Professional Documents
Culture Documents
Mobile data protection products secure data on movable devices that can leave the
office, including notebooks, PDAs and smartphones. Buyers want products that work
equivalently across multiple platforms, need minimal support, provide for common
policies and extend protections to removable media.
© 2008 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form
without prior written permission is forbidden. The information contained herein has been obtained from sources believed to
be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although
Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal
advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors,
omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein
are subject to change without notice.
WHAT YOU NEED TO KNOW
Mobile data protection (MDP) systems and procedures are needed to protect user privacy and to
comply with audit requirements, and every company must include MDP in its IT operations plan.
The Magic Quadrant is a snapshot of the overall market. The Leaders category denotes a vendor
with a balance of strengths. However, vendors in any category, as well as those not ranked on
the Magic Quadrant (see Figure 1), may support your enterprise's needs.
MAGIC QUADRANT
Market Overview
MDP for notebooks and smaller handheld devices (PDAs and smartphones) is a rapidly growing
market that began with basic data encryption and has expanded beyond hard drives and local
files to encompass external data device controls and rights management. Most vendors in this
market started on desktops, but the clearly defined buying center is mobile. The MDP market has
been led for years by small independent software vendors (ISVs), some of which have been in
the market for up to 25 years. However, mergers and acquisitions are handing the reins over to
broader endpoint protection (EPP) vendors, such as Check Point Software Technologies and
McAfee. Protection schemes embedded in hardware or the operating system (OS) are
Market Definition/Description
Products in the MDP market are software tools that use strong encryption algorithms to protect
information on the primary storage system of mobile platforms, including notebooks, PDAs and
phones. Secondary protection for server volumes and removable media are increasingly
common. All the PC products can work on stationary desktops, but the market demand is for
systems that move. Encryption may be invoked at the level of individual files, as is common on
small mobile devices, or at the folder, partition or full disk for larger systems. Users must answer
a login challenge to gain access to data. The challenge may range from a simple PIN to a
complex password, token or smart card, and may combine with biometrics. Competitive
differences derive from different approaches to management, encryption strength, user
authentication, policy management and value-added features, such as protection of information
on removable media. Vendors must provide centrally managed access controls, lockouts and
recovery methods. Small mobile devices represent the largest number of platforms overall, but
the largest profits are still made on Windows laptop/desktop platforms. Products restricted to
Windows PCs may be considered, but the best rankings go to vendors that cross multiple
platforms and OSs.
• The vendor must have had products that were generally available in 2007 and in 1H08
for a sufficient length of time to attract market attention, and the products must meet all
aspects of the functional definition of products in the market. The vendor must offer
products for use on PCs, because workstations represent most of the revenue for the
market. Vendors that sell and/or source third-party encryption products are allowed;
several vendors in this market license parts of their solutions, ranging from
cryptographic modules to larger program components. A synchronization agent running
on a workstation to support a product that only runs on a handheld device does not
qualify for inclusion.
• The vendor must generate client interest and inquiry sufficient to be noticed by Gartner
security analysts. Analysts must also receive feedback from clients indicating they are
using the products.
• The vendor's product must not be limited to a single or proprietary platform by restriction
of an OS or hardware component.
• Gartner analysts have a generally favorable opinion about the company's ability to
compete in the market.
• The company regularly appears on Gartner clients' shortlists for final selection.
• Seat sales in 2007 needed to total more than one-fifth of the median, or 125,000 seats,
slightly less than 10% of the survey average of 1.4 million seats sold. The 2007 revenue
in the market must be more than $3 million, slightly less than 10% of the survey average
of $34 million. Exceptions may be granted if other inclusion factors merit consideration.
Exclusion Criteria
Vendors will not be included in the Magic Quadrant if the following conditions are not met:
• Vendors must return an annual RFI that is used to collect competitive and historical
data, within requested deadlines. Under limited circumstances at our discretion, we will
estimate vendor status from a prior year's survey, but vendors who decline to report for
two years in a row will be removed.
• Vendors must report seat sales in a format requested by Gartner to allow comparison.
Under limited circumstances at our discretion, we may estimate unreported seats based
on prior history, but vendors who decline to report for two years in a row may be
removed.
Dropped
Entrust sells an OEM version of Check Point Software Technologies' Pointsec product, and its
market contribution is now attributed to Check Point.
Evaluation Criteria
Ability to Execute
This market is well-established, and global pressure for data protection means that almost
anyone can find investment money and may sell enough seats to keep their doors open. Vendors
that learn to sell their products on the merits of ease of use and convergence with device
management processes win the largest sales across markets. Other factors, such as the U.S.
