Magic Quadrant for Mobile Data Protection

What You Need to Know

Mobile data protection (MDP) systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits. This Magic Quadrant (see Figure 1) is a market snapshot that ranks vendors according to competitive buying criteria. Vendors in any sector of the Magic Quadrant, as well as those not ranked on the Magic Quadrant, may be appropriate for your enterprise's needs and budget. Every company must include MDP in its IT operations plan.

Return to Top

Magic Quadrant

Figure 1. Magic Quadrant for Mobile Data Protection

Source: Gartner (September 2011)

Return to Top

Market Overview

MDP is an established market with two primary purposes — first and foremost, to safeguard stored data on mobile devices by means of encryption and authentication; and second, to provide evidence that the protection is working. Most companies, even if not in sensitive or regulated industries, recognize that encrypting business data is a best practice. Common motivations for protecting data are to comply with government or industry regulations, maintain privacy, and shield intellectual property. Legislation across the world mandates increasingly tough penalties, as well as requirements for public disclosure in the event of a real or suspected mishandling of personally identifiable information. Even if information is not misused, the public relations costs to quell negative public reaction are expensive. Gartner believes that the costs of a data breach are always higher than the cost to invest in preventive measures such as MDP (see "Pay for Mobile Data Encryption Upfront, or Pay More Later").

Products in this market typically support several workstation platforms. However, public focus and most sales dwell on notebook (laptop) computers running versions of the Windows OS because they are most often cited in stories of loss, theft, penalties, etc.

For more than 10 years, this market was dominated by stand-alone and specialized companies. Several of these pure-play providers continue to be competitive; however, in 2011, several have left the market (see the Vendors Dropped section), and the influence of endpoint protection platform (EPP) vendors that have acquired MDP products is significant. EPP product suites are the most obvious of several places for encryption to add value for workstation buyers because EPP vendors already aggregate the other most common security needs, including enterprise antivirus (AV), anti-spyware, personal firewall and desktop host intrusion prevention systems. For most organizations, selecting an MDP system from their incumbent EPP vendors will meet their requirements. We see this trend accelerating.

All vendors and all products tracked in this Magic Quadrant offer similar basic functions and use comparable encryption algorithms. Differences in the Ability to Execute are based largely on financial and sales performance, but are strongly influenced by client feedback, and anecdotal research into matters of satisfaction and usability. Differences in Vision are scaled according to the breadth of the platform and the ability of a company to anticipate hot buying issues as evidenced by their R&D investments.

Last year was a catch-up year for MDP business. All vendors tracked are showing growth again, following the economic slowdowns in 2008 and 2009.

The following information is derived from the 2011 Magic Quadrant survey results: Seats sold for 2010 (a combination of reported and estimated data) increased to about 32 million, compared to 23 million for 2009 and 28 million for 2008. This estimate is positive, even with several vendors departing the market, and reflects the improved economy and greater awareness of the need for data protection, as well as the consequences of failure. Three-year cumulative seats sold (2008 + 2009 + 2010) are estimated at more than 73 million.

In terms of revenue, vendors in this market typically experienced growth relative to last year's Magic Quadrant, with the average being 24%. According to information derived from the 2011 Magic Quadrant survey results, 2010 worldwide revenue in the MDP line of business (LOB) was estimated at about $715 million, compared with $940 million in 2009 and $716 million in 2008. The decreasing revenue can be explained through a combination of LOB revenue subtracted because of companies that have departed the study (see the Vendors Dropped section) and by conservative changes in the estimates calculated for nonreporting vendors. In general, and not surprisingly, the best results were experienced by the EPP vendors that were successful at selling MDP as part of a holistic solution. It must be noted, however, that LOB revenue does not map directly to MDP market performance such as seat sales, since larger vendors include multiple products in the LOB that supports MDP. LOB revenue is useful to gauge company health and ability to execute, and larger LOB revenue helps fund R&D.

Gartner client inquiry calls steadily continue to request first-time and upgrade assistance in understanding, choosing and implementing data encryption. The number of calls indicating lack of knowledge about data leakage, and the tendency of clients to rationalize protection of only subsets of vulnerable devices, provide additional validation that data protection is still inadequate across industries. At the same time, the stories of lost, stolen and misused devices are always in the news. Each year, hundreds of thousands of laptops, phones and removable media devices are estimated by various sources to go missing through loss or theft, to have their data copied without consent, and to be upgraded or exchanged without having their data removed.

Increasing legal and regulatory demands for the protection of data will maintain a hot interest in this market and topic for many years. In the U.S., for example, most states have enacted data breach disclosure laws. The number of systems that lack protection continues to outrun the sales in this market by margins that ensure continued MDP sales. For example, Gartner's 2011 forecast for new shipments of PCs is expected to reach more than 435 million units, including approximately 95 million professional desk-based PCs and 100 million professional mobile PCs (see "Quarterly Statistics: Personal Computers, All Countries Forecast Database, 2Q11 Update"). That estimate does not include home PCs used for business purposes, nor does it include millions of smartphones and tablets that need managed protection. More and more companies are investing in MDP, but the reported sales suggest that, as a whole, unprotected workstations continue to outrun the provisioning of MDP. Gartner recommends that all companies make efforts to broadly install encryption across their workstations.

MDP earns a promising assessment for growth in 2011 through 2012. Buyer concern over data protection remains strong, and requests for MDP planning and purchasing guidance are frequent. EPP calls related to MDP have substantially increased: Three-quarters of Gartner clients that call for EPP advice mention MDP as a near-term concern, and half will include MDP in their purchasing decisions. Opportunities for MDP innovation continue, indicating future viability for the market. Some examples: increased support for self-encrypting drives and other hardware enhancements to improve performance and stability, new methods for user authentication key and access recovery, expanded support for different types of removable media, integration with collaboration and file-sharing products, support for encryption data managed in cloud services, and MDP itself offered as a cloud service (a new pure-play cloud vendor has been added to the report this year).

Since most companies that invested in MDP to date conducted only partial installations that were mostly made for notebook/laptop computers, there is considerable room to upgrade and upsell on all platforms. Buyers should consider the benefits of pervasive encryption (workstations and smaller mobile devices) to reduce data loss, but must be prepared to periodically reassess vendors, taking into account future consolidations, exits of point solution vendors, and the overhead costs of migrating from one encryption system to another.

