Trustwave has entered the Magic Quadrant through its acquisition of BitArmor, a ranked vendor from the 2009 Magic Quadrant.
Dropped
• BitArmor was acquired by Trustwave. • GuardianEdge and PGP were acquired by Symantec.Evaluation Criteria
Ability to Execute
This market is well-established, and global pressure for data protection means that incumbent vendors can sell enough seats to keep their doors open. The recent economic slowdown has reduced the appearance of new companies.
New products, new features and estimated sales in 1H10 are also considered in the final ranking. Unofficial road maps, pending contracts, future sales agreements, future promises for very recent acquisitions, and vague strategies do not significantly contribute to a vendor ranking or to inclusion in this research; however, vendors that have official road maps and make consistent progress are recognized.
Product/Service compares the completeness and appropriateness of core data protection technology. This factor is critical in
demonstrating that the vendor can generate market awareness. Overall Viability considers company history and demonstrated commitment in the market, as well as the difference between a company’s stated goals for the evaluation period and the company’s actual performance, compared with the rest of the market. Growth of the customer base and revenue are considered. Sales Execution/Pricing compares the strength of vendors’ sales and distribution operations, as well as the discounted list pricing for investments in seats ranging from fewer than 100 to more than 10,000. Pricing is compared in terms of first-year cost-per-concurrent active license seats, including the cost of the management console and all hardware and support. Buyers want demonstrable peace of mind more than they want bargains, and they respond more strongly to sales techniques led by case studies and ROI projections. In past years, the urgent need for protection meant that vendors in this market could charge hundreds of dollars per seat (obviously, lower prices are frequently negotiated). The arrival of EPP vendors in the market changed the rules because AV products have been heavily discounted. MDP buyers will expect deep discounting, and the average seat price can be expected to erode by as much as a factor of 10 during the next three years. This will stimulate market penetration, but challenge the survival of stand-alone and specialty vendors.
Market Responsiveness and Track Record and Marketing Execution are rated together as Marketing Execution. This criterion rates competitive visibility as a key factor, including which vendors are most commonly considered to be top competitive threats by each other, and which vendors respond most effectively during buyer RFPs.
Customer Experience is subjectively rated from client feedback to analysts; from opinions of Gartner analysts in security, network and platform research groups; and from vendor-supplied references, where needed.
Operations considers the ability of a vendor to pursue its goals in a manner that enhances and grows its influence in all execution categories. Operations is already considered in the other execution ranking categories (see Table 1).
One of the interesting subjective elements of the survey is an execution question in which vendors are asked to name three peers that constitute their greatest competitive threat. The result of this survey question is a good barometer for understanding the potential of vendors to maintain high performance in this market.
Offering (Product) Strategy is ranked through an examination of the breadth of functions, platform and OS support for the MDP client. R&D investments are credited in this category. Mergers that bring EPP vendors into the market have a strong impact on vision rankings for all vendors, because these vendors are driving the types of integration that Gartner considers to be strategic and competitive. Supported platforms are listed in the vendor comments. Limited support may be available for older versions of Windows end-user platforms (e.g., 9x, 2000 and others) and servers. Vendors cited as supporting Windows Mobile are ranked for their support of Windows Mobile 6.0 and 6.1. Support may be available for other mobile OSs from Microsoft. Vendors cited as supporting Apple are ranked for their support of Mac OS X on Intel platforms. Support may also be available for PowerPC. iPhone and iPad support will be noted separately, if available.
Business Model takes into account a vendor’s underlying business objectives for its products, and its ongoing ability to pursue R&D goals in a manner that enhances all vision categories.
Vertical/Industry Strategy considers a vendor’s ability to communicate a vision that appeals to specific industries and vertical markets. However, this Magic Quadrant doesn’t consider vertical markets as a distinctive ranking factor, so this category is irrelevant and not rated.