General Services Administration's SmartBUY program (www.gsa.gov/smartbuy ) help stimulate
sales, but are not a substitute for a good business strategy.
New products, new features and estimated sales in 1H08 are also considered in the final ranking.
Unofficial road maps, pending contracts and future sales agreements do not significantly
contribute to a vendor ranking or to inclusion in this research, but vendors that have official road
maps and that make consistent progress are recognized.
Product/Service compares the completeness and appropriateness of core data protection
technology. This factor is critical to demonstrating that the vendor can generate market
awareness.
Overall Viability considers company history and demonstrated commitment in the market, as well
as the difference between a company's stated goals for the evaluation period and the company's
actual performance compared with the rest of the market. Growth of the customer base and
revenue are considered.
Sales Execution/Pricing compares the strength of sales and distribution operations of the
vendors, as well as discounted list pricing for investments in seats ranging from fewer than 100 to
more than 10,000. Pricing was compared in terms of first-year cost-per-concurrent active license
seats, including cost of the management console and all hardware and support. Buyers want
demonstrable peace of mind more than they want bargains, and they respond more strongly to
sales techniques led by case studies and return on investment projections. In past years, that
urgent need for protection meant that vendors in this market could charge up to hundreds of
dollars per seat (obviously, lower prices are frequently negotiated). The arrival of EPP vendors in
the market changes the rules because antivirus (AV) products have been heavily discounted.
MDP buyers will expect deep discounting, and the average seat price can be expected to erode
by as much as a factor of 10 during the next three years. This will stimulate market penetration
but will challenge the survival of stand-alone and specialty vendors.
Market Responsiveness and Track Record, as well as Marketing Execution, rate competitive
visibility as the key factor, including which vendors are most commonly considered top
Completeness of Vision
Vision is subjectively ranked according to a vendor's ability to show a broad investment in
technology developments that predict user wants and needs.
Companies that lead in vision typically own, license or partner on products in other security and
configuration management markets. They must also demonstrate management features that
make their products easy to integrate with enterprise directories, and to interoperate with other
enterprise security and management systems.
Market Understanding and Marketing Strategy are ranked together as Marketing Strategy,
assessed through direct observation of the degree to which a vendor's products, road maps and
mission anticipate leading-edge thinking about buyers' wants and needs. Gartner makes this
assessment subjectively by several means, including interaction with vendors in briefings and by
reading planning documents, marketing and sales literature, and press releases. Incumbent
vendor market performance is reviewed year by year against specific recommendations that have
been made to each vendor and against future trends identified in Gartner research. Vendors
cannot merely state an aggressive future goal; they must put plans in place, show that they are
following their plans and modify their plans as market directions change. Also considered are the
vendor's partnerships with vendors in related endpoint security markets, including antivirus, anti-
spyware, configuration management, authentication, device identification, virtual private network
(VPN), data encryption, gateway firewalls and others.
Sales Strategy examines the vendor's strategy for selling products, including sales messages,
techniques, marketing, distribution and channels. This topic is considered in execution; it does not
apply to product vision, which is ranked in terms of investment in functionality.
Leaders
Leaders have products that work well for Gartner clients in small and large deployments. They
have long-term road maps that follow and/or influence Gartner's vision of the developing needs of
buyers in the market. Leaders make their competitors' sales staffs nervous and force competitors'
technical staffs to follow their lead. Their MDP products are well-known to clients, and they
encounter little resistance in selling their products.
Challengers
Challengers have competitive visibility, market share, and financial and channel strengths that are
better-developed than similar niche vendors. They have greater success in sales and mind share
than similar niche vendors. Challengers offer all the core features of MDP, but typically their
Visionaries
Visionaries have made investments in broad functionality and platform support, but their
competitive clout, visibility and market share don't reach the level of those of leaders. Visionaries
tend to be effective in making planning choices that will meet future buyer demands.
Niche Players
Niche players offer products that suit many enterprise needs. A niche ranking is assigned when
the product is not widely visible in competition, and it is judged to be relatively narrow or
specialized in breadth of functions and platforms, or, for other reasons, the vendor's ability to
communicate vision and features is not meeting Gartner's prevailing view of competitive trends.
However, because the MDP market is a niche area in IT security, MDP niche players include
stable, reliable and long-term players. Some niche players work from close, long-term
relationships with their buyers, in which customer feedback sets the primary agenda for new
features and enhancements. This approach can generate a high degree of customer satisfaction,
but also results in a narrower focus on R&D than would be expected of a visionary.