Features, Technologies and Client Concerns for 2011 and 2012

Gartner clients know that data leakage can cost them money and their reputations, and eventually most companies will make MDP investments, whether they are small or large enterprises, or bound by compliance rules or not. They will make those purchases faster when the solutions are easy to understand and manage, easy to use, and priced affordably:

Stability and performance: New workstations with ample memory will provide good performance even when software-based encryption is used. However, reference clients still report variable quality experiences that can be traced to implementation errors, and the MDP vendors need to improve planning advice to buyers as well as the installation/diagnostic utilities they provide to ensure successful installations.
Entry price: In small quantities (fewer than 500 seats), list seat pricing for an MDP suite ranges from $52 to $132 per seat. Additional costs can include several consulting days for installation and training, support/maintenance (typically 20% or more of contract value), and, in smaller contracts, there may be a separate fee for the management console. For financial reasons, smaller MDP companies may be unable to deeply discount their products, but are still attractive for personalized service and specialized use cases. EPP vendors that have entered the MDP market may be better targets for aggressive pricing negotiation.
Encryption offered as a managed cloud service (software as a service [SaaS]): Gartner believes that MDP offered as a trusted service makes sense and can reduce barriers to entry, particularly for smaller companies. Historically, MDP vendors have been unsuccessful at growing SaaS offerings. In this model, the entire management function moves to the cloud so that companies do not need to purchase and install the console, and can easily outsource help desk tasks. SaaS currently represents a small percentage of earnings for the majority of vendors tracked in this Magic Quadrant. The critical technical success factor for cloud-based MDP will include validated distribution of the encryption agent and robust private key management, because this is the basis for building buyer trust.
Government security certifications: The 140 series of U.S. Federal Information Processing Standards (FIPS) and Common Criteria (CC) are generally recognized by all buyers as signs of competence and commitment by an MDP vendor. FIPS 140-2 is the current standard for robust cryptographic engines in the MDP market, and is a requirement for federal government purchases. CC certification is a true international moniker that documents product specifications in a standard format. Gartner recommends FIPS-certified products for all purchases.
Non-Microsoft-Windows workstations: Gartner sees increasing interest in supporting Apple Mac OS X workstations, and scant mention of Linux and Unix platforms. Product features are not always complete on secondary platforms, and buyers are advised to perform thorough evaluations, as well as request road map presentations, during the RFP phase.
Bring your own PC: In Gartner's opinion, MDP vendors have not provided sufficiently transparent nor robust tools to satisfy users of noncompany workstations. Nor do we believe that adequate progress is being made. Protection for personal workstations seems better suited to virtual machines (which can run MDP within), quarantined browser sessions (supported by secure browsers and Secure Sockets Layer [SSL] VPNs), and self-encrypting applications specially built and selected for personal use cases.
Smartphones and tablets: Data protection on smaller devices is an underdeveloped area for MDP vendors. The mobile device management (MDM) market has more than 40 viable entrants at this time, and buyers are looking to these companies to assist with data protection. MDM vendors are managing smartphone/tablet security policies as part of offering a full device life cycle management (LCM) experience; whereas the typical MDM and EPP products are not LCM products. In Gartner's opinion, most of the pure-play MDP vendors kept their strategies aligned with workstation revenues and have missed opportunities to grow business on smaller platforms. EPP vendors with MDM capabilities need to do more work to integrate policy management across EPP, MDP and MDM products. (For further information, see "Magic Quadrant for Mobile Device Management Software.")
Hardware subsystems: Buyers have an increasingly interesting set of tools available to improve the performance of MDP investments. These include Trusted Computing Group's (TCG's) Trusted Platform Module (TPM), a motherboard chip that can securely store certificates and encryption keys; Intel Advanced Encryption Standard New Instructions (AES-NI) to accelerate software-based AES encryption engines; Intel Anti-Theft (AT), asset tracking, remote control and remote lock toolsets built into Intel motherboards; Extensible Firmware Interface (EFI), which enhances the basic input/output system (BIOS) with new 32-bit and 64-bit boot and runtime features; and self-encrypting drives (SEDs) based on Seagate's legacy DriveTrust technology and TCG's open-industry standard, usually referred to as Opal. Among these subsystems, only TPM and Opal have demonstrable sway. TPMs are preferred to augment key management in very high-security implementations, and SEDs are valued by users that try them; however, availability was limited through 2010, and SEDs may continue to be scarce in 2011, hampering the attempts of many companies to standardize on them. Buyers should use hardware enhancements where possible, but select MDP tools that can still provide all the necessary functions and compliance certifications in software to compensate for platforms that lack a particular hardware component.
Key management, storage and destruction methods: Key issues are frequently on buyers' minds because of valid concerns regarding the misuse of user/system key/access credentials resulting from inside attacks, loss, theft and hacking. Poorly managed key methods can result in loss of keys and, therefore, loss of access to critical data. Lax administration controls may allow key access to unauthorized people. Poorly architected or weakly configured encryption products may be vulnerable to brute force or dictionary key recovery on the client device. A well-managed and crafted key system not only avoids these problems but also provides disposal protection tantamount to drive wiping, and is essential to defend against data breaches on lost systems. Buyers are advised to perform thorough evaluations on all applicable use cases.
Federally sponsored purchase plans: In June 2007, U.S. federal Blanket Purchase Agreements were awarded to several of the vendors tracked for this Magic Quadrant, in a joint effort by the U.S. Office of Management and Budget, the U.S. Department of Defense, and the U.S. General Services Administration (GSA). These blanket purchase orders can sometimes be used by other agencies, including state and local governments, and can stimulate sales opportunities by virtue of expedience. Nonfederal government organizations should always ask if they are eligible to use the purchasing program.

Return to Top

Market Definition/Description

Products that Gartner tracks in the MDP market are software utilities that enforce data privacy policies by managing data encryption data access on the primary and secondary storage systems of end-user devices. Storage systems include the primary boot drive (hard-disk drive [HDD], solid-state drive [SSD]), and removable media devices such as flash and optical drives. Some vendors may be able to set policy for network storage, but that is not core to the current definition.

A typical MDP product consists of a central console that controls client activations, pushes data protection policies, interfaces with the help desk, acts as a key management facility and generates alerts and compliance reports. An active endpoint agent is provided for the target workstation/device, and an agent for removable media that will be replicated as needed. The market is called "mobile data protection" because the primary buying decision has always centered on portable devices that cannot rely on traditional physical security. However, the technology works well and has value on nonmobile systems, such as desktops and servers, and vendors are reporting increasing income from these platforms. MDP products provide active services bound to the OS and BIOS services of their host platforms so that they can control primary storage input/output and insert themselves in the primary steps of user authentication. With few exceptions, MDP products are capable of providing all encryption/decryption processes as software service to the OS. New developments have allowed MDP products to offload part or all of this work to hardware elements, including the CPU and drive controller. However, MDP cannot simply be replaced or made obsolete by hardware components. They will always be the focal point for encryption policy management, key access and storage, system recovery, and audit reports.