Innovation takes into consideration the degree to which vendors invest in core requirements for the successful use of their products. Geographic Strategy takes into account a vendor’s strategy to direct resources, skills, products and services globally. All vendors are ranked in the Magic Quadrant for their performance as a whole, and within the frame of reference of Gartner clients; therefore, a detailed examination of this category is irrelevant. In 2009, North America accounted for more than 58% of revenue potential (on average) — and, for many years, success in the North American geography has been the primary indicator of viability. Buyers in other geographies tend to react to vendors based on their competitiveness in North America — and, to a lesser extent, in Europe (see Table 2). Evaluation Criteria
Product/Service
Overall Viability (Business Unit, Financial, Strategy, Organization)
Sales Execution/Pricing
Market Responsiveness and Track Record Marketing Execution Customer Experience Operations Weighting Standard Standard Standard No Rating Standard Standard No Rating
Table 1. Ability to Execute Evaluation Criteria
Source: Gartner (August 2010)
Completeness of Vision
Vision is subjectively ranked according to a vendor’s ability to show a broad investment in technology developments that predict user wants and needs.
Companies that lead in vision typically own, license or partner on products in other security and configuration management markets. They must also demonstrate management features that make their products easy to integrate with enterprise directories, and to interoperate with other enterprise security and management systems.
Market Understanding and Marketing Strategy are ranked together as Marketing Strategy, assessed through direct observation of the degree to which a vendor’s products, road maps and missions anticipate leading-edge thinking about buyers’ wants and needs. Gartner makes this assessment subjectively by several means, including interactions with vendors in briefings and by reading planning documents, marketing and sales literature, and press releases. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor, and against future trends identified in Gartner research. Vendors cannot merely state an aggressive future goal; they must put plans in place, show that they are following their plans, and modify their plans as market directions change. Also considered are the vendor’s partnerships with other vendors in related
endpoint security markets, including AV, anti-spyware, configuration management, authentication, device identification, virtual private networks, data encryption, gateway firewalls and others.
Sales Strategy examines the vendor’s strategy for selling products, including sales messages, techniques, marketing, distribution and channels. This topic is considered to be in execution; it does not apply to product vision, which is ranked in terms of investment in functionality.
Evaluation Criteria Market Understanding Marketing Strategy Sales Strategy
Offering (Product) Strategy Business Model Vertical/Industry Strategy Innovation Geographic Strategy Weighting No Rating Standard No Rating Standard Standard No Rating Standard No Rating
Table 2. Completeness of Vision Evaluation Criteria
Leaders
Leaders have products that work well for Gartner clients in small and large deployments. They have long-term road maps that follow and/or influence Gartner’s vision of the developing needs of buyers in the market. Leaders make their competitors’ sales staffs nervous, and force competitors’ technical staffs to follow their lead. Their MDP products are well-known to clients and are frequently found on RFP shortlists. In 2010, the companies that execute strongly enough to differentiate themselves as Leaders are EPP vendors that all made MDP acquisitions.
Challengers
Challengers have competitive visibility, market share, and financial and channel strengths that are better-developed than similar niche vendors. They also have greater success in sales and mind share than similar niche vendors. Challengers offer all the core features of MDP, but typically, their vision and road maps are narrower than the Leaders, or are less likely to influence buying decisions. Challengers may have difficulty communicating the effectiveness of their vision. For example, if a vendor has implemented features ahead of the demand curve that do not attract buyers, do not trigger new competitive responses from other vendors and do not change the developmental course of the market, then its vision is not improved by those features. The Magic Quadrant for Mobile Data Protection historically reports little or no activity in this quadrant. In general, companies that execute strongly become Leaders.
Visionaries
Visionaries make investments in broad functionality and platform support, but their competitive clout, visibility and market share don’t reach the level of Leaders. Visionaries make planning choices that will meet future buyer demands, and they assume some risk in the bargain because ROI timing may not be certain. Companies that pursue visionary activities will not be fully credited if their actions are not generating noticeable competitive clout, and are not influencing other vendors.
