InComparison. Essential security business requirements and competitive landscape

Transcription

1 InComparison Essential security An InComparison Paper by Bloor Research Author : Fran Howarth Publish date : April 2012

2 security is essential. communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain. Fran Howarth

3 Executive summary is an essential communications and collaboration tool for all organisations and messages contain a great deal of sensitive and often confidential information that is among the most important business records produced by an organisation. It is therefore vital that high levels of security be used for , both at rest and in transit. This is important not just for protecting the organisation from the harm caused by -borne threats facing the organisation, but also to ensure that it is safe when stored so that the information cannot be accidentally leaked out of the organisation. Traditionally, security technologies have focused on malware and spam controls at their core, but this part of the market has become somewhat commoditised over time with feature parity across most vendors as innovation has plateaued. Where most development has been seen is in the focus on more advanced threat detection techniques in the arms race against ever more sophisticated threats. With vendors offering pretty much the same assurances over malware and spam protection, organisations looking to make purchasing decisions should look for more advanced features that add value as part of a wider, unified management system, such as continuity services and archiving. Many government regulations and industry standards mandate that records be retained in a secure, tamperproof repository, which will also help to keep workers productive as they will be able to more easily retrieve old s for repurposing the information that they contain or for evidence in litigation. The quality and configurability of the management interface into which all components are integrated are important considerations here, making it easier to prove compliance and to answer litigation that demands that s can be produced quickly when required as evidence. Other important differentiators that organisations should look for include the quality of the self-service capabilities, such as the level of user control over quarantined , as well as pricing and the quality of support provided. Fast facts security should be part of a wider, unified management system, encompassing not just malware controls, but mailbox management, content filtering, encryption and data leakage prevention, continuity, archiving and discovery, and compliance reporting. Traditional on-premise software and appliance delivery models are being eclipsed by cloud-based and hybrid delivery models that provide many advantages in terms of cost, convenience, superior service and greater flexibility, in particular enabling security controls to be extended to the ever-expanding number of mobile devices being used. The bottom line Given the importance of as a business record, high standards of security need to be applied so that employees of an organisation can communicate and collaborate with each other and with customers and business partners effectively and efficiently without falling prey to the threats posed by -borne malware and data leakage or exfiltration. However, whilst communications are vital to all organisations, managing systems and security in-house is a complex challenge that provides little in the way of competitive advantage. Newer, cloud-based and hybrid delivery models remove many of those complexities and provide a superior level of protection against the sophisticated exploits being targeted at systems today. This document discusses the business case for implementing strong security controls and outlines what organisations should look for when selecting a product or service. It is intended to be read by organisations of all sizes across all vertical industries and describes the capabilities of some of the major vendors in the market. A Bloor InComparison Paper Bloor Research

4 as a strategic business tool The development of was a revolution in communications. It allowed people to communicate and exchange information efficiently and cost effectively, without the need for both parties to be on the same time schedule. According to research published by Osterman Research in December 2010, remains the single most used application for the typical corporate user and is the primary method for sending information in and out of an organisation 1. Osterman found that, on average, the typical user spends 134 minutes per working day on , compared to 61 minutes on the telephone, 28 minutes using real-time communications tools and 11 minutes using social media sites. Yet is more than just a communications tool. It is also the most commonly used collaboration platform within organisations, used for working on documents, presentations and spreadsheets among project teams. is also used for interaction by many enterprise applications such as customer relationship management, supply chain and transaction processing applications, used to send users notifications and to keep track of interactions on these applications. Not only is the most important communications mechanism for organisations, but its use is increasing as users continue to embrace internet-enabled mobile devices. According to research published by digital marketing intelligence provider comscore in January 2011, the number of users accessing via mobile grew by 36% in 2010 and many more users are checking corporate s from their mobile devices even those that they own personally 2. In 2011, the Radicati Group published research that indicated that 85% of business users use mobile phones to check their business s Bloor Research A Bloor InComparison Paper

