Summary Bullets:
- Most mobile security services for the enterprise still focus on advisory and integration, stopping short of fully managed services.
- This should change soon, as managed solutions increasingly hit the market, but managed mobile security will be baked into more comprehensive mobile device management (MDM) solutions rather than packaged as a standalone offering.
In yesterday’s IT Connection blog post on IT service providers and mobility, Kitty Weldon wrote about how 2013 has seen noticeable activity – rather than just talk – when it comes to key players delivering mobile-centric services to the enterprise. “ITSPs are gaining an increasing share of mobility-oriented enterprise business, especially in areas such as mobile strategy and mobile application development and enablement (which is to be expected), but also for mobile device management and mobile security.” The security piece is especially intriguing, as a number of professional and managed services focused on the intersection of MDM and security have been rolled out (or at least announced) in the last couple months, and the impression given by service providers is that they cannot get their solutions out fast enough to answer enterprise demand for external knowledge, advice and operational assistance in the wake of the flood of devices overrunning their IT landscapes.
Just this week, HP announced (at its HP Protect event) the availability of new HP Security Risk and Controls Advisory Services for Mobility. The portfolio is designed to assess business needs for BYOD and its security implications, assessing the risk landscape for specific industry sectors, and to make recommendations for security controls. This comes one week after AT&T announced plans at its annual Cyber Security Conference to launch a new mobile security solution that combines network and device-level security controls including encryption, application security and a full suite of MDM capabilities. The solution, expected later this year, will provide businesses with comprehensive security for their mobile ecosystems, even if they are not AT&T wireless customers. IBM has a two-year head start with its Hosted Mobile Device Security Management service, which utilizes a cloud-based infrastructure that facilitates smartphone and tablet endpoint security across a variety of platforms including Windows Mobile, Symbian, BlackBerry, Android and iOS. Meanwhile, Dimension Data, like HP, is focused more on assessment and design with its Secure Mobile Access solution, but it follows through with solution deployment and follow-on operations management, stopping short of a fully managed service.
It is possible that enterprises are still in the assessment and planning stage, and that consulting and integration services for mobile security will meet current needs, but I expect that will change fast. Providing multilayered, proactive security-as-a-service for environments with extensive BYOD is exactly the kind of capability short-staffed IT departments want to leverage from an IT services partner in order to manage the risks of disruptive user behavior.
The question going forward is whether mobile security-as-a-service will be delivered as a standalone solution, or simply baked into more comprehensive MDM solutions. Based on what we have seen from IBM and AT&T (and also what Verizon is pitching with its Enterprise Mobility as a Service offer, which includes mobile device management, multi-service user management and dual persona), the latter scenario seems much more likely.
IT Connection 