• Its European certifications are numerous and indicative of a solid product. For example,
BeCrypt is Communications Electronics Security Group (CESG) Assisted Products
Service (CAPS)-approved to Top-Secret level, and can export this level to major
countries.
• Embedded system support includes ability to manage BitLocker and the TPM, and
BeCrypt can provide key management for Seagate's drives.
• BeCrypt has the following FIPS and CC certifications: FIPS 140-2 (pending); CCTM
(equivalent to CC EAL1).
• Platform support is provided for: Linux (several distributions), Windows Mobile, and
Windows XP and Vista.
Cautions
• Seat sales rates are low for the time in business and compared to the overall market,
but the company has a baseline and market activity sufficient to continue appearance in
the Magic Quadrant.
• The company tied with Utimaco Safeware as the second most commonly cited
competitive threat named by other vendors in the market (11 out of 16 vendor
responses).
• Check Point Software Technologies has the following FIPS and CC certifications: FIPS
140-2 (all products); CC EAL2 (removable media); CC EAL44 (FDE).
• Platform support is provided for: Linux, Mac OS, Palm OS, Windows Mobile and
previous, Symbian, and Windows 2000, XP and Vista.
Cautions
• The company's successful integration between Pointsec and its EPP suite earns some
vision points, but has not influenced buying decisions reported by Gartner clients.
• Platform instabilities during and after installation were reported by several clients. The
problems were resolvable, and would have been avoidable if buyers had been given
better preparation and direction by Check Point Software Technologies' resellers.
• The key business and product management leader from Pointsec (Bob Egner) has
departed.
• Seat pricing is above average. Buyers expect EPP vendors to offer steep discounts, in
keeping with the trend for AV and firewall products.
Credant Technologies
Strengths
• With four million seats sold cumulatively in years 2005 through 2007, Credant
Technologies continues to demonstrate that data-centric, data-policy-driven encryption
products can compete in a market dominated by FDE vendors.
• Embedded system support includes the ability to manage BitLocker, EFS, Seagate's
encrypting drives and the TPM. Credant had a strong early partnership with Intel for
integration with vPro.
• Credant has the following FIPS and CC certifications: FIPS 140-2-1; CC EAL3.
Cautions
• Credant invests more effort in sales and education than many of the FDE vendors. In
past years, this has created strong growth potential in a market oriented toward FDE.
Earnings in 2007 were impressive, given the company's alternative market position as a
file encryption vendor, but seat penetration is behind key FDE vendors. Seat sales for
2007 were average and 1H08 has dropped to the market median (about one-third of
average), while many vendors are selling at rates that will exceed 2007. Credant's
performance earned a somewhat lower execution than 2007.
• The company must use more-informative and aggressive sales tactics to dispel industry
beliefs about drive versus file encryption, especially because FDE doesn't apply to the
largest-growing device populations, consisting of removable media and handheld
devices.
GuardianEdge Technologies
Strengths
• Growth continues to be strong, following a surge that began in 2006. Seat sales for 2007
and 1H08 are above average, and appear on track to stay that way.
• It was included in the U.S. General Services Administration's SmartBUY award, and it
benefited from a large deployment by the U.S. Veterans Administration.
• GuardianEdge Technologies has the following FIPS and CC certifications: FIPS 140-2;
CC EAL1; CC-EAL4 (in evaluation).
• Platform support is provided for: Palm OS, Symbian, Windows Mobile and previous, and
Windows XP and Vista.
Cautions
• The company needs to expand its revenue base outside the U.S.
• A stronger and deeper alliance with a major EPP vendor is recommended to hold its
visionary rating against the major EPP vendors.
• The company was included in the U.S. General Services Administration's SmartBUY
award.
• Information Security Corporation has the following FIPS certification: FIPS 140-2.
• Platform support is provided for: Linux, Mac OS (Intel and PowerPC processors), Unix,
Windows Mobile, and Windows XP and Vista.
Cautions
• The company did not provide updated information for the 2008 survey. Historical
extrapolations suggest that its estimated growth is below industry average.
• Information Security Corporation lacks visibility in the Gartner client base (it is rarely
mentioned), and is not considered a competitive threat by any company that Gartner
tracks in the market.
McAfee
Strengths
• McAfee is the most commonly named competitive threat (12 out of 16 vendor
responses). This is a promotion from 2007, when McAfee was No. 2 and Check Point
Software Technologies and Utimaco Safeware tied for first place.