5 Why security is essential Because of its importance as a communications and collaboration tool, s are considered to be important business records. According to the Enterprise Strategy Group, up to 75% of corporate intellectual property is contained in s and their attachments, as well as other sensitive information such as personnel data, customer information, product and marketing plans, and corporate financial data 4. Given the importance of such records, it is vital that they are transmitted and stored securely. One primary concern for organisations is that of malware being introduced to the organisation via , which can be used to exfiltrate data out of the organisation, such as personal information contained on an endpoint device or to send out spam messages. Another concern is that users often need to locate information in s and their attachments especially those sent to them, where a certain may be the only record of a particular transaction that is available to them. Time spent clearing up infections and looking for records can be a major drain on productivity. Another major reason behind the need for high levels of security is the need to comply with government regulations and industry mandates, many of which require that high standards of security be applied to sensitive data, much of which is contained in correspondence. Examples include data protection legislation in many countries worldwide, much of which is being tightened to expand the sanctions imposed on organisations for data breaches, and industry standards such as the Payment Card Industry Data Security Standards (PCI DSS), which demands that payment cardholder information be adequately protected. Others demand that business records, including s, be maintained for specified periods of time in a secure, tamperproof manner, in some cases for up to ten years. Examples of these in the US include SEC Rule 17a-4, Sarbanes-Oxley, the Federal Rules of Civil Procedure, NARA Electronic Records Management regulations and FINRA Rule The US also has the Patriot Act, which allows for the interception and inspection of enterprise . In the EU, each member state tends to have its own national laws governing records retention, with the majority requiring records to be maintained for an average of five years. E-discovery in Asia-Pacific is still considered to be a fairly new initiative, although Australia in particular has been reforming rules to encourage electronic submissions. In Africa, various countries, including South Africa, are in the process of developing laws. A Bloor InComparison Paper Bloor Research

6 Security as part of a unified management system Because of these factors, effective security is essential and needs to be a core component of any management system. Whilst once security was primarily associated with malware controls, a much more holistic approach is now required that encompasses all aspects of managing systems. It requires a combination of mailbox management, malware controls, content filtering, encryption and data leak prevention, continuity, archiving and discovery, and compliance reporting. All organisations need to guard against threats associated with by ensuring that protection is constant and covers all s sent or received by all users, that the service is continuously available, and that all relevant s are securely archived. DIY or leverage the cloud? Traditionally, security technologies have been deployed within the boundaries of an organisation, with controls placed directly on the devices used to send and receive s, such as anti-virus and other malware controls. At the network level, firewalls and intrusion detection and prevention systems are generally used to control what traffic can flow in and out of the organisation, often deployed inline with specific devices. Implemented in-house, such systems take a great deal of administration and management, which, especially in large organisations, means that IT resources have to be dedicated just to managing these systems. To solve some of these issues, technology vendors developed appliance-based systems, deployed on-premise, that perform many of the administration and management tasks required, requiring agents with a much lower footprint be installed on each device to be protected so that updates can be pushed out from a central location and policies enforced centrally. Appliances have the advantages over softwareonly deployments of providing greater visibility into user activity and network traffic, as well as whether or not devices conform to the security standards required. However, appliances are not always easy to scale as new devices are added, often requiring more hardware to be purchased, configurations to be actively managed and needing administrators to take action when issues are encountered. More recently, cloud-based, software as a service (SaaS) subscription-based services have come onto the market. The use of such services provides advantages that include lower cost and administrative overhead since the services are based on a shared infrastructure and made available to many customers simultaneously. In terms of security services offered in a cloud-based SaaS model, most providers focus not just on threat and malware protection, but also offer a range of complementary services that are necessary for maintaining a comprehensive security posture. These include inbound and outbound security and privacy protection, archiving, continuity, and regulatory compliance and litigation support. The level of protection offered through such services is often better than can be achieved in-house in part because many responsibilities for security are pushed off onto the service provider, rather than having to be provided inhouse (see Figure 1). Source: European Network and Information Security Agency (ENISA) Figure 1: Division of security responsibilities in the SaaS delivery model Bloor Research A Bloor InComparison Paper