Niche Players
Niche Players offer products that suit many enterprise needs. A niche ranking is assigned when the product is not widely visible in competition, and when it is judged to be relatively narrow or specialized in breadth of functions and platforms — or, for other reasons, the vendor’s ability to communicate vision and features does not meet Gartner’s prevailing view of competitive trends. MDP Niche Players include stable, reliable and long-term players. Some Niche Players work from close, long-term relationships with their buyers, in which customer feedback sets the primary agenda for new features and enhancements. This approach can generate a high degree of customer satisfaction, but also results in a narrower focus in the market (which would be expected of a visionary). Niche Players are candidates for acquisitions.
Vendor Strengths and Cautions
Becrypt
Strengths
• Becrypt is a mature specialty company selling primarily in the U.K. and in North Atlantic Treaty Organization (NATO) countries. Past growth has been strong: Revenue was up 53% in 2008, and 30% growth was estimated for 2009; however, Becrypt did not provide an update for this research. The company has positive cash flow and a favorable asset-to-equities ratio. • In 2009, Becrypt and CSC announced an encrypted, hosted
virtual desktop service that’s based on using Becrypt’s Trusted Client (a trusted portable personality device) as a secure terminal.
• Becrypt has the following high-level FIPS and European certifications: FIPS 140-2; Communications-Electronics Security Group (CESG) Assisted Products Scheme (CAPS) approved to Top Secret, CESG Claims Tested Mark (CCTM) certification and CC Evaluation Assurance Level 2 (EAL2).
• Supported platforms include Windows, Linux (Debian, SUSE and Ubuntu) and Windows Mobile 6.5. Embedded support is provided for pluggable key management and replaceable cryptographic APIs.
Cautions
• MDP generates a small and declining share of Becrypt’s overall revenue in the commercial sector, but public-sector sales remain a very significant contributor. The company is increasingly focusing on its Trusted Client product set. MDP seat penetration is estimated to be low compared with the overall market, but the company earned a penetration baseline that is sufficient to continue its appearance in the Magic Quadrant. Revenue in other areas maintains Becrypt’s viability. • To obtain a stronger MDP ranking, the company would need
to put more energy into MDP product sales, marketing, partnering and licensing. The latter two are healthy options with opportunities to grow into other security markets, as well as into application markets.
Check Point Software Technologies
Strengths
• Check Point built a strong position in this market through its acquisition of Pointsec, and it sells data encryption under the Check Point and Pointsec brand names. LOB revenue for MDP was well above the average estimated for the past two years, and it increased slightly in 2009.
• Check Point conducted some visionary work with SanDisk over several years that resulted in a trusted portable personality
device, Abra, which can be used for security media storage and also as a managed remote access platform. Among vendors in this market, Check Point has shown the greatest innovation for removable media.
• Check Point has the following FIPS and CC certifications: FIPS 140-2, CC EAL2 and CC EAL4.
• Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS, Linux, Palm OS, Symbian and Windows Mobile 6.5.
Cautions
• Client feedback does not place this vendor at the top of the list. Clients that use products other than Check Point’s are not predisposed to consider its MDP offerings. However, clients do frequently report that they are considering replacing legacy Check Point MDP investments with other vendors in the market. Check Point should interact more directly with clients to build relationships and flag renewal conditions, rather than rely on its channel partners to represent its long-term interests.
• MDP seat sales in 2009 fell below 2008 levels, but are still well above the average. However, performance is lower than the other EPP vendors tracked in 2009 as well as several of the point solution providers.
• Check Point’s relative competitive position is ranked weakly by its peer group. Only one-third of participating vendors consider Check Point to be a competitive threat, thereby marking it in fourth place. Check Point is frequently cited by peers as a target for competitive takeouts.
Credant Technologies
Strengths
• New OEM relationships with Dell and LANDesk have opened new revenue opportunities. Dell is visibly featuring Credant as a security add-on solution for business platforms. In addition, Cisco will upgrade its Credant partnership by selling Credant end-to-end data protection products as part of its AnyConnect Secure Mobility program.
• Credant increased its ability to compete by licensing a full disk encryption (FDE) agent (from Mobile Armor).