• Seat sales for 2007 and 1H08 are the best reported by a wide margin.
• McAfee was included in the U.S. General Services Administration's SmartBUY award.
• Audit reports are designed to prove that a device was protected when lost or stolen.
• McAfee has the following FIPS and CC certifications: FIPS 140-2; CC EAL4.
• Platform support is provided for: Linux, Palm OS, Windows Mobile, Symbian, and
Windows XP and Vista.
Cautions
• McAfee needs to continue discounting its protection suite to displace other vendors. It
has the resources to undercut average and best-case pricing against most other
vendors on the market.
• The company must release support soon for embedded encryption systems, especially
Seagate's encrypting drives and the TPM, to maintain a strong visionary axis ranking.
• A firewall and VPN are included for handheld devices (using technology licensed from
Certicom).
• The company was included in the U.S. General Services Administration's SmartBUY
award.
• Mobile Armor has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4+.
• Platform support is provided for: Palm OS, RIM, Linux, Windows Mobile, and Windows
XP and Vista.
Cautions
• The major source of growth for Mobile Armor stems from military agencies and is
developing after the closing date for the survey. Aggressive and competitive sales
techniques are needed to get Mobile Armor recognized by potential buyers outside the
SmartBUY program.
• Seat sales are slightly above the inclusion threshold after three years of selling openly in
the market.
PGP
Strengths
• PGP has relatively high reported worldwide LOB revenue, attributable to the market
definition, although seat sales are average in all categories, suggesting strong earnings
per seat and a base of profitable complementary products, but less than leading
penetration. Clients frequently ask about PGP, which demonstrates that visibility drives
sales opportunities.
• The company offers shared key infrastructure across multiple PGP products, including
e-mail and instant messaging.
• PGP has the following FIPS and CC certifications: FIPS 140-2; CC EAL4+; U.K. CAPS
(in progress).
• Embedded system support includes the ability to manage the TPM and integration with
Intel vPro.
• Platform support is provided for: Linux (several distributions), Mac OS, RIM (e-mail
only), Unix, and Windows XP and Vista.
Cautions
• PGP needs to develop deeper alliances and licenses with EPP vendors to hold up
against McAfee.
SafeNet
Strengths
• SafeNet is authorized to develop and sell U.S. Government Type 1 (Classified)
encryption products. Approximately 50% of LOB revenue comes from Type 1 products.
• SafeNet has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4.
• Platform support is provided for: Linux, Macintosh, Unix, and Windows XP and Vista.
Cautions
• SafeNet generates few inquiries in the MDP area from Gartner clients — end users and
other vendors — and lacks visibility in nongovernment markets. It is not considered a
competitive threat by any company that Gartner tracks in the market. ProtectDrive was
acquired less than three years ago, and investment in the product has increased in the
past 18 months.
• Platform support for small handheld devices should be expanded. Currently, the mobile
product, ProtectMobile, is deployed on a narrow basis for law enforcement in Europe,
the Middle East and Africa, and is available for OEM use.
Secuware
Strengths
• Secuware is leveraging a unique position, selling in Spanish and Latin markets.
• The products have low-memory and high-performance characteristics because they are
developed as assembler-level programs.
• Secuware has the following FIPS and CC certifications: FIPS 140-2 (in review); CC
EAL2 (pending); CC EAL4 (certifying). Secuware pursued certification quickly since
2007.
• Embedded system support includes the ability to manage BitLocker and the TPM.
Secuware had a strong, early European partnership with Intel for integration with Intel
vPro, and has an early integration with Intel Danbury. The ability to diagnose and
recover an encrypted disk by remote control is included.
• Secure Virtual System (SVS) shields/encrypts virtual machine RAM so it cannot be read
by the host.
• Platform support is provided for: Windows Mobile (it manages it, rather than replacing it),
and Windows XP and Vista.
Cautions
• Secuware needs an effective multinational sales and marketing plan.
Sybase iAnywhere
Strengths
• Sybase iAnywhere offers the most complete set of configuration management and MDP
features owned by a single vendor.
• The company also offers a mobile e-mail platform that is competitive with Microsoft
Exchange and a bundled AV (SMobile Systems) for handheld devices.
• Sybase iAnywhere has the following FIPS certification: FIPS 140-2 (licensed from
Certicom for handheld devices); FIPS 140-2 (pending; licensed from BeCrypt for
Windows workstations).