7 Security as part of a unified management system Among the reasons why the level of threat protection offered by such services can be superior to those deployed in-house is that threats can be stopped in the cloud so that the malware exploits never even reach the organisation s network or systems. Many such services also gather samples of the latest threats as they emerge through worldwide intelligence networks that gather information from computer users worldwide, combined with a variety of other information and threat sources. Using a variety of detection techniques above and beyond those of signatures that provide countermeasures for threats that are known, including advanced heuristics, reputation analysis and content filtering, such services even afford protection against previously unknown, so-called zero-day threats. Many also offer protection against outbound threats and data leakage through the provision of data leakage prevention (DLP) capabilities and can enforce the use of extra security controls, such as encryption for all data in transit and at rest in the archiving repository. Cloud-based tools provide many other advantages for organisations in terms of management of, and visibility over, the service as all tasks, such as policy development and enforcement, are accomplished through one web-based management console that provides a unified view of all services offered, as well as comprehensive management reports of their effectiveness. Guarantees over the effectiveness of those services are provided by service level agreements (SLAs). These supply assurances over the amount of uptime guaranteed, the level of protection against both known and zero-day threats, and levels of spam protection with financial penalties imposed on the provider for any failure to meet the guaranteed levels of service. Further, cloud-based services are very well suited for the needs of organisations that wish to provide their workers with the flexibility of always-on access from anywhere via mobile devices, since only a browser interface is needed to connect to such services. Protection can even be easily and acceptably extended to those devices owned by employees themselves when connected to corporate resources an increasingly common situation encountered in today s business environment as only a small agent needs to be installed on each device so that the user does not suffer the frustration of degraded performance, which is unacceptable to most when using their own devices. For those organisations that do not wish to cede all control over their management needs to a service provider, hybrid deployment models are now more commonly being offered that combine on-premise management of systems with additional management services based in the cloud. For example, organisations may wish to benefit from the use of cloud-based threat protection services for inbound and perhaps for storage and archiving, whilst using in-house physical or virtual appliances for mailbox management and DLP capabilities. For some organisations, this provides a way of testing whether or not the use of SaaS is suitable for them and, should they find its use beneficial, can then migrate further services to the cloud over time. A Bloor InComparison Paper Bloor Research

8 The components of a unified management system As stated above, security needs to be part of a wider management posture. Security is essential for providing protection against malicious threats and data loss but, given the importance of as a communications and collaboration tool, correspondence also needs to be securely stored, managed and archived. This is vital for reducing business risks, and especially those associated with regulatory non-compliance or litigation requests that demand that business records be produced, including all relevant s. By looking at management in a wider context, organisations will be in a better position to enforce corporate policy, prevent data loss, eliminate downtime, achieve compliance, eliminate risks associated with spam and malware, and facilitate rapid search and e-discovery for improved productivity and litigation response. This will help organisations in achieving the three key security objectives of organisations with regard to the business information transmitted by and stored in integrity, confidentiality and availability. The components of a unified security system should include the functionality listed in the following sections. Mailbox management Efficient mailbox management is vital for maintaining user productivity. The management system should ensure that all messages and their attachments are captured, even those deleted by users, and sent to the archive according to set rules and policies. This will get around problems caused by users storing s in their own personal folders, which are not accessible to others in the organisation. The user should then be able to search for and retrieve items from the archive directly from the familiar client interface, as well as deal with suspicious items that have been quarantined, rather than requiring a separate pop-up interface for doing so. This will help to keep users productive, reduce training needs and lower the burden on the help desk of retrieving deleted or hard to find items. The system should support all the major clients in use and versions thereof, so that no s are missed. With many organisations looking to migrate to the latest 2010 version of Microsoft Exchange, a useful service that many service providers offer is help with those migrations to ensure security levels are maintained and policies continue to be enforced during the migration process. Malware controls Protection against malicious threats that include malware and spam is a core capability of any security system. However, with threats multiplying and growing in sophistication, any technology chosen should feature advanced detection and threat mitigation capabilities that provide protection against new, zero day threats. It is no longer sufficient to rely on reactive signature-based mechanisms since such countermeasures take time to develop and deploy to all devices via updates and patches to software installed on them. Not only is this time-consuming and frustrating for users, but it also leaves the organisation exposed to gaps in protection before all devices can be patched. A more effective strategy is to subscribe to cloud-based security services, where protection is applied remotely in the cloud before malicious traffic can reach the organisation s network. Providers of such services generally deploy anti-malware controls from major vendors, often in combination, but supplement these with multiple other detection techniques that include reputation services, advanced heuristics, URL and content filtering, black and white listing, and traffic monitoring for protection against such exploits as denial of service attacks. The use of multiple, proactive detection techniques provide protection against even zero day attacks. Further, many security service providers maintain global threat intelligence networks that gather information pertaining to the latest threats from multiple sources worldwide, including threats seen by customers, honeypots and other threat information services such as those provided by CERTs, ISPs and government agencies. The superior protection available through the use of cloud-based security services is spurring the take-up of hybrid services, whereby organisations maintain and manage clients in-house, but supplement them with the use of cloud-based services for certain capabilities, such as malware protection Bloor Research A Bloor InComparison Paper