• Credant has successfully attracted encryption buyers who want minimal interference with normal OS operations, including patch management, maximum flexibility in design multiuser systems, and minimal changes to conventional help desk procedures. • Credant’s revenue was flat from 2008 to 2009, but consistent
with a stable operation, and it is robust for a point solution provider. Seat sales were slightly reduced compared with 2008,
but new revenue and sales resulting from OEM relationships started in 2010 are initially showing increased growth of about 49% compared with 1H09.
• Credant has the following FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL3 with CC EAL4+ in final review. It was included in the GSA’s SmartBuy award.
• Platform support is provided for Windows XP through 64-bit Windows 7, Mac OS, Linux, Palm OS, Symbian and Windows Mobile 6.5. Embedded system support includes Seagate’s encrypting drives and the TPM.
Cautions
• In the past, some clients experienced problems where Credant was installed on underpowered legacy hardware, and involving situations that are now moot. CRM and re-engagement with buyer contacts are critical to ward off competitive takeouts and improve Credant’s chances in new RFIs.
• Many prospective buyers are completely unaware of Credant’s developments and are not taking new capabilities into account, such as the addition of FDE. Credant needs to improve its competitive communications to potential buyers and renewal accounts.
McAfee
Strengths
• Revenue in the LOB containing MDP is the third-highest reported, substantially higher than the average and strongest when compared with other Leaders. Seat sales for MDP were among the highest reported, indicating a healthy mix of market penetration and revenue. Good revenue combined with high recognition from buyers and frequent competitive citations earns McAfee a high execution ranking. The announcement regarding Intel’s acquisition of McAfee came after the analysis was concluded.
• McAfee’s 1H10 acquisitions of Trust Digital and tenCube (during the study period) provide easy, nonoverlapping technology gains to build out a platform that will stay competitive for years in the EPP market. If handled well, these acquisitions could quickly make McAfee a strong contender in the smartphone end of the mobile device management market, and would have an increasingly positive future effect on its vision ranking. • McAfee has been named the second most-competitive threat
by its peer group (12 out of 18 vendor responses). Although its 2010 ranking is second to Symantec, McAfee earned its place by its own sales, not by two separate acquisitions, so its place in the ranking constitutes a solid competitive strength.
• McAfee has the following FIPS and CC certifications: FIPS 140-2 and CC EAL4. It was included in the GSA’s SmartBuy award.
• Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS, iPhone, iPad, Android, Palm OS and Windows Mobile 6.5. Embedded support includes Intel AES-NI, TCG encrypting drives, TPM and EFI.
Cautions
• McAfee lost revenue by discounting MDP lower than necessary to win contracts. The company has also pursued discounting in the DLP market as a means of building market share in new and existing EPP accounts. There is an urgent need to revise selling plans and advise sales teams to sell value rather than give away product. Excessive discounting makes it difficult for clients to determine whether they are paying a fair price and could reduce the viability of MDP support contracts.
• Although seat sales were high, they were substantially reduced compared with last year’s report, and, therefore, were not immune to the economic downturn.
• McAfee should improve the functionality of its software-based removable media protection solution. Many clients want a lightweight software solution, and although McAfee sells this as a feature of its Endpoint Encryption for Files and Folders product, it prefers to sell a more-expensive alternative based on branded OEM devices from partners such as MXI Security and SanDisk.
Mobile Armor
Strengths
• Revenue was slightly increased compared with last year’s Magic Quadrant. To compensate for the economy, internal operations were restructured to reduce the cost of operations. New client directions outside of government are being pursued, starting with medical industries.
• Mobile Armor offers its full suite of encryption products for purchase/on-premises use or via SaaS.
• A new three-year OEM relationship with Credant will begin to infuse revenue into Mobile Armor in 2H10. Mobile Armor has also been selected as Panasonic’s Preferred Data at Rest Vendor, and it sells licensed versions of SanDisk and IronKey flash drives.
• Network-aware preboot authentication was pioneered by Mobile Armor to protect updates to the user disk image from the preboot environment. Also offered is a color-coded visual biometric logon tool (based on the Mobile Armor shield logo). • Mobile Armor has the following FIPS and CC certifications: FIPS
140-2 Level 2, CC EAL4+ and U.S. National Security Agency’s (NSA’s) Commercial COMSEC Evaluation Program (CCEP) Suite B. It was included in the GSA’s SmartBuy award.