Encryption may be invoked at the level of individual files, as is common on small mobile devices, or at the folder, partition or full drive. Users must answer a login challenge to gain access to data. The challenge may range from a simple PIN to a complex password, token or smart card, and may use biometrics. Competitive differences derive from various approaches to management, encryption strength, user authentication, policy management and value-added features, such as the protection of information on removable media and breadth of platforms supported.

The largest MDP revenue source is for products that support workstations based on the Windows OS, but buyers are also increasingly looking for Mac OS X support, and the ability to manage policies for smartphones and tablets. Additional consideration will go to vendors that cross multiple platforms and OSs. Companies that sell port controls and external/removable media protections as their only or main features without meeting other core aspects of the MDP definition did not qualify for inclusion in this Magic Quadrant.

Return to Top

Inclusion and Exclusion Criteria

Twenty-two data protection vendors with MDP capabilities were notified of the annual survey. Fourteen satisfied the inclusion/exclusion criteria and appear in the Magic Quadrant, according to the evaluation of these attributes:

The vendor must have had products that meet the market definition and were generally available in 2010 and in 1H11 for a sufficient length of time to attract market attention. The products must also meet all aspects of the definition of products in the market, as set forth in this Magic Quadrant. The vendor must offer products for use on Windows-based PCs, because these workstations represent most of the revenue for the market. Vendors that sell and/or source third-party encryption products are allowed; several vendors in this market license parts of their solutions, ranging from cryptographic modules to larger program components.
The vendor must be generally recognized as a participant in the market, as evidenced by Gartner client interest and inquiries, presence at tradeshows and conferences, and other forms of public and media mention that establish competitive presence. Our analysts must receive feedback from clients and case study reference organizations indicating that they are using the products. The vendor should appear regularly on Gartner clients' shortlists for final selection and should appear regularly in other sources (such as publications and support forums) as a product that's competitive with companies that are already qualified for this market.
The vendor must own or license FIPS-140-certified encryption. A vendor will be considered if its FIPS 140 application is processing during the study year.
Seat sales in 2010 needed to total more than 125,000 seats, and 2010 revenue in the market must have been greater than $3 million. Exceptions may be granted if other inclusion factors merit consideration. These thresholds were continued from the prior report.
The vendor must provide centrally managed access controls, lockouts, and key management/recovery and system recovery methods.
The product must be commercially supported.
Seats sold by licensees, partners and others can only be counted once if they are reported. They will be attributed only to the original vendor if the licensee is not already included in this Magic Quadrant. OEM seats that are shipped without revenue may be attributed at a reduced percentage.

Exclusion Criteria

Vendors are asked to participate in an annual survey that is used to collect competitive and historical data within requested deadlines. If data is not provided, we estimate a vendor's status from prior-year surveys, if available, and independent sources. Vendors that decline to report for several years in a row, and cannot otherwise be verified, may be excluded from or reduced in ranking consideration. Essential information that falls under this rule includes:

Count of client companies under contract
Count of seat sales (actual and estimated) over a three-year period
LOB revenue, and other basic financial and organizational metrics

Vendors Considered for, but Not Included in, the Magic Quadrant

Absolute Software combines an encryption feature with its asset-tracking system, called Computrace. Absolute Software has never portrayed its encryption as a differentiated competitive product and is not generally identified as an encryption provider for the MDP market. The company will be reconsidered for next year's report.

Hardware encryption subsystems, offered by vendors listed in the Market Overview section are enabling technologies that may be exploited by MDP products, rather than complete solutions; thus, they are not ranked in this Magic Quadrant.

Open-source projects AxCrypt and TrueCrypt offer free data encryption tools, but they are not commercially supported. Gartner monitors open-source projects and will consider future project distributions when we see evidence of commercial support.

SecurStar has not applied for FIPS 140-2 certification. The company will be reconsidered for next year's report.

These companies did not return the Gartner annual RFI survey for MDP during the evaluation and analysis phases of this report, and are not otherwise competitively visible in the enterprise MDP market when evaluated against the Inclusion Criteria for this Magic Quadrant: Arkoon Network Security, Dekart, DESlock, Imation, Infolock Technologies and Information Security.

Return to Top

Added

DigitalPersona is a new entrant that gained a foothold in MDP in 2010 by providing an OEM product through HP. Its product is now released for direct sales.
Microsoft BitLocker is assessed in the 2011 Magic Quadrant in consideration of adjustments of the Inclusion Criteria that emphasize Windows workstation platforms and time in the market.
Trend Micro acquired Mobile Armor and released the DataArmor product with new branding in February 2011.

Return to Top

Dropped

Becrypt dismissed efforts to compete in the MDP market in late 2010. The company is concentrating its efforts on its Trusted Client product and is exclusively pursuing niche government opportunities, primarily in the United Kingdom.
Mobile Armor was acquired by Trend Micro and is now tracked under Trend Micro
SafeNet has shifted its portfolio focus to the protection of data within the data center and in cloud/virtualized environments versus the laptop, desktops and removable media.
Sybase had de-emphasized PC MDP sales several years ago, and has made the decision to discontinue full disk encryption (FDE) for Windows. All other aspects of Afaria continue to be fully supported on Windows, including management capabilities such as software distribution, file transfer, process automation, patch management, etc.
Trustwave, in alignment with its payments business, is focusing on end-to-end encryption for transaction data, although the company continues to offer stored data and email encryption products using its Smart Tag technology. This area of focus is not comparable to the typical MDP approaches offered by vendors tracked in this Magic Quadrant.

Return to Top

Evaluation Criteria

Ability to Execute

This market is well-established, and global pressure for data protection means that incumbent vendors can sell enough seats to keep their doors open. The recent economic slowdown has reduced the appearance of new companies.

New products, new features and estimated sales in 1H11 were also considered in the final ranking. Unofficial road maps, pending contracts, future sales agreements, future promises for very recent acquisitions, and vague strategies do not significantly contribute to a vendor ranking or to inclusion in this Magic Quadrant; however, vendors that have official and public road maps, and make consistent progress, are recognized.

