Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Many channel partners might not have noticed it yet, but business
attitudes toward smartphone security are changing and the shift may
well present some great opportunities for resellers and integrators.

For years now security vendors have trolled for mobile security
business, casting line after line into the water, fishing for customers
worried about the vulnerability of smartphones to malware and other
attacks. For the most part, the enterprise really hasn’t bit.

But sales and fishing are both a patient business, so the vendors
have kept at the mobile security gambit—and they want channel partners
to join in the pursuit. Experts believe both vendors and VARs will have
a bit more luck catching those deals these days due to a sea change in
the mobile environment and a marked shift in mobile security offerings.

In fact, the analysts are convinced there’s room for growth.
According to an Infonetics Research report released last month, analyst
Jeff Wilson projects the mobile device security market will reach $1.6
billion by 2013.

Changing Environment

Whether they like it or not, enterprises are experiencing an
explosion of smartphone usage within their network infrastructures.
According to a Canalys report out this week, smartphone sales during
second quarter were up 13.4 percent year-over-year, a huge bump
considering flat to slumping sales in just about any other tech
category. Most channel partners can vouch for those numbers—those
interviewed for the Channel Insider 2009 Market Pulse survey said the
highest demand product in their repertoires was for smartphones.

While a lot of that growth in comes within the consumer category,
even consumer gadget purchases spill over into the business
organization’s infrastructure. In a survey released by Trend Micro this
week, half of consumers use their smartphones for both business and
personal use.

“What I think you’re finding out is a lot of people are going out to
buy their own devices as opposed to the corporation issuing them,” says
Tom Zorn,



executive vice
president of Englewood, Colo.-based Arrow ECS, a value-added distributor
. “More and more
people are using those phones to go back to the office and connect with
maybe a spreadsheet or some form of data in the office. They just go
into the network at whatever level without anybody tracking what
they’re doing or sometimes without IT even knowing they’re there.”

It’s what Julian Croxall at Richard Fleischman Associates (RFA)
calls "organic" growth, and for some industries when it goes unchecked
it can feed off itself. One user sees another who’s gotten IT to hook
up network connection to a personal phone and “goes off and gets one
themselves and it grows without control,” says Croxall, director of
business strategy for the New York-based solution provider, which
primarily focuses on the hedge fund industry.

“I think that’s the opportunity area for channel partners, to try
and help those organizations reclaim the controls around their wireless
and PDA devices,” he says.

Not Just AV Anymore

Clearly, the environment is chaotic and organizations are clamoring
for ways to manage the security of the data they connect to and store
using smartphones. Vendors are finally realizing that this is where the
really viable security play lies for them and their channel partners.

While vendors may continue to sell malware and anti-virus solutions,
they’re finding that the risk that customers are concerned about
revolve around the data.

“I think there has been a lot of hype in that space, people trying
to explain to customers that there is a huge risk of being infected by
global malware and of carrying malware into the enterprise network with
mobile devices,” says Joerg Schneider-Fimon, product marketing manager
for Trend Micro. “But it turns out that despite the popularity of those
devices, the amount of malware that actually targets these devices is
still very, very small.”

As he puts it, there are still more lucrative targets than PDAs and
smartphones for the crooks out there. Nevertheless, security for these
mobile devices is critical because of their power to retain and
transmit data.

“What enterprises are concerned about, however, is privacy of data that
sits on these devices,” Schneider-Fimon says. “That is a concern that
is actually driving more of our mobile security business than the
actual malware problem.”

Croxall agrees.

“I think one of the primary concerns that enterprises have is over
the data security that’s held on a device,” he says, explaining that
these devices open up risk via the insecurity of transmissions through
Bluetooth and dual-mode wireless use, through insecure e-mail and
through the very real risk of an unauthorized party accessing stored
files, e-mails and attachments when devices are lost or stolen.

This
last concern is one of the biggest. Most people recognize the feeling
in that “really frantic moment where you get up and do that quick pat
down and realize you don’t have your phone with you,” says Doris Yang,
product manager for PGP. The fact is that their diminutive size makes
mobile devices all too easy to lose.

According to a report released by Credant Technologies last year,
taxicab passengers in New York left 31,544 mobile phones and 2,752
handheld devices behind during a six-month period in 2008.

Yang points to a new report from IDC that shows why these device
loss and theft occurrences should be worrisome to most IT managers and
even executive management. According to IDC, recent enterprise survey
respondents reported that 27 percent of their data leaks came from lost
or stolen smartphones.

“We’re seeing that as the driver for conversations with customers,”
Yang says. “I think if a customer hasn’t already approached you for
help, a lot of times you can use that to sort of to start that
conversation. We’re no longer really asking people to make that leap of
faith and assume what you’re seeing on laptops and desktops also
applies to mobile devices. Now there’s evidence that it’s true.”
 
Overcoming objections

Now, one of the big obstacles for solution providers is finding a
way to sell these mobile products into organizations that may already
be cutting back on security spend. The timing isn’t great, Zorn admits.

“We’re in one of those economic situations where it’s a choice for
the end user between have to have and nice to have,” he says, “and
they’re considering that type of prevention as nice to have.”

All of the experts believe that the channel’s key to loosening customer purse strings is to work on risk awareness.

“The first thing is to assess whether there is a real understanding
of the need of security around mobile devices,” Croxall says. “In this
economy it is obviously a bit of a sell to get those firms to invest in
it but nevertheless if they allow those devices to connect to their
corporate network, the security issue is there however those users come
to those devices.

“It can be quite easy for a channel partner selling into a client to
raise the awareness; there are plenty of examples assigned to data loss
and what happens to those companies that are involved.”

And if a customer claims that it is simply handling the problem by
simply not allowing their users to log on with unauthorized
devices—another common objection, Schneider-Fimon says—all a VAR needs
to do is a little probing.

“My recommendation in that scenario would be to grab one of those
phones and take a look at what’s on it and I’m sure in most of the
cases they will find some corporate information being stored on these
devices,” he says.

Most importantly, Zorn says, channel partners need to be true solution
partners in order to make this sale. Many organizations have avoided
mobile security due to the fractured nature of the market, which is
made up of dozens of little point solutions for various mobility
management and security problems.

“VARs can make a lot of bucks on this. The thing is, they’ve got to
get this product-only focus out of their mind,” he says, explaining
that the products are ancillary compared with risk assessment, policy
development, device management, auditing and other services that can be
brought together under one solution.

The executives don’t necessarily need to know how the mobile
security sausage is made, they just need to know that all of the risks
are being remediated or mitigated.

“And that is very, very lucrative for the VAR partner who can deliver it,” Zorn says.