Mobile threat defense is on the rise. In Part 1 of this series, I looked at the security landscape for modern mobile devices—it’s very different from the desktop landscape. In Part 2, I covered what mobile threat defense technology actually does—it’s way more than just anti malware, and it’s mostly adjacent to EMM. Today in this final part, I’ll look at the market, who’s buying it today, and why.
Unaware or wait-and-see
Simply put, in 2017 the majority of companies are either unaware of what’s going on in mobile threat defense, or they’re in wait-and-see mode. I’ll get to who is doing what in a bit, but here’s why companies aren’t using mobile threat defense yet.
First, as I outlined in Part 1, despite the occasional headlines, the vast majority of users have never had any problems in the entire decade that modern mobile devices have been around. iOS and Android have the benefit of being designed in a completely different era than most desktop operating systems.
On the enterprise side, combine this relative safety with the fact that a lot of companies still just have informal, ad hoc mobile strategies, even though they may be using mobility quite a bit.
Companies that do have formal mobile strategies likely still have more pressing security issues to deal, like protecting credentials and keeping systems patched. In addition, many in this group are finding that EMM has adequately addressed their needs so far.
For companies that are aware of mobile threat defense, there have been other issues. For a while, there wasn’t much common practice in the market (in 2014, 2015, and 2016); many of the vendors were startups (though this is changing); and Google and Apple’s positions weren’t very clear (this is changing, too).
Mobile threat defense finds its groove
Consumer versions of mobile threat defense have been downloaded hundreds of millions of times, but on the enterprise side, adoption is just starting. According to data from MobileIron, covering the second half of 2016, 0.6% of their customers were using it, and Gartner put the number at less than 5% in their 2016 Market Guide. Their estimate of the market size was less than $100 million.
Mobile threat defense is growing, though. Gartner’s 2017 Market Guide put the number at less than 10%, and the market size doubling this year. (Many mobile threat defense vendors will be happy to give you a reprint in exchange for your contact information.)
On the vendor side, Lookout announced that they have over 150 customers earlier this year; several other vendors told me they were in the 50–100 range; and at least one reported in the neighborhood of 1000 customers. These are generally enterprise customers; however, sales to SMB through the channel—or especially through carriers—are prevalent as well.
I’m also hearing that vendors are getting more inbound leads, from customers that have more mature questions; plus some deals are starting to go head to head. Mobile threat defense vendors have won some big logos, including the US House of Representatives; on the other hand I’ve heard that the discounting is heavy, and you’ll be hard-pressed to find an actual published list price or clues to average selling price. There are many, many partnerships between EMM vendors and mobile threat defense vendors, and we saw Symantec recently acquire Skycure.
On the platform side, Google has long talked about its mobile security work (outlined in the Android Security Year in Review), but more recently it’s made it more visible by introducing an app called Google Play Protect. Apple hasn’t specifically talked about mobile threat defense, but as I mentioned in Part 2, you can find references to mobile threat defense vendors being part of something called the Apple Mobility Partner Program.
How customers are using mobile threat defence
Most mobile threat defense customers are Global 1000-size companies, though some MSPs and resellers are getting it into smaller companies as well. Naturally they tend to be in highly-regulated and security-sensitive industries with very mature mobility practices. Large deployments in the tens of thousands of device are not uncommon, and I even heard of a deployment as large as 100,000 devices.
There are certainly organizations that have faced mobile attacks firsthand, whether targeted or not, though these do remain rare and they’re naturally reticent to share details. Others believe they could be subject to Pegasus/Trident-style attacks. However, most customers largely regard mobile threat defense as a precautionary move, and are beginning to use it as a way of staying compliant. This includes all aspects—looking out for leaky apps, monitoring network connections, and attesting devices, as described in more detail previously.
Some see it as a way to expand the range of devices they trust, whether it be a way to get off of BlackBerry devices, say yes to Android, or permit BYOD. Another common use case is to attest the posture of unmanaged devices, either using an agent or by embedding a mobile threat defense SDK in another app. Most deployments, though, use it in tandem with EMM, since EMM can provide more visibility and options for remediation.
Overall, we can say that the role and technology of mobile threat defense has coalesced, even though most organizations won’t be adopting it very soon. However, the pace of adoption is increasing, and companies that do go this route will find a reasonably mature model. Everybody should at least know what’s going on in this space, and for organizations that do have very advanced mobility strategies or believe that they are especially at risk to mobile threats, now is the time to take a closer look at mobile threat defense products.