Execution weightings are considered standard because within the research review, the relative merit of each ranking factor can be adequately expressed for the general case without additional adjustments. Weightings are subjective and contextual; readers who conduct their own RFIs may choose to change weightings to suit the needs of their business and their industry:

Product/Service compares the completeness and appropriateness of core data protection technology. This factor is critical in demonstrating that the vendor can generate market awareness.
Overall Viability considers company history and demonstrated commitment in the market, as well as the difference between a company's stated goals for the evaluation period and the company's actual performance, compared with the rest of the market. Growth of the customer base and revenue are considered.
Sales Execution/Pricing compares the strength of a vendor's sales and distribution operations, as well as the discounted list pricing for investments in seats ranging from fewer than 100 to more than 10,000. Pricing is compared in terms of first-year cost-per-concurrent active license seats, including the cost of the management console, and all hardware and support. Buyers want demonstrable peace of mind more than they want bargains, and they will respond to sales techniques led by case studies and ROI projections.
Market Responsiveness and Track Record and Marketing Execution are rated together as Marketing Execution. This criterion rates competitive visibility as a key factor, including which vendors are most commonly considered to be top competitive threats by each other, and which vendors respond most effectively during buyer RFPs.
Customer Experience is subjectively rated from client feedback to analysts; from opinions of Gartner analysts in security, network and platform research groups; and from vendor-supplied references, where needed.
Operations considers the ability of a vendor to pursue its goals in a manner that enhances and grows its influence in all execution categories. Operations is already considered in the other execution ranking categories (see Table 1).

One of the interesting subjective elements of the survey is an execution question in which vendors are asked to name three peers that constitute their greatest competitive threat. The result of this survey question is a good barometer for understanding the potential of vendors to maintain high performance in this market.

Table 1. Ability to Execute Evaluation Criteria
Evaluation Criteria	Weighting
Product/Service	Standard
Overall Viability (Business Unit, Financial, Strategy, Organization)	Standard
Sales Execution/Pricing	Standard
Market Responsiveness and Track Record	No rating
Marketing Execution	Standard
Customer Experience	Standard
Operations	No rating

Source: Gartner (September 2011)

Return to Top

Completeness of Vision

Vision is subjectively ranked according to a vendor's ability to show a broad commitment to technology developments in anticipation of user wants and needs that turn out to be on target with the market.

Companies that lead in vision typically own, license or partner on products in other security and configuration management markets. They must also demonstrate management features that make their products easy to integrate with enterprise directories, and to interoperate with other enterprise security and management systems.

Vision weightings are considered standard because, within the research review, the relative merit of each ranking factor can be adequately expressed for the general case without additional adjustments. Weightings are subjective and contextual; readers who conduct their own RFIs may choose to change weightings to suit the needs of their business and their industry:

Market Understanding and Marketing Strategy are ranked together as Marketing Strategy, assessed through direct observation of the degree to which a vendor's products, road maps and missions anticipate leading-edge thinking about buyers' wants and needs. Gartner makes this assessment subjectively by several means, including interactions with vendors in briefings and by reading planning documents, marketing and sales literature, and press releases. Incumbent vendor market performance is reviewed year by year against specific recommendations that have been made to each vendor, and against future trends identified in Gartner research. A vendor cannot merely state an aggressive future goal; it must put plans in place, show that it is following the plans, and modify plans as market directions change. Also considered are the vendor's partnerships with other vendors in related endpoint security markets, including AV, anti-spyware, configuration management, authentication, device identification, VPNs, data encryption, gateway firewalls and others.
Sales Strategy examines the vendor's strategy for selling products, including sales messages, techniques, marketing, distribution and channels. This topic is considered to be in execution; it does not apply to product vision, which is ranked in terms of investment in functionality.
Offering (Product) Strategy is ranked through an examination of the breadth of functions, platform and OS support for the MDP client. R&D investments are credited in this category. Mergers that bring EPP vendors into the market have a strong impact on vision rankings for all vendors, because these vendors are driving the types of integration that Gartner considers to be strategic and competitive. Supported platforms are listed in the vendor comments.
Business Model takes into account a vendor's underlying business objectives for its products, and its ongoing ability to pursue R&D goals in a manner that enhances all vision categories.
Vertical/Industry Strategy considers a vendor's ability to communicate a vision that appeals to specific industries and vertical markets. However, this Magic Quadrant doesn't consider vertical markets as a distinctive ranking factor, so this category is irrelevant and not rated.
Innovation takes into consideration the degree to which a vendor invests in core requirements for the successful use of its products.
Geographic Strategy takes into account a vendor's strategy to direct resources, skills, products and services globally. All vendors are ranked in the Magic Quadrant for their performance as a whole, and within the frame of reference of Gartner clients; therefore, a detailed examination and ranking of this category is irrelevant. In 2010, North America was estimated to account for more than 63% of MDP revenue potential (on average) — and, for many years, success in the North American geography has been the primary indicator of viability. Buyers in other geographies tend to react to vendors based on their competitiveness in North America — and, to a lesser extent, in Europe.

Table 2. Completeness of Vision Evaluation Criteria
Evaluation Criteria	Weighting
Market Understanding	No rating
Marketing Strategy	Standard
Sales Strategy	No rating
Offering (Product) Strategy	Standard
Business Model	Standard
Vertical/Industry Strategy	No rating
Innovation	Standard
Geographic Strategy	No rating

Source: Gartner (September 2011)

Return to Top

Leaders

Leaders have products that work well for Gartner clients in small and large deployments. They have long-term road maps that follow and/or influence Gartner's vision of the developing needs of buyers in the market. Leaders make their competitors' sales staffs nervous, and force competitors' technical staffs to follow their lead. Their MDP products are well-known to clients and are frequently found on RFP shortlists. In 2011, the companies that execute strongly enough to differentiate themselves as Leaders are EPP vendors that all made MDP acquisitions.

Return to Top

Challengers

Challengers have competitive visibility, market share, and financial and channel strengths that are better-developed than Niche Players, but not as broad as a Leader or Visionary. They also have greater success in sales and mind share than similar Niche Players. Challengers offer all the core features of MDP, but typically their vision, road maps or product delivery is narrower than the Leaders. Challengers may have difficulty communicating or delivering their vision in a competitive way, but they can be very disruptive to the sales of other vendors, particularly Leaders. For example, if a vendor has implemented features ahead of the demand curve that do not attract buyers, do not trigger new competitive responses from other vendors and do not change the developmental course of the market, then its vision is not improved by those features. The Magic Quadrant for MDP historically reports little or no activity in this quadrant. In general, companies that execute strongly become Leaders.

Return to Top

Visionaries

Visionaries make investments in broad functionality and platform support, but their competitive clout, visibility and market share don't reach the level of Leaders. Visionaries make planning choices that will meet future buyer demands, and they assume some risk in the bargain because ROI timing may not be certain. Companies that pursue visionary activities will not be fully credited if their actions are not generating noticeable competitive clout, and are not influencing other vendors. The difference between Visionaries and Niche Players amounts to the risks that the company takes in terms of strategic R&D and the ability to realize competitive clout from those risks.