9 The components of a unified management system Encryption and data leak prevention Security breaches are everyday news and can hurt organisations that suffer them, ranging from damaged reputations and lost business to the possibility of fines or other sanctions for failing to adequately secure sensitive information. An effective security system should therefore provide protection against unwanted data leaks, whether accidental or done maliciously, and should enforce compliance with the organisation s security policies and regulatory compliance requirements. Not only should the system store all messages and their attachments in encrypted form, but encryption should be enforced for protecting all sensitive information in transit according to policies set by the organisation. More advanced capabilities include the use of image analysis to prevent the transmission of images deemed to be inappropriate or to prevent the leak of information such as product designs. Some will also enforce the conversion of documents to more secure formats, such as read-only PDF documents, to prevent the information that they contain from being altered by the recipient. They can also enforce the use of signatures and legal notices regarding the obligations of the message recipient in terms of how the information can be used. A further capability to consider is the use of closed-circuit messaging, whereby an is sent containing just a link to a document that is held securely on the service provider s network, allowing highly sensitive information to be shared without the original being actually distributed outside of the organisation. Continuity Given the importance of , any disruption to services that makes the system unavailable is a frustrating productivity drain on users and can impact the business, perhaps through lost revenue-generating opportunities. Most cloud-based security services offer continuity capabilities that ensure that s can be sent and received, even during a planned or unplanned outage, and that provide access to recently archived s to keep users productive. However, capabilities vary and some vendors provide only limited coverage in this area. The system should also ensure that all s are archived, even during an outage. Data centre coverage In order for a service provider to offer such capabilities, it must maintain a network of data centres for failover in the case of a disaster. Organisations should ask their service provider for details of their data centre coverage and security measures. In today s highly regulated environment, the location of data centres is of importance as some laws, such as data protection in European countries, demand that data is not transferred to locations such as the US, where controls are less strict. Another consideration with regard to data centre location is to guard the organisation against demands from law enforcement agencies and governments for access to business records, including s, such as those of the Patriot Act of the US. As well as this, international litigation is on the increase. According to the 8th annual litigation trends report published by Fulbright & Jaworski LLP, 30% of 405 respondents from the US and the UK were party to at least one international arbitration dispute in 2011, rising to 50% of organisations with revenues of US$1 billion or more 5. Among UK respondents, 42% stated that they had encountered issues concerning the jurisdiction in which document processing takes place. Organisations should therefore seek assurances over the jurisdiction in which their s will be processed and stored. Archiving and ediscovery archiving is one of the cornerstones of any management programme as it provides a secure manner to store s for future use. This is a huge aid in productivity as users can easily search such archives to find information, such as details of a contract negotiation, which may be held in many threads. There are also numerous government regulations and standards that demand that business records be retained securely for set periods, which can be as long as ten years. In particular, cloud-based archiving is considered by many organisations to be among the most suitable applications for using cloud-based services as archiving needs are relatively uncomplicated and uniform. In December 2010, the US government unveiled its Cloud First policy, under which federal agencies must consider the option of using cloudbased services when planning new IT projects. A Bloor InComparison Paper Bloor Research

