Mobile Security Fuels VAR OpportunitiesBy Ericka Chickowski | Posted 2009-08-20 Email Print
Business attitudes toward smartphone security are changing and the shift may well present some great business opportunities for resellers and integrators.
Many channel partners might not have noticed it yet, but business attitudes toward smartphone security are changing and the shift may well present some great opportunities for resellers and integrators.
For years now security vendors have trolled for mobile security business, casting line after line into the water, fishing for customers worried about the vulnerability of smartphones to malware and other attacks. For the most part, the enterprise really hasn’t bit.
But sales and fishing are both a patient business, so the vendors have kept at the mobile security gambit—and they want channel partners to join in the pursuit. Experts believe both vendors and VARs will have a bit more luck catching those deals these days due to a sea change in the mobile environment and a marked shift in mobile security offerings.
In fact, the analysts are convinced there’s room for growth.
According to an Infonetics Research report released last month, analyst
Jeff Wilson projects the mobile device security market will reach $1.6
billion by 2013.
Whether they like it or not, enterprises are experiencing an explosion of smartphone usage within their network infrastructures. According to a Canalys report out this week, smartphone sales during second quarter were up 13.4 percent year-over-year, a huge bump considering flat to slumping sales in just about any other tech category. Most channel partners can vouch for those numbers—those interviewed for the Channel Insider 2009 Market Pulse survey said the highest demand product in their repertoires was for smartphones.
While a lot of that growth in comes within the consumer category, even consumer gadget purchases spill over into the business organization’s infrastructure. In a survey released by Trend Micro this week, half of consumers use their smartphones for both business and personal use.
"What I think you're finding out is a lot of people are going out to
buy their own devices as opposed to the corporation issuing them," says
president of Englewood, Colo.-based Arrow ECS, a value-added distributor. "More and more
people are using those phones to go back to the office and connect with
maybe a spreadsheet or some form of data in the office. They just go
into the network at whatever level without anybody tracking what
they’re doing or sometimes without IT even knowing they’re there."
It’s what Julian Croxall at Richard Fleischman Associates (RFA) calls "organic" growth, and for some industries when it goes unchecked it can feed off itself. One user sees another who’s gotten IT to hook up network connection to a personal phone and "goes off and gets one themselves and it grows without control," says Croxall, director of business strategy for the New York-based solution provider, which primarily focuses on the hedge fund industry.
"I think that's the opportunity area for channel partners, to try
and help those organizations reclaim the controls around their wireless
and PDA devices," he says.
Not Just AV Anymore
Clearly, the environment is chaotic and organizations are clamoring for ways to manage the security of the data they connect to and store using smartphones. Vendors are finally realizing that this is where the really viable security play lies for them and their channel partners.
While vendors may continue to sell malware and anti-virus solutions,
they’re finding that the risk that customers are concerned about
revolve around the data.
"I think there has been a lot of hype in that space, people trying
to explain to customers that there is a huge risk of being infected by
global malware and of carrying malware into the enterprise network with
mobile devices," says Joerg Schneider-Fimon, product marketing manager
for Trend Micro. "But it turns out that despite the popularity of those
devices, the amount of malware that actually targets these devices is
still very, very small."
As he puts it, there are still more lucrative targets than PDAs and
smartphones for the crooks out there. Nevertheless, security for these
mobile devices is critical because of their power to retain and
"What enterprises are concerned about, however, is privacy of data that sits on these devices," Schneider-Fimon says. "That is a concern that is actually driving more of our mobile security business than the actual malware problem."
"I think one of the primary concerns that enterprises have is over the data security that's held on a device," he says, explaining that these devices open up risk via the insecurity of transmissions through Bluetooth and dual-mode wireless use, through insecure e-mail and through the very real risk of an unauthorized party accessing stored files, e-mails and attachments when devices are lost or stolen.
This last concern is one of the biggest. Most people recognize the feeling in that "really frantic moment where you get up and do that quick pat down and realize you don’t have your phone with you," says Doris Yang, product manager for PGP. The fact is that their diminutive size makes mobile devices all too easy to lose.
According to a report released by Credant Technologies last year,
taxicab passengers in New York left 31,544 mobile phones and 2,752
handheld devices behind during a six-month period in 2008.
Yang points to a new report from IDC that shows why these device loss and theft occurrences should be worrisome to most IT managers and even executive management. According to IDC, recent enterprise survey respondents reported that 27 percent of their data leaks came from lost or stolen smartphones.
"We're seeing that as the driver for conversations with customers,"
Yang says. "I think if a customer hasn't already approached you for
help, a lot of times you can use that to sort of to start that
conversation. We're no longer really asking people to make that leap of
faith and assume what you're seeing on laptops and desktops also
applies to mobile devices. Now there’s evidence that it’s true."
Now, one of the big obstacles for solution providers is finding a way to sell these mobile products into organizations that may already be cutting back on security spend. The timing isn’t great, Zorn admits.
"We're in one of those economic situations where it's a choice for
the end user between have to have and nice to have," he says, "and
they're considering that type of prevention as nice to have."
All of the experts believe that the channel’s key to loosening customer purse strings is to work on risk awareness.
"The first thing is to assess whether there is a real understanding of the need of security around mobile devices," Croxall says. "In this economy it is obviously a bit of a sell to get those firms to invest in it but nevertheless if they allow those devices to connect to their corporate network, the security issue is there however those users come to those devices.
"It can be quite easy for a channel partner selling into a client to
raise the awareness; there are plenty of examples assigned to data loss
and what happens to those companies that are involved."
And if a customer claims that it is simply handling the problem by simply not allowing their users to log on with unauthorized devices—another common objection, Schneider-Fimon says—all a VAR needs to do is a little probing.
"My recommendation in that scenario would be to grab one of those phones and take a look at what's on it and I’m sure in most of the cases they will find some corporate information being stored on these devices," he says.
Most importantly, Zorn says, channel partners need to be true solution
partners in order to make this sale. Many organizations have avoided
mobile security due to the fractured nature of the market, which is
made up of dozens of little point solutions for various mobility
management and security problems.
"VARs can make a lot of bucks on this. The thing is, they’ve got to
get this product-only focus out of their mind," he says, explaining
that the products are ancillary compared with risk assessment, policy
development, device management, auditing and other services that can be
brought together under one solution.
The executives don’t necessarily need to know how the mobile security sausage is made, they just need to know that all of the risks are being remediated or mitigated.
"And that is very, very lucrative for the VAR partner who can deliver it," Zorn says.