Return to Top

Niche Players

Niche Players offer products that suit many enterprises' needs and often are the best choice to get a stable product combined with more-personalized service. A Niche Player ranking is assigned when the product is not widely visible in competition, and when it is judged to be relatively narrow or specialized in breadth of functions and platforms — or, for other reasons, the vendor's ability to communicate vision and features does not meet Gartner's prevailing view of competitive trends. MDP Niche Players include stable, reliable and long-term players. Some Niche Players work from close, long-term relationships with their buyers, in which customer feedback sets the primary agenda for new features and enhancements. This approach can generate a high degree of customer satisfaction, but also results in a narrower focus in the market (which would be expected of a Visionary). Niche Players are candidates for acquisitions.

Return to Top

Vendor Strengths and Cautions

Check Point Software Technologies

Among EPP vendors, Check Point was an early adopter of MDP through the acquisition of Pointsec, an influential pure-play encryption provider. Check Point sells data encryption under the Check Point and Pointsec brand names.

Return to Top

Strengths

Its revenue is above average in the LOB that contains MDP products. Check Point also holds a strong position in remote access VPNs, with many choices for workstations and smaller devices.
Its clients have increasingly reported positive experience with Check Point's products, but its long time in the market does mean that contracts are often up for re-evaluation. Feedback indicates that Check Point has invested more effort into advising clients and resellers on installation and maintenance best practices.
Check Point has these FIPS and CC certifications: FIPS 140-2, CC EAL2 and CC EAL4+.
Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS X and Linux. Mobile device support is provided via a separate product, Check Point Mobile, for legacy platforms such as Palm OS, Symbian and Windows Mobile 6.5. Support for iPhone, iPad and Android platforms was not available during the study period.

Return to Top

Cautions

Gartner client inquiries suggest that most buyers consider Check Point's MDP as a point purchase, rather than integrated with Check Point's larger EPP offering. Also, reference feedback and client inquiry indicate that this vendor is not generally leading shortlists.
Check Point conducted visionary work with SanDisk over several years that resulted in a trusted portable personality device (TPPD) — Abra, which can be used for security media storage and also as a managed remote access platform. Unfortunately, SanDisk exited the TPPD market last year, and Gartner's research among secure USB drive vendors indicates sales have stalled except in specialized government markets (see "Hype Cycle for Data and Collaboration Security, 2011").
Check Point has not yet released definite dates by which it will support SEDs.
Check Point declined to provide sales data for the third year in a row after an earlier history of slightly declining sales. Other factors, including Gartner client inquiry, publication references or reviews, performance in the EPP market, and lack of peer vendor reaction, provide an indication that its ability to execute competitively has reduced since our last ranking.

Return to Top

Credant Technologies

Credant is one of a few companies in the MDP market that fought the trend toward full disk encryption for years by offering superior function in file- and folder-based protection. For many use cases including multiuser applications, the approach has been successful.

Return to Top

Strengths

Gartner received steady indications from client inquiry that Credant sales were stimulated in 2010 and 2011 by its new OEM relationships with Dell and LANDesk. Credant's revenue grew by about a third in 2010, compared to flat performance in 2008 and 2009. The company is profitable and has long-term stable investors.
Credant increased its ability to compete in the FDE-dominated market by licensing an FDE agent (from Mobile Armor) in 2011.
Credant continues to attract buyers that do not want to replace the boot process. These users want minimal interference with normal OS operations, including patch management, and minimal changes to conventional help desk procedures.
Credant provides basic management for BitLocker to enhance key management and user recovery, as well as to stop administrative users from turning off encryption.
Credant has these FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL3, with CC EAL4+ in final review. It was included in the GSA's SmartBuy award.
Platform support is provided for Windows XP through 64-bit Windows 7, Mac OS X, Linux, Palm OS, Symbian and Windows Mobile 6.5. Embedded system support includes Seagate and TCG encrypting drives, and the TPM.

Return to Top

Cautions

In the past, some clients experienced problems where Credant was installed on underpowered legacy hardware, and involving situations that are now moot; however, buyers have long memories. Customer relationship management and re-engagement with past buyer contacts are critical to ward off competitive takeouts and improve Credant's chances in new RFIs.
Many prospective buyers are completely unaware of Credant's developments and are not taking its capabilities into account, such as the addition of FDE.
Credant needs to improve its competitive communications to potential buyers and renewal accounts.

Return to Top

DigitalPersona

DigitalPersona is a new entrant in the MDP market, having appeared first as an OEM to HP called ProtectTools in 2010. The company is unusual in the MDP market in the sense that its own offering will primarily be presented as a cloud service. Its encryption engine is licensed from McAfee.

Return to Top

Strengths

DigitalPersona's preferred bundling with HP workstations and notebooks, which began in 2010, potentially offers exposure on millions of platforms and was treated as favorable for inclusion for a speculative entry to the Magic Quadrant. Users receive reminders to opt in to managed data protection.
The company now offers its agent under the name DigitalPersona Pro Workgroup Data Protection for direct sale combined with cloud service management.
DigitalPersona provides platform support for all versions of Windows, from XP through 64-bit Windows 7.

Return to Top

Cautions

Activations through HP can be used stand-alone and are not automatically reported to DigitalPersona, thus providing no sales leads, and making product penetration estimates difficult. However, customers that are interested in central management of HP ProtectTools can engage with DigitalPersona through the client software or order the management service through their HP channel partner.
Although evidence regarding the user base of the bundled software is only circumstantial, Gartner is giving DigitalPersona and its unique cloud service concept the benefit of the doubt. The company's cloud service product only came to market at the end of the study period in 2011, and, therefore, cannot contribute to execution.
Many enterprise buyers simply erase the HP standard image and, therefore, lose access to the bundled software unless they download the ProtectTools software from HP's website and reload it onto their HP computers. HP and its channel partners are working with DigitalPersona on ways to promote the availability of the software to HP's customers.
The company's track record is limited in the MDP market.
Removable media protection is not included in the DigitalPersona application at this time, but is scheduled for addition.

Return to Top

McAfee

McAfee is a long-term player in the MDP market. Its acquisition of Safeboot is among the most successful integrations of MDP by an EPP vendor, and has stimulated stand-alone and bundled MDP sales.