10 The components of a unified management system In April 2011, the White House CIO stated that 15 agencies had announced that they intended to move their management and archiving applications into the cloud. Two agencies the General Services Administration and the Department of Agriculture claim to have saved some US$40 million by abandoning in-house . Building on this, the US government announced in November 2011 that all federal agencies have until May 2012 to report on how they intend to improve the way that they store and manage electronic records, including s, blog posts and social media activity, and the White House, in conjunction with the National Archives and Records Administration, is currently drafting a new records management directive. Using cloud-based services is considered by many to be the best option. Other governments are following this lead. The UK government has stated that cloud computing should account for half of its IT spend by 2015 and it is hoped that this will reduce its annual IT expenditure of 16 billion by 3.2 billion. Another reason why archiving should go hand in hand with security is to support the growing number of ediscovery requests. According to Osterman Research, 57% of IT organisations that it surveyed referred to archives or backup tapes to support their organisation s innocence in a legal case in 2010 and 66% were ordered by a court or regulatory body to produce employee records 6. Also, according to Fulbright and Jaworski s 2011 litigation trends survey, organisations are concerned about stricter legislation being introduced that will lead to more litigation and 28% expect disputes to increase in When considering alternatives, organisations should look for a service that is tightly integrated with the client that they use, with the archive directly searchable from the inbox for greater usability, and should ensure that all s sent and received are captured by the system so that there are no gaps in the records. The service should provide support for regulatory compliance needs, such as allowing retention periods to be set and enforced according to the requirements of regulations that the organisation faces. It should also ensure that archived records are securely deleted once they are no longer needed so that the organisation is not exposed to the litigation risk and expense of searching through years of unnecessary data. Given the growth in litigation requiring electronic business records, including s, to be produced as evidence, any service chosen should provide ediscovery support, such as the ability to enforce legal holds. It is also absolutely essential that the archived records be held in a secure, tamperproof repository, with all s held in encrypted form and access to the data by the vendor s staff strictly controlled. Further, the archiving service should extend support to s sent and received by mobile phones used in the organisation. According to Fulbright and Jaworski s 2011 survey, 32% of respondents had to preserve or collect data from an employee s mobile device for litigation or investigation purposes in the previous year. Source: Computing 7 Figure 2: Reasons for archiving s Bloor Research A Bloor InComparison Paper

11 The components of a unified management system Centralised management To be effective, all of the components required of an effective security management deployment should be tightly integrated, built on a common architecture and managed through a central interface. It is via this interface that policies such as encrypting outbound s containing sensitive data and applying retention periods to inbound s can be effectively enforced. It should also be tightly integrated with the client in use to ensure that all s are captured, even those sent and received by mobile devices. Centralised management capabilities will also ensure that all actions taken across all components of the security service are logged in a consistent manner so that reports can be generated for management purposes and an audit trail is available to help the organisation prove that it is complying with the demands of government regulations and industry standards with which it must conform. A Bloor InComparison Paper Bloor Research

12 Overview of the major players Cisco Cisco s security products and services stem from its acquisition of IronPort in January It offers appliances for in-house deployment, cloud-based security services, a hybrid mix of the two and managed services for remote monitoring and management. It is best known for its on-premise appliances, deployed primarily by mid-sized and large organisations, whilst its cloud services have been developed more recently. Its products and services benefit from integration with other Cisco security products, such as its web security offerings, and it operates a global threat intelligence network that it claims monitors 30% of global internet traffic. Whilst Cisco has many of the basics, it lacks a full vertical stack for example, it does not offer archiving and some of its capabilities are available as add-on options. It has been in the security space for some time, but these products and services account for just a small proportion of its overall portfolio. Google Google s security capabilities come from its acquisition of Postini in 2007, a vendor of web and security, and archiving services, in order to boost the business appeal of its Google Apps products. Rebranded Google Postini Services, Google has been merging its security features into its Google Apps products, although it states that it will continue to sell them as standalone services for those that wish that. However, in September 2011, Google announced that it was discontinuing new sales of web security products as the functionality has been merged into Google Apps and it remains unclear whether or not the same fate will befall security. Google has also announced in February 2012 that it is discontinuing continuity services for customers using Microsoft Exchange. These factors raise concern over the long-term viability of its standalone products, as well as support for products other than Google Apps and its own client. Its security capabilities are basic compared to its competitors and little has been seen in terms of product development since Google acquired Postini. Some components are provided by partners and some are also offered as add-on products, of which there are minimum purchase requirements for some, such as encryption. Google is also widely slated for the lack of support offered. Customers are directed to online support information, which provides a limited amount of rather general information, and direct support is available only for larger accounts via an online portal. No support phone number is published Bloor Research A Bloor InComparison Paper