• Platform support is provided for all versions of Windows from 2000 through 64-bit Windows 7 (in development), Mac OS X, Research In Motion (RIM), Linux (Red Hat Enterprise Linux 5 and SUSE), Windows Mobile 6.x and Windows Phone 7. Embedded support is provided for Seagate encrypted drives, TCG encrypted drives, TPM, Intel vPro, Intel AT and EFI. Cautions
• The major source of growth for Mobile Armor stems from U.S. government agencies. However, nongovernment buyers are key to the company’s healthy growth in the future.
• Despite a fully featured product line, Mobile Armor’s revenue sits at the lower end of reporting vendors. Seat sales are also at the bottom of the range. A seemingly broad vision has not made the company strongly competitive.
• Acquisition and/or increased partnering and licensing deals are Mobile Armor’s best growth paths.
Novell
Strengths
• ZENworks Endpoint Security Management (ZESM) is tightly integrated under a single console with ZENworks, thereby making it an easy (but niche) choice for Novell-centric IT shops. • Novell has the following FIPS and CC certifications: FIPS 140-2
and CC EAL4+.
• Platform support is provided for Windows 2000 through Windows 7 (64-bit under development), Linux (Red Hat and SUSE), Palm OS, RIM and Windows Mobile 6.5.
Cautions
• Novell is not recognized as a competitor in this market by other MDP vendors or by Gartner clients. Buyers seem likely to buy ZESM as a point solution for removable media protection. Novell needs to strengthen its competitive business case to be more than a specialty vendor.
• Seat sales in 2009 were among the lowest reported, and its three-year cumulative performance was adequate, but on the low end. In stark contrast, Novell reported the highest LOB revenue, which is a clear indicator that its business strengths do not lie in MDP.
Safend
Strengths
• Safend is a file/folder encryption provider that resells removable media protection to several vendors in the Magic Quadrant, and it is qualified for inclusion based on sales revenue and non-OEM seat sales.
• Safend has a feature to expose a single application on a locked PC. This could be used, for example, to allow a courier to circulate a tablet PC with a sign-off form on display, while otherwise maintaining encrypted access to the system and its underlying data.
• Certifications include FIPS 140-2 and CC EAL2.
• Platform support is provided for Windows XP through 64-bit Windows 7, and for smartphones through partners. Embedded system support is included for Intel vPro.
Cautions
• Safend’s price for a suite of MDP features with full management is less than average, but its relatively low visibility is a barrier. However, the price is affordable for small numbers of seats. • Safend relies too heavily on OEM partners for sales because
they limit revenue potential and already sell competitive products. To grow as a stand-alone player, Safend needs to cultivate direct resellers.
• Safend’s smartphone support was built from a relationship with Trust Digital, which is now owned by McAfee. A future smartphone product arrangement is yet to be determined.
SafeNet
Strengths
• SafeNet is authorized to develop and sell U.S. government Type 1 (classified) encryption products. Approximately 50% of LOB revenue comes from Type 1 products.
• SafeNet sells an optional hardened key storage/key escrow appliance server to provide the maximum defense of system recovery data.
• SafeNet has the following FIPS and CC certifications: FIPS 140-2 and CC EAL4. It was included in the GSA’s SmartBuy award.
• Platform support includes Windows 2000 through 64-bit Windows 7, and for smartphones through partnerships. Additional support is available for redundant array of
independent disks (RAID), which makes this product appealing for servers.
Cautions
• SafeNet currently generates only a few inquiries in the MDP area from Gartner clients — end users and other vendors — and lacks visibility in nongovernment markets.
• Sales penetration is relatively low for an established long-term player. Revenue is generated by selling the entire product line in a suite with higher-than-average seat prices. However, the volume of sales is important to execution, and license penetration is as key to upselling as to the credibility of the company in new sales situations.