Return to Top

Strengths

Seat sales for McAfee Total Protection for Data (ToPS) were highly ranked, combined with strong LOB revenue. Gartner client inquiries strongly associate McAfee's MDP products and EPP products, but MDP also sells well as a stand-alone choice. Good revenue, combined with high recognition from buyers and frequent competitive citations, earn McAfee a high execution ranking. McAfee has been named the most-competitive threat by its peer group, but only by a simple majority.
McAfee provides native content filtering in the MDP product to conditionally block data by type or contents. Within the ToPS for Data suite, Host DLP and Device Control are included standard.
McAfee has these FIPS and CC certifications: FIPS 140-2 and CC EAL4. It was included in the GSA's SmartBuy award.
Standard maintenance support is included in the seat cost of all contracts.
On Windows PCs, the Endpoint Encryption Go (EEGO) utility, a dedicated tool for compliance assessment, performs a deep analysis on systems to predict and prevent disk encryption installation failures. This utility is included with McAfee's Endpoint Encryption for PCs (EEPC).
Platform support is provided for Windows XP through 64-bit Windows 7, Mac OS X, iPhone, iPad, Android, Palm OS and Windows Mobile 6.5. Embedded support includes Intel AES-NI, TCG encrypting drives, TPM and EFI.

Return to Top

Cautions

In Gartner's opinion, the Intel acquisition attenuated development efforts that should have brought faster progress to integrate MDP and MDM feature updates. McAfee's vision could have been strengthened (and still could be in the future) by pursuing a common policy management framework for workstations and small mobile devices.
McAfee's current implementation for encrypted USB flash drives and external hard drives requires initial activation (a one-time step) on a Windows system before the drives can be used with Mac OS X workstations. McAfee's encrypted USB products are not integrated with McAfee's endpoint encryption products for PCs, Macs or removable media.

Return to Top

Microsoft

Microsoft BitLocker gained visibility under Vista, but failed to gain traction along with Vista itself. Windows 7 BitLocker and BitLocker To Go are considered a new product family for ranking purposes.

Return to Top

Strengths

Gartner client interest in BitLocker is growing and now accounts for a small but steady stream of inquiries.
BitLocker activation is extremely simple, and users will not experience a long setup time for the hard drive to encrypt.
As an embedded Windows 7 process, BitLocker efficiency is very good, and users experience minimal performance effects.
Microsoft BitLocker Administration and Monitoring (MBAM), scheduled for release in 3Q11, will become part of the Microsoft Desktop Optimization Pack for Software Assurance. MBAM is expected to simplify deployment and key recovery, improve FIPS Mode functionality, and will centralize provisioning, monitoring and reporting of encryption status for fixed and removable drives. During the Magic Quadrant survey period, BitLocker lacked robust configuration and monitoring support.

Return to Top

Cautions

Other Microsoft products that assume PCs will autoboot, such as DirectAccess, cannot function in the presence of BitLocker until the drive is unlocked. As a best practice, Gartner recommends users should log in with the PIN code, which requires the user to be present in order to avoid drive exposure. Several non-Microsoft file-based encryption products will maintain maximum data encryption while allowing the system to autoboot to support utilities such as DirectAccess.
A TPM chip is required; otherwise, the user must carry his or her access key on a flash drive or remember a long number string. There is no complexity coaching nor expiration/update mechanism for a user's PIN code.
Users who are administrators of their PCs can easily disable BitLocker. Safeguards must be used to prevent unexpected deactivation.
During the Magic Quadrant survey period, running BitLocker in FIPS mode caused a number of support features to be deactivated. However, in non-FIPS mode, BitLocker was vulnerable to recovery key access by Active Directory administrators.
BitLocker drive encryption is limited to two versions of Windows 7 (Ultimate and Enterprise editions), neither of which would be common for users who participate in "bring your own PC (BYOPC) to work" programs. Likewise, only these two versions of Windows 7 can be used to initialize BitLocker To Go encrypted flash drives. BitLocker To Go operates only as full-volume encryption. Access is limited to read-only on Vista and XP, and cannot be read on other platforms such as Mac OS X X, which is popular in BYOPC programs.
Selective hard-drive file and folder encryption requires users to employ Microsoft's Encrypting File System (EFS), but BitLocker does not provide policy management integration with EFS. On a positive note, BitLocker negates the startup vulnerabilities that allowed EFS to be exploited.
Microsoft has no stated plans to support SEDs.

Return to Top

Novell

Novell, now doing business as part of the Attachmate Group, offers a file-based encryption feature as part of ZENworks Endpoint Security Management (ZESM). ZESM is an endpoint protection platform minus anti-malware protection; however, it will verify the presence and operation of the user's choice of products.

Return to Top

Strengths

ZESM is tightly integrated under a single console with ZENworks, thereby making it an easy (but niche) choice for Novell-centric IT shops.
Novell has these FIPS and CC certifications: FIPS 140-2 and CC EAL4+.
Platform support is provided for Windows 2000 through Windows 7 (64-bit under development), Linux (Red Hat and SUSE), Palm OS, RIM and Windows Mobile 6.5.

Return to Top

Cautions

Novell is not recognized as a competitor in this market by other MDP vendors or by Gartner clients. Novell's incumbent customer base may be likely to buy ZESM as a point solution for removable media protection. Novell should strengthen its competitive business case to be seen to be more than a specialty vendor for its own product environments.
Its seat sales in 2009 were among the lowest reported, along with a low-end comparative three-year performance. Novell declined to provide 2010 or 2011 data for this year's survey; however, other factors such as a year-over-year LOB revenue decline in last year's report, negligible Gartner client inquiry, a scarcity of publication references or reviews, and lack of peer vendor reaction provide an indication that its ability to execute competitively has reduced since our last ranking.

Return to Top

Safend

Safend is a file/folder encryption provider that also resells removable media protection to several vendors in the Magic Quadrant, and it is qualified for inclusion based on sales revenue and non-OEM seat sales.

Return to Top

Strengths

Safend has a feature to expose a single application on a locked PC. This means that the PC can display a selected application, but no other access to the PC is allowed. This could be used, for example, to allow a courier to circulate a tablet PC with a sign-off form without exposing access to the system desktop or start menu.
Safend's price for a suite of MDP features with full management is less than average. The price is affordable for small numbers of seats.
Certifications include FIPS 140-2 and CC EAL2.
Platform support is provided for Windows XP through 64-bit Windows 7. Embedded system support is included for Intel vPro.