13 Overview of the major players McAfee McAfee was acquired by technology powerhouse Intel Corporation in 2011 and is maintained as a separate brand. Its security capabilities are part of its content security capabilities, also including web security and DLP. It offers its products as appliances, SaaS or a hybrid combination of the two. Many of its capabilities are offered as bundled suites offering varying levels of capabilities and are tightly integrated with its epolicy Orchestrator management platform. Its appliance products came through McAfee s acquisition of Secure Computing in 2007 and its SaaS capabilities through the acquisition of MX Logic in It recently integrated two in-house offerings into one security gateway appliance. McAfee s products and services are fairly comprehensive and it has options for organisations from small firms right up to large enterprises and ISPs, although it is considered to be fairly highly priced, especially when add-on services are purchased. It has a global threat intelligence network, which is considered to be strong. Microsoft Microsoft s security capabilities came through the acquisition of FrontBridge Inc in Now rebranded Microsoft Forefront, it offers on-premise products for its Exchange 2010 server and a SaaS offering for Exchange, which is the default choice for Exchange Online and Office 365, its suite of business productivity offerings. Its security products are included in many product bundles that it offers. However, its security capabilities are considered to be fairly basic in their native features and many customers of Office 365 and Exchange 2010 are choosing to supplement the services with those of specialised vendors, especially in the cloud-based archiving and continuity space. One particular caveat for its SaaS offering is that it only maintains data centres in the US and Europe and only guarantees in-geography processing in the US, specifically stating that data for customers in EMEA will be hosted in both Europe and North America. It does not offer continuity services. A Bloor InComparison Paper Bloor Research

14 Overview of the major players Mimecast Mimecast is a specialised vendor of unified management services based on a SaaS model. Its services encompass security, archiving, continuity, policy management and data leakage prevention and were all built as SaaS services from the ground up by Mimecast as one unified, tightly integrated service. The capabilities offered by Mimecast s management service are considered to be strong and it has a good track record of constant innovation. Its widespread data centre coverage is another key differentiator and in-geography processing and storage is guaranteed for all customers. Its SLA is strong compared to competitors and guarantees 100% uptime, even for access to the archive, and uninterrupted during an outage. Mimecast is also widely recognised for the quality and timeliness of its customer support, offered across multiple channels. Although coverage is provided for multiple clients, the primary focus is on Microsoft Exchange and it offers a service for those organisations looking to migrate to Exchange 2010 or Office 365. It has recently expanded its mobile coverage and continues to add new, innovative features to its service in areas that differentiate it from its competitors, including advanced encryption options, enhanced selfservice, secure attachment management, and stationery and marketing tools. Proofpoint Proofpoint is a specialised provider of security offerings, including on-premise and SaaS solutions for security, data leakage prevention, privacy protection, encryption, archiving and ediscovery. Many of its products have been acquired or are provided via partnerships, which can be risky if those partners are acquired. For example, its partner Clearwell Systems, providing ediscovery capabilities, was acquired by Symantec in The functionality of many of its products and services is considered to be good, although its archiving solution is not as highly regarded as its other capabilities. Proofpoint primarily targets mid-sized and large organisations and its SaaS services are used by even very large organisations. It also has a primary focus on North America and is not especially well known in EMEA, where it is only now setting up its data centre infrastructure in association with a partner. Its products and services are considered to be fairly high priced, especially as many capabilities are provided as add-ons, which can jack up the price considerably Bloor Research A Bloor InComparison Paper

15 Overview of the major players Symantec Symantec is one of the largest security vendors and has a broad range of offerings for security so broad that navigating through the maze can be a daunting challenge. It offers hardware and virtual appliances, software and SaaS options, some designed for specific clients that include Exchange and Domino. It is considered to have some strong capabilities and maintains a well regarded global threat intelligence network. However, all products were acquired and integration challenges remain. Its latest acquisition was of LiveOffice, a vendor of SaaS archiving, in 2012, which it had previously been offering under an OEM arrangement. Symantec s products and services are fairly high priced, especially as some of the capabilities offered are optional extras. It has worldwide coverage and good support capabilities, as well as particularly strong SLAs. Websense Websense is considered to be a leader in web security, which remains its core focus, although it has a fairly broad portfolio of security capabilities. It is considered to be particularly strong in terms of its DLP capabilities, which are integrated across all delivery channels, as well as its Threatseeker global intelligence network. It offers SaaS and on-premise options, as well as a hybrid combination of the two. The majority of its products and services were acquired and have been integrated with its TRITON management interface and reporting engine since 2010, providing a common management console for , web and data security. For some capabilities, it has relied on partnerships, which can be a risky strategy as was seen with the acquisition of its partner LiveOffice by Symantec, leaving it with no archiving or continuity capabilities. Websense is a public company, but only achieved profitability from 2010 onwards. It is considered to be mid- to high priced and some of its capabilities, such as advanced encryption and image analysis, are provided as optional add-ons. A Bloor InComparison Paper Bloor Research