• Currently, SafeNet’s estimate of unit seat sales in the MDP market has placed it at the bottom of the range, and is a concern for its future inclusion in this Magic Quadrant. • It is not considered a competitive threat by any company that
Gartner tracks in the market. Aggressive and competitive sales techniques, and more nongovernment reseller partners, are still needed to get SafeNet recognized by potential buyers in other industry segments.
Secude
Strengths
• Secude is self-financed with a high equity ratio. • Secude does the majority of its business in a subset of
European Union countries, thereby making it an attractive niche provider in selected geographies.
• Platform support includes Windows XP through 64-bit Windows 7. Embedded support includes Seagate encrypted drives, TCG encrypted drives and TPM.
• Secude has a FIPS 140-2 application in process. Cautions
• A narrow focus on Windows workstations and a basic but adequate feature set classify Secude as a niche solution.
Sophos
Strengths
• Sophos completed a major user interface update during the study period, as well as other client enhancements that are essential to be competitive in new and renewal accounts. • Sophos offers MDP and DLP functions (built from Utimaco
SafeGuard), which are now completely integrated with its EPP product line.
• For the past two years, revenue in the MDP LOB has been well above average and grew more than 27% in the tough economy of 2009 in Europe and North America. Seat sales have also been well above average, and increased nearly 50% above last year’s report, thereby indicating reliable and repeatable execution.
• Sophos has the following FIPS and CC certifications: FIPS 140-2 and CC EAL4. Sophos is able to sell into the GSA’s SmartBuy program through a reseller arrangement with Information Security Corporation (ISC).
• Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS, Linux, Palm OS, Symbian and Windows Mobile 6.5. Embedded system support includes TPM, Intel vPro and EFI.
Cautions
• The majority of revenue is earned in EMEA. North American market penetration has improved, as has North American brand recognition. Sophos must continue to work on expanding its visibility. Gartner clients’ recognition of Sophos on shortlists outside of AV is infrequent and not on par with its strengths. • The replacement of the user interface mentioned above
came in 2010, but many prospective buyers already made decisions based on the old interface and are not aware of the improvements. The Sophos sales team needs to improve its expertise in revisiting prospects and long-term management of customer relationships.
• Sophos has many features (typically involving those in DLP and key management) that do not get aired in RFP discussions shared with Gartner analysts. Sophos needs to adopt more assertive sales and marketing techniques to ensure that its vision qualities are duly considered in competition.
• Sophos should improve its vision by expanding support into iPhone, Android and other “hot” mobile platforms.
• Sophos earned third place as a competitive threat, named by other vendors in the market. However, given its recent sales performance, competitors should pay close attention.
Sybase, an SAP Company
Strengths
• SAP’s acquisition of Sybase provided additional financial backing and sales channels to Sybase, which already enjoyed strong earnings in 2008 and 2009, and also showed a small overall revenue increase. The LOB containing MDP was the second-highest reported, although it showed a small decrease in revenue. The LOB is shared with a large collection of device management products and services.
• Sybase iAnywhere offers the most complete set of fully
integrated configuration management and MDP features owned by a single vendor.
• Sybase’s 2009 seat sales in the MDP market grew to more than 2.3 times that of 2008. This impressive increase is largely due to Sybase being ready early with products for new smartphone platforms — in particular, the iPhone.
• Sybase iAnywhere has the following FIPS certification: FIPS 140-2.
• Platform support is provided for Windows 2000 through 32-bit Windows 7, iPad, iPhone, Android, Palm OS, RIM, Symbian and Windows Mobile 6.5.
Cautions
• SAP’s acquisition of Sybase provides clear benefits related to the database management system, but SAP has no prior standing in device management and security markets. SAP will pursue opportunities to sell Afaria and the Sybase Unwired Platform (SUP) into its customer base.
• During the study period, and historically, Sybase left money behind by de-emphasizing its role in PC platform management. According to survey results, smartphone revenue is about 10% of the MDP market, while workstations compose about 84% of the market, but Sybase chooses only to pursue smartphones. Therefore, high LOB revenue is not a sign of strength in the MDP market.
• Sybase has stated that there are no plans to support embedded hardware features on workstation platforms.