Return to Top

Cautions

File/folder pure-play vendors are decreasing in the market, and the majority of buyers want FDE as part of the package, even if they don't need it.
Safend's low starting prices for the MDP suite affect its ability to generate revenue. On the other hand, this makes it an attractive purchase; however, its relatively low visibility is a barrier.
Safend has added data loss prevention (DLP) capabilities to the product, but the filtering options are not sufficiently rich to compete on vision with other players in the MDP market that offer DLP.

Return to Top

Secude

Secude is headquartered in Switzerland. Early in 2011, SAP acquired Secude's Secure Login and Enterprise Single Signon (ESSO)assets as part of a plan to augment SAP products with these capabilities. Secude remains an independent company continuing development on its legacy MDP product, FinallySecure, and developing a new file-based MDP product, SecureFolder.

Return to Top

Strengths

Secude does the majority of its business in a subset of European Union countries with a small number of partners, thereby making it an attractive niche provider in limited geographies.
Platform support includes Windows XP through 64-bit Windows 7. Mac OS X and Linux versions as well as TCG encrypting drive support are in prerelease testing. Embedded support includes Seagate encrypted drives and TPM.
Secude has this FIPS certification: FIPS 140-2 Level 1.

Return to Top

Cautions

Sales of the Secure Login and ESSO product families to SAP, along with transfer of some of the development staff leave Secude in a smaller business sphere, offering stand-alone encryption products into a highly competitive, mature global MDP market.
Secude does not currently have competitive presence in related security markets identified to be contributory to MDP growth, such as EPP or DLP.

Return to Top

Sophos

Sophos is a strong European presence in EPP and MDP. Utimaco SafeGuard was acquired and integrated two years ago, earning it a place in the MDP market.

Return to Top

Strengths

For the past three years, Sophos revenue in the MDP LOB has been well above average, and grew more than 27% in the tough economy of 2009 in Europe and North America. Seat sales have also been well above average. Client satisfaction with SafeGuard, as well as progress, on the company's development road map is very favorable and counts strongly toward its leadership ranking.
Sophos integrates content-aware DLP into its client to help decide when to enforce encryption on information being written to external devices.
Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS X, and Linux. Smaller mobile devices to be separately supported under an MDM product include iPhone, iPad, and Android. Embedded system support includes TPM, TCG encrypting drives, Intel vPro and EFI.
When SafeGuard is installed as FDE in a VM, it does not allocate the full disk size upfront. This helps reduce the support burden for source and backup holographic versatile disc (HVD) images stored on servers.
Sophos is easy to implement in a file-based mode (not FDE) to support private files on multitenant workstations supporting large numbers of users. A future release of FileShare will extend shared encryption for files sent to systems like DropBox, at an additional charge.
MDM support was released in April 2011 and was on the market for too short a time in the Magic Quadrant survey period to influence this year's ranking.
Sophos has these FIPS and CC certifications: FIPS 140-2 and CC EAL4. Sophos is able to sell into the GSA's SmartBuy program through a reseller arrangement with Information Security Corp. (ISC).

Return to Top

Cautions

North American market penetration has improved, as has North American brand recognition. However, Sophos must continue to work on expanding its visibility. Gartner clients' recognition of Sophos on shortlists outside of AV is infrequent and not on par with its strengths. The company needs to present compelling use cases based on real client values, rather than technical taxonomies.
Sophos has many features (typically involving DLP, key management and file encryption) that do not get aired in client RFP discussions shared with Gartner analysts, and can affect competitive standing in the market. For example, to protect data saved or copied to an unmanaged destination, buyers can add FileShare's persistent encryption as an extra product/charge. Sophos needs to adopt more-assertive sales and marketing techniques to ensure that its vision qualities are duly considered in competition.

Return to Top

Symantec

Symantec acquired PGP and GuardianEdge in 1H10, and is pursuing a road map to merge the best of the products to create a single MDP encryption suite for the combined client bases for Symantec Endpoint Encryption (SEE, based on GuardianEdge), and PGP.

Return to Top

Strengths

The combination of PGP and GuardianEdge with Symantec's reputation and global reach creates a potentially large revenue stream and client base.
Symantec earned the second-highest competitive threat rating in 2011 by its peer group, but this amounted to only a simple majority of surveyed vendors.
Symantec has these FIPS and CC certifications: FIPS 140-2, CC EAL2 and CC EAL4+.
Owing to the PGP acquisition, Symantec has very broad MDP platform support, including Windows 2000 through 64-bit Windows 7, Mac OS X, Linux and Unix. PGP email encryption is supported on Windows and Mac workstations as well as Windows Mobile and RIM BlackBerry. Embedded system support includes TPM, Intel vPro and EFI.

Return to Top

Cautions

Unified client integration of the SEE and PGP products will happen in 2012. PGP will be Symantec's strategic direction, but SEE has an established base, with a growth path in government accounts because of GuardianEdge's qualification in the GSA's SmartBuy award. Gartner clients have expressed confusion over the road map and fate for both products, and Symantec is stepping up efforts to ensure that users understand development plans. Execution has been reassessed using PGP's past visionary performance as a guide and SEE as a niche product.
Several clients of the original PGP and GuardianEdge products reported difficulty in obtaining support and resolving problems with current product versions. Some of the complaints appeared to be ongoing issues — such as compatibility issues with certain PC models mentioned on Symantec support sites, as well as image stability problems after OS patch upgrades. Some companies reported to Gartner that they believed that support had been discontinued; however, all companies under contract have rights to ongoing support for MDP products and can obtain assistance.
Support for TCG encrypting drives was planned for 2010, but was not delivered until August 2011, at the end of the Magic Quadrant survey period. This factor will be considered in the next iteration of this report.
PGP-compatible mobile device encryption support is provided through a PGP viewer for Apple iOS. The viewer's impact will be considered in the next iteration of this report.

Return to Top

Trend Micro

Trend Micro announced its intent to acquire Mobile Armor in November 2010. The rebranded products were not released until February 2011, because the companies were waiting for approval from the U.S. Government Committee on Foreign Investment. In the U.S., Mobile Armor had low sales and performance in the market for several years, and had been unable to secure new investors.

Return to Top

Strengths

Trend Micro's acquisition brings new viability to a good-quality suite of encryption products.
Encryption is a natural addition for a major EPP company like Trend Micro.
User feedback in 2010 regarding Mobile Armor was positive, although infrequent.
Trend Micro has acquired through acquisition these FIPS and CC certifications: FIPS 140-2 Level 2, CC EAL4+ and U.S. National Security Agency's (NSA's) Commercial COMSEC Evaluation Program (CCEP) Suite B. It also qualifies for the GSA's SmartBuy award.
Integration of workstations and smaller mobile devices under common management is a Trend Micro priority.
Platform support is provided for all versions of Windows from 2000 through 64-bit Windows 7 (in development), Mac OS X, Research In Motion (RIM), Linux (Red Hat Enterprise Linux 5 and SUSE), Nokia Symbian Series 60, Windows Mobile 6.x and Android. An iPhone app was available in "preview" at the close of the evaluation period. Embedded support is provided for Seagate encrypted drives, TCG encrypting drives, TPM, Intel vPro, Intel AT and EFI.