16 Data reference section Champion McAfee Symantec Mimecast Cisco Websense Challenger Google Microsoft Proofpoint Innovator Figure 3: The vendor landscape The information used in making these evaluations has been drawn from a variety of sources, including published and unpublished sources. Technology and services providers have been evaluated for their capabilities in offering security in the wider context of a unified management system. The evaluations take into account their financial stability, brand and market share, their current offerings in this market sector and future direction, market presence, and perceived strengths and weaknesses. The information provided does not constitute a direct endorsement of any of the organisations. Where the diagram is concerned, the closer to the centre the vendor is positioned, the more fit for purpose their offerings are considered to be Bloor Research A Bloor InComparison Paper

17 Summary security is essential. communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain. There are many things to consider when selecting an security system as security should be seen in the wider context of management as a whole as well as the differing options in terms of how the controls are implemented that are available. The vendors profiled in this paper represent some of the most viable options on the market, yet each have their own strengths in terms of features and coverage. References Web-based_ _Shows_Signs_of_Decline_in_the_U.S._While_ Mobile_ _Usage_on_the_Rise 3. Corporate Executive-Summary.pdf benefits-moving- -archiving-cloud-7439 Further Information Further information about this subject is available from A Bloor InComparison Paper Bloor Research

18 Bloor Research overview Bloor Research is one of Europe s leading IT research, analysis and consultancy organisations. We explain how to bring greater Agility to corporate IT systems through the effective governance, management and leverage of Information. We have built a reputation for telling the right story with independent, intelligent, well-articulated communications content and publications on all aspects of the ICT industry. We believe the objective of telling the right story is to: Describe the technology in context to its business value and the other systems and processes it interacts with. Understand how new and innovative technologies fit in with existing ICT investments. Look at the whole market and explain all the solutions available and how they can be more effectively evaluated. About the author Fran Howarth Senior Analyst - Security Fran Howarth specialises in the field of security, primarily information security, but with a keen interest in physical security and how the two are converging. Fran s other main areas of interest are new delivery models, such as cloud computing, information governance, web, network and application security, identity and access management, and encryption. Fran focuses on the business needs for security technologies, looking at the benefits they gain from their use and how organisations can defend themselves against the threats that they face in an ever-changing landscape. For more than 20 years, Fran has worked in an advisory capacity as an analyst, consultant and writer. She writes regularly for a number of publications, including Silicon, Computer Weekly, Computer Reseller News, IT-Analysis and Computing Magazine. Fran is also a regular contributor to Security Management Practices of the Faulkner Information Services division of InfoToday. Filter noise and make it easier to find the additional information or news that supports both investment and implementation. Ensure all our content is available through the most appropriate channel. Founded in 1989, we have spent over two decades distributing research and analysis to IT user and vendor organisations throughout the world via online subscriptions, tailored research services, events and consultancy projects. We are committed to turning our knowledge into business value for you.

19 Copyright & disclaimer This document is copyright 2012 Bloor Research. No part of this publication may be reproduced by any method whatsoever without the prior consent of Bloor Research. Due to the nature of this material, numerous hardware and software products have been mentioned by name. In the majority, if not all, of the cases, these product names are claimed as trademarks by the companies that manufacture the products. It is not Bloor Research s intent to claim these names or trademarks as our own. Likewise, company logos, graphics or screen shots have been reproduced with the consent of the owner and are subject to that owner s copyright. Whilst every care has been taken in the preparation of this document to ensure that the information is correct, the publishers cannot accept responsibility for any errors or omissions.

20 2nd Floor, St John Street LONDON, EC1V 4PY, United Kingdom Tel: +44 (0) Fax: +44 (0) Web: