2014 Mobile Data Management Buyer’s Guide Now Available

DCIG is pleased to announce the release of its 2014 Mobile Data Management (MDM) Buyer’s Guide that weight, score and rank over 100 features. Like previous Buyer’s Guides, this Buyer’s Guide provides the critical information that organizations need when selecting Mobile Data Management software to help meet the security, compliance and Bring-Your-Own-Device (BYOD) challenges in an ever increasing mobile enterprises.

DCIG invested hundreds of hours designing a survey that would capture the data that matters most to prospective mobile data management purchasers, gathering the relevant data, and then analyzing the results. The data collection survey included over 150 scored questions. 

The resulting data was categorized, standardized and distilled into summary scoring and ranking tables as well as a one-page data sheet for each array. This powerful combination of summary data and data sheets make it easy to do quick, side-by-side comparisons of mobile data management vendors–enabling organizations to quickly get to a short list of products that may meet their requirements.

Recent statistics surrounding Mobile Data Management along with the bring your own device (BYOD) movement are astounding.  Consider these facts;

  • Sixty-one percent of small to mid-sized businesses (SMB’s) have adopted a BYOD policy or initiative for employee-owned smartphones, tablets, or computers.
  • In 2011, worldwide mobile enterprise management software revenue totaled $444.6 million.  This number is expected to grow at a compound annual growth rate (CAGR) of 31.8% over the forecast period, resulting in total Mobile Enterprise Management (MEM) software revenue of 2016.
  • In 2010-2011 companies such as MobileIron, AirWatch, Good Technology, Fiberlink and Zenprise each realized triple-digit growth.

The advent of multi-functioning mobile devices gave corporate America a whole new set of possibilities in the workplace.  Employers and employees alike realized the potential for growth and recognizable positive production with the use of devices that went wherever they did.  Apple’s iPhone and iPad emerged, then the Android platform, all of which forced organizations to maneuver past a corporate-liable policy and accept a BYOD strategy.

Though the concept of allowing private mobile devices at work may not be entirely new, how organizations have decided to deal with the onslaught of usage is.  Instead of managing the entire personal device, organizations simply want to control the trail of sensitive information.

In exchange for corporate issued devices, organizations began to look into geo-fencing as a means to control data.  Other state-of-the-art solutions were needed to alleviate the risk of data leakage and augment security around the information going to and from the devices network.  Therefore, management of devices needed to be flexible.  Solutions needed to be more open to work with either on-premise infrastructure, the cloud, or a hybrid approach deliver model.

Research has found that the mobility of the BYOD could be a way to maintain company efficiency.  Despite this fact, even with the use of BYOD on the upswing, twenty-six percent of businesses have yet to set up comprehensive Mobile Data Management strategies alongside their BYOD plans. 

As cloud adoption continues to gain acceptance so does the concern with administrative and security features available for differing mobile operating systems.

DCIG understands these needs and has risen to the unique challenge of providing you and your organization with a comprehensive list of MDM providers and their competing features.  Our goal is to assist you with in this all-important buying decision while removing much of the mystery around how MDM providers are configured and the stress in selecting which ones are suitable for which purposes.

It is in this context that DCIG presents its 2014 Mobile Data Management Buyer’s Guide. As prior Buyer’s Guides have done, it puts at the fingertips of organizations a comprehensive list of Mobile Data Management providers. This Guide includes detailed, standardized data sheets that list out the features of each Mobile Data Management vendor so they can understand the benefits and drawbacks of each one and then make an informed buying decision.

The DCIG 2014 Mobile Data Management Buyer’s Guide Top 10 solutions include (in alphabetical order): Amtel Lifecycle Management, Excitor DME Mobile Device Manager, Fiberlink MAAS 360 Mobile Device Manager, Fixmo EMP, MobileIron Advanced Mobile Management, Motorola Services Platform V4, SAP Afaria, Sophos Mobile Control, Symantec Mobile Management Suite and Tangoe Mobile Device Management.

The DCIG 2014 Mobile Data Management Buyer’s Guide is immediately available. It may be downloaded for no charge with registration by following this link.

Cable Labeling, the Cloud, Encryption and Virtual Server Backup Topics Make It Into DCIG’s Top 10 for 2011

Today I continue to reveal the Top 10 most read blog entries on DCIG’s website in 2011 with these four (4) entries typifying the two extremes of topics that DCIG’s readers tend to read the most. At one end of the spectrum are two forward looking blog entries on topics that every organization are examining now: the cloud and virtual server backup. At the other end of the spectrum are two older blog entries on the topics of cable labeling and encryption for which organizations continue to need relevant information.

#7 – Encryption is “Free” But Key Management Still Costs; Part 2 of 2 by Jerome Wendt. The date of this blog entry goes back to early 2008 when, at that time, there was a great deal of buzz around the topics of encryption and key management. However as is sometimes the case with certain blog entry topics, sometimes it takes a while for them to catch fire or for them to become relevant. That may well be the case with this particular blog entry.

As more companies look to encrypt data that they are copying, moving or storing offsite in the cloud, at another site or with a records management provider, they are looking for options to economically encrypt the data and then manage the keys used to encrypt that data.

The blog entry took a look at how using Quantum’s Encryption Key Manager using  using cryptographically generated protected keys provides one of the best ways available to centrally manage encrypted keys until encryption key management standards are ratified while giving companies a road map to be in compliance if and when these standards are passed.

#6 – DCIG 2011 Virtual Server Backup Software Buyer’s Guide Now Available by Jerome Wendt. This blog entry announced the availability of the second Buyer’s Guide ever produced by DCIG and where readers could go to download. But little did I expect the level of interest in either this blog entry or the Buyer’s Guide around which it was focused. Sure, I knew virtual server backup was hot but the level of interest in this particular topic was, to say the least, off the charts.

More surprising, interest in this blog entry and the Virtual Server Backup Software Buyer’s Guide stayed throughout all of 2011 with thousands of people reading this blog entry prior to downloading the Buyer’s Guide that inspired it. The blog entry was, from my perspective, remarkably unremarkable in that it only shared some of the high level findings and which products achieved a Top 10 ranking in the Buyer’s Guide so it was clearly the topic matter and user interest in it that carried it into the Top 10. Also, if you have not yet downloaded a copy for yourself, you may access it at this link.

#5 – Why Nirvanix is Poised to Become the Next VMware by Jerome Wendt. The inspiration for this blog entry came while I was attending the Symantec Vision show in Las Vegas this past April 2011. I was waiting to meet and speak with a couple of Nirvanix executives at its show floor booth but I could not get a foot in edgewise while I was there due to the foot traffic.

More remarkable was that there was nothing particularly special about the Nirvanix booth. It was just your standard exhibit booth at the end of an aisle and yet there were users two and three deep present there almost all of the time looking for an enterprise cloud storage solution. This tipped me off there was something special going on at Nirvanix.

Then when I did finally manage to meet with a couple of its executives and hear more about its technology, their story sounded