Symantec
Strengths
• Symantec acquired PGP and GuardianEdge in 1H10, and is in the process of melding products and technologies to create a unified Symantec encryption suite. The combination of PGP’s secure e-mail and key management with GuardianEdge’s easy buyer appeal and integration with Altiris gives Symantec a powerful set of pieces from which to construct a new suite and a strong vision.
• The combination of PGP and GuardianEdge creates a potentially large revenue stream and installed seat base, if the transition can be delivered according to an aggressive one-year integration road map.
• Symantec earned the highest competitive threat rating in 2010 by its peer group — 15 vendors out of 18. However, this ranking mostly involved mentions of PGP and GuardianEdge. Symantec will need to earn a high execution ranking outright by showing that its merged business can substantially threaten the competition into 2011.
• Symantec has the following FIPS and CC certifications: FIPS 140-2, CC EAL2 and CC EAL4+.
• Platform support includes Windows 2000 through 64-bit Windows 7, Mac OS, Linux and Unix, BlackBerry and Windows Mobile 6.x. Embedded system support includes TPM, Intel vPro and EFI. Support for TCG self-encrypting encryption drives is planned for 2010.
Cautions
• Concurrent with its two acquisitions, Symantec has undergone a sweeping internal structure change that reconfigures operating divisions and management roles. The process is constructive and beneficial, but internally disruptive, and causes business continuity concerns for buyers. Incumbent users of PGP and GuardianEdge should proactively seek briefings for the continuity of sales and support.
• Smartphone support will go through a winding-down and transitional period. Symantec must end GuardianEdge’s license to Trust Digital, which is now owned by McAfee. Symantec has made an investment in Mocana, but it entered 2H10 without a competitive smartphone platform.
• Symantec’s LOB performance is on par with leadership, but shrank slightly compared with 2008 levels. The effect of adding PGP and GuardianEdge does not propel Symantec ahead of other Leaders in terms of execution, and during the study period, this did not threaten other Leaders. The additive effects of new revenue and client base are offset by product overlap, and by the effort needed to conduct relationship management with companies that chose other EPP vendors independently of their purchases from GuardianEdge and PGP.
Trustwave
Strengths
• Trustwave’s acquisition of BitArmor brings new channels and financial stability to one of the newest entrants into the MDP market.
• Trustwave provides data control software “Smart Tags” that secure, track, and control sensitive data by attaching tags to the data to facilitate policy management decisions on laptops, removable media, servers and e-mail attachments. This approach presents a powerful strategic solution to data protection because every file can directly assert its access policy.
• Trustwave has started a successful niche FDE SaaS business, aimed at PCI SMB customers.
Cautions
• Since Trustwave’s primary business is tied to PCI, Gartner believes that the acquisition of BitArmor will have a minimal direct competitive impact on other vendors in the MDP market. • Its Smart Tag methodology for combining encryption and rights
management is too far advanced for the tactical buyer, who is simply seeking an expedient way to make the auditor go away.
Verdasys
Strengths
• Verdasys provides integrated content-aware DLP and encryption, and describes its usage in a manner that supports future user needs and the analysis of trends presented in this research. Encryption is file/folder-based.
• All data files and critical system files are encrypted, and all file access and movement activities can be monitored and controlled in real time according to enterprise DLP policy. • Data (including files on removable media) encrypted by means
of user-generated passwords can be recovered by the central agent if the user password is lost.
• Its FIPS 140 application is in process.
• Platform support includes 32-bit Windows XP through 64-bit Windows 7 and Linux. Verdasys also integrates and provides additional DLP controls for a BlackBerry Enterprise Server. Cautions
• Verdasys is primarily known as a content-aware DLP provider, and is not currently recognized as a competitor in this market; however, several of Verdasys’ strongest DLP competitors hold positions in this Magic Quadrant.
• While Verdasys presents a clear story about the value and role of encryption, it currently treats encryption as a narrow adjunct to its primary business in DLP. In 2010, it would not be difficult for Verdasys to adjust its sales and marketing messages in ways to compete more directly in the MDP market.