• Platform support is provided for: iPhone (e-mail now, with full security in development),
Palm OS, RIM, Symbian, Windows Mobile, and Windows XP and Vista.
Cautions
• It has remarkably low sales, given the billion dollar investment power of parent company
Sybase. This is due, in part, to a preferential interest to ignore the PC market in favor of
the handheld market, where sales and revenue are more challenging. Sales have been
below market average for four years of history, including 2007, but are sufficient to
continue placement in the Magic Quadrant as niche execution.
• The breadth of the management platform is not driving sales, so vision is hampered
when, in fact, Sybase iAnywhere should be competitively challenging to the EPP
vendors that have entered this market.
• The company is behind the average with respect to access policies for data on
removable media.
Utimaco Safeware
Strengths
• Despite weaker name recognition in the U.S. than in Europe, Utimaco Safeware has the
second-highest-reported worldwide LOB revenue attributable to the market definition
after McAfee, and is tied with Check Point Software Technologies as the second most
commonly named competitive threat mentioned by other vendors (11 out of 16 vendor
responses).
• The proposed acquisition by Sophos would create a combined company that can
challenge McAfee. Company missions and management goals are highly compatible. A
successful merger will disruptively recalibrate vision for the 2009 Magic Quadrant.
• It is highly interoperable with other key management systems, and will generate its own
key structure if no certificate authority is present.
• Utimaco Safeware has the following FIPS and CC certifications: FIPS 140-2; CC EAL4.
• Platform support is provided for: Linux, Palm OS, Symbian, Windows Mobile, and
Windows XP and Vista.
Cautions
• The U.S. market penetration has been slow.
• Gartner client recognition of Utimaco Safeware on shortlists has improved, but still is not
on a par with its strengths.
Wave Systems
Strengths
• Wave Systems offers a self-contained solution for managing keys, reporting and
recovery for PCs that are equipped with a Seagate encrypting drive and a TPM. The
company supports TPMs from many manufacturers.
• Released in late 2007, its product has gained visibility among Gartner clients.
• A stand-alone version of the product is included on qualified Dell PCs and is upgradable
to an enterprise managed platform. Additional bundling is available with some
motherboards from Intel, NEC (in Europe) and Acer.
Cautions
• Wave Systems must provide managed encryption on removable media as soon as
possible. This is a basic competitive requirement, and an immediate need that can't wait
for the Trusted Computing Group's specification to be adopted on flash drives.
• Wave Systems has shipped many tens of millions of OEM seats, but receives only a
small royalty, which generates revenue that is below the median and far below average
(even if some of those seats become enterprise accounts). The company's market
impact is, therefore, only fractionally considered, because stand-alone OEM seats are
not trackable and do not advance the goals of enterprise managed data protection.
WinMagic
Strengths
• WinMagic had better-than-average seat sales in 2007 and solid earnings, after a sales
lull in 2006.
• WinMagic has the following FIPS and CC certifications: FIPS 140-2-2; CC EAL4.
• Platform support is provided for: Linux, Windows Mobile, and Windows 2000, XP, and
Vista.
Cautions
• Recognition of WinMagic and the appeal of some of its innovative features is low among
Gartner clients posing inquiries. For example, methods to catalog encryption keys to aid
archival recovery have not generally caused Gartner clients to revise their shortlists to
prioritize WinMagic.
• Sales and emphasis continue to lean toward the high-security specialty markets, earning
a niche player ranking. WinMagic must position the product to appeal to the majority of
users that resist strong security products, and, in anticipation of the changes caused by
EPP vendors in the market, it should seek an alliance with a major EPP vendor.
RECOMMENDED READING
"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market"
"Windows Vista BitLocker: Good, but Not Great"
"Implementation Advice for Mobile Data Protection"
"Market Overview: Portable Storage Device Control Products, Worldwide, 2006"
"Use Pointsec Acquisition to Gain Incentives From Check Point"
REGIONAL HEADQUARTERS
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
U.S.A.
+1 203 964 0096
European Headquarters
Tamesis
The Glanty
Egham
Surrey, TW20 9AW
UNITED KINGDOM
+44 1784 431611
Asia/Pacific Headquarters
Gartner Australasia Pty. Ltd.
Level 9, 141 Walker Street
North Sydney
New South Wales 2060
AUSTRALIA
+61 2 9459 4600
Japan Headquarters
Gartner Japan Ltd.
Aobadai Hills, 6F
7-7, Aobadai, 4-chome
Meguro-ku, Tokyo 153-0042
JAPAN
+81 3 3481 3670