Return to Top

Cautions

Due to a late entry during the study period and lack of a marketing campaign, Trend Micro can only trade on Mobile Armor's legacy. Mobile Armor's market share was competitively insignificant, and the products were mainly sold to U.S. federal government accounts.
Trend Micro needs to present a stronger and broader message of the need for device data encryption. On its website, Trend Micro's recommendations regarding MDP primarily emphasize the large enterprise use case.
Its PolicyServer management platform is not integrated with Trend's Micro's OfficeScan server.

Return to Top

Verdasys

Verdasys is a longtime DLP player that developed encryption products that qualify for the MDP market. The company specializes in data discovery, activity and movement analysis, and risk-based access controls.

Return to Top

Strengths

Verdasys' understanding and integration of content-aware DLP and encryption are more mature than other vendors ranked in this Magic Quadrant.
Critical data and system files are encrypted, and all file access and movement activities can be monitored and controlled in real time according to its enterprise DLP policy. Data (including files on removable media) encrypted by means of user-generated passwords can be recovered by the central agent if the user password is lost. Because of the way these features are implemented, Verdasys provided the best answer to a 2011 client RFP that required a complex but flexible way to share, track and recover a mixture of separately encrypted financial data files placed on generic flash drives.
As of August 2011, Verdasys' cryptographic module was in the fourth of five stages to receive FIPS 140-2 validation.
Platform support includes 32-bit Windows XP through 64-bit Windows 7 and Linux. Verdasys also integrates and provides additional DLP controls for a BlackBerry Enterprise Server.
A mobile version of Digital Guardian for iPhones and iPads featuring powerful client-side DLP functions is in development and available for demonstration.

Return to Top

Cautions

Verdasys is primarily known as a content-aware DLP provider, and not recognized as a competitor in this market; however, some of Verdasys' DLP competitors hold positions in this Magic Quadrant.
While Verdasys presents a clear story about the value and role of encryption, it currently treats encryption as a narrow adjunct to its primary business in DLP. In 2011, Verdasys has clear evidence that MDP is enabling its sales, and the company should plan a more aggressive competition effort.

Return to Top

Wave Systems

Wave Systems is the most experienced supplier of SED management, having pioneered the use of Seagate self-encrypting hard drives as the basis for managed FDE, and was first to ship MDP products to support TCG encrypting drives from Hitachi and Samsung.

Return to Top

Strengths

Wave Systems increased its earnings by nearly 40% in 2010, following on the success of doubling its earnings in 2009.
A dedicated TPM key management server helps companies back up TPM keys to an existing platform, and migrate keys to new platforms for recovery or migration.
A free stand-alone version of the product is included on qualified Dell PCs, and is upgradable to an enterprise managed platform. Additional bundling is available with HP. Embedded system support includes Intel vPro, Seagate encrypting drives, and all commercially available TCG encrypting drives and TPMs.

Return to Top

Cautions

Wave Systems' pure-play reliance on SEDs has limited sales over the years because many buyers struggled with SED availability.
LOB revenue is on par for a niche company. Primary distribution is performed by an OEM-embedded stand-alone client on selected PC platforms. Users can deploy embedded client-bundled software without upgrading to enterprise management. Unmanaged OEM seats do not generate significant revenue. Trackable and reportable seat sales are at the bottom of the range of vendors, seemingly at variance to revenue.
Wave Systems relies on the SED security architecture, which, at this point, does not map directly to FIPS 140-2. In the case of removable media, it relies on FIPS certifications from its OEM partner, Safend.

Return to Top

WinMagic

WinMagic is a long-term pure-play encryption provider with a comprehensive workstation product suite geared toward companies with high-security needs and strong authentication requirements.

Return to Top

Strengths

WinMagic invests heavily in R&D. The company pioneered preboot authentication for encrypted hard drives and supports local and remote preboot OS-independent password reset, geotracking, theft deterrence, and user deployment, as well as system and application software update processes.
A recently signed global reseller agreement with Lenovo, combined with deep laptop integration with Lenovo laptops, affords WinMagic a new opportunity to raise competitive visibility. The benefits of the Lenovo relationship will be monitored and considered in the next iteration of this Magic Quadrant.
Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OS X and Linux. Embedded system support includes Seagate encrypting drives, TCG encrypting drives, TPM, Intel AT and EFI. AES-NI is used to accelerate SSDs. WinMagic applies FIPS 140-2 encryption to SEDs.
WinMagic has these FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL4. It was included in the GSA's SmartBuy award.

Return to Top

Cautions

WinMagic sales overall are stable and healthy, but are below the median and average for the market, and execution is indicative of the Visionaries quadrant.
Sales and emphasis continue to lean toward the high-security sensitive markets and technology excellence, sometimes missing the buyer with simple pragmatic concerns — although the company is making efforts to reach nontechnical audiences.
Clients provide positive feedback for WinMagic products, but there is an ongoing indication that WinMagic needs more proactive relationship management with longtime clients that may be unaware of new features and may be seeking other options. WinMagic has established a customer advisory board with long-standing clients to better analyze market feedback. The impact of the customer advisory board to address this caution will be monitored and considered in the next iteration of this Magic Quadrant.

Return to Top

Vendors Added or Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor.

Evaluation Criteria Definitions

Ability to Execute

Product/Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills, etc., whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.

Overall Viability (Business Unit, Financial, Strategy, Organization): Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue investing in the product, to continue offering the product and to advance the state of the art within the organization's portfolio of products.

Sales Execution/Pricing: The vendor’s capabilities in all pre-sales activities and the structure that supports them. This includes deal management, pricing and negotiation, pre-sales support and the overall effectiveness of the sales channel.

Market Responsiveness and Track Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.

Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message in order to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional, thought leadership, word-of-mouth and sales activities.

Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements, etc.

Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers' wants and needs, and can shape or enhance those with their added vision.

Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the Web site, advertising, customer programs and positioning statements.

Sales Strategy: The strategy for selling product that uses the appropriate network of direct and indirect sales, marketing, service and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.

Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature set as they map to current and future requirements.

Business Model: The soundness and logic of the vendor's underlying business proposition.

Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including verticals.

Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.

Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.