Wave Systems
Strengths
• Wave Systems pioneered the use of Seagate self-encrypting hard drives as the basis for managed FDE, and was first to ship MDP products to support TCG Opal drives from Hitachi and Samsung.
• While its 2009 revenue was at the low end of the market, Wave Systems was able to double its earnings in 2009 compared with 2008. New revenue opportunities in 2010 include a distributor relationship with HP.
• A dedicated key management server helps companies back up keys to an existing platform, and migrate keys to new platforms for recovery or migration.
• A stand-alone version of the product is included on qualified Dell PCs, and is upgradable to an enterprise managed platform.
Additional bundling is available with motherboards from Intel and PCs from NEC (in Europe), and from Gateway, ASI and Acer. Embedded system support includes Intel vPro, TPM, Seagate encrypting drives and TCG-compatible drives. Cautions
• Wave Systems continues to enjoy a royalty for a factory-installed bundling, and also a reseller arrangement for its Embassy Remote Administration Server (ERAS) product on Dell systems — however, Dell has seen fit to expand its MDP growth by adding another MDP vendor to the reseller program. • Wave Systems’ historical value proposition, tied to Seagate
encrypting drives, created a dependence that limited its sales. In 2009 and 2010, several Gartner clients curtailed encrypting hard-drive buying decisions because of limited supplies. Support for TCG encrypting drives will help, but the slowness with which the new drives have appeared on the market will extend those limitations into 2011. Meanwhile, other vendors are preparing to compete by adding support for self-encrypting drives.
• Revenue more than doubled in 2009, but it is below the median and far below the average, given the large numbers of OEM seats that Wave Systems supplies. Primary distribution is performed by an OEM-embedded stand-alone client on selected PC platforms. Users can deploy the client without purchasing Wave Systems’ enterprise management. Unmanaged OEM seats do not generate significant revenue. • Wave Systems relies on security certifications on hard drives,
and, in the case of removable media, it relies on its OEM partner, Safend. Wave Systems should obtain some level of owned certifications for its key management server.
WinMagic
Strengths
• WinMagic invests heavily in R&D. For example, a recent development involves enhanced integration with Intel AT, which will help process PC lock commands through the motherboard in real time to control boot access and to wipe storage drives. • A feature called the “geofence” uses IP address information
to decide how to execute preboot authentication based on a geographic boundary (such as a continent, country or state). WinMagic has also developed secure unattended patch and maintenance updating through the preboot environment. • WinMagic has the following FIPS and CC certifications: FIPS
140-2 Level 2 and CC EAL4. It was included in the GSA’s SmartBuy award.
• Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS and Linux. Smartphone support has been discontinued. Embedded system support includes Seagate encrypting drives, TCG encrypting drives, TPM, Intel AT and EFI.
Cautions
• WinMagic did not provide detailed revenue information for 2009 or 2010, which is needed for a competitive ranking, so execution is estimated based on prior years combined with growth percentages. • Sales and emphasis continue to lean toward the high-security specialty markets. • By dropping smartphone support, WinMagic lost opportunities to grow visibility. • WinMagic must find better ways to position itself as an enterprise solution rather than a technology provider.
Vendors Added or Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor.
Evaluation Criteria Definitions
Ability to Execute
Product/Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills, etc., whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability (Business Unit, Financial, Strategy, Organization): Viability includes an assessment of the overall organization’s financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue investing in the product, to continue offering the product and to advance the state of the art within the organization’s portfolio of products.
Sales Execution/Pricing: The vendor’s capabilities in all pre-sales activities and the structure that supports them. This includes deal management, pricing and negotiation, pre-sales support and the overall effectiveness of the sales channel.
Market Responsiveness and Track Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor’s history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization’s message in order to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This “mind share” can be driven by a combination of publicity, promotional, thought leadership, word-of-mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements, etc. Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to understand buyers’ wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers’ wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling product that uses the appropriate network of direct and indirect sales, marketing, service and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor’s approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature set as they map to current and future requirements.
Business Model: The soundness and logic of the vendor’s underlying business proposition.
Vertical/Industry Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including verticals.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the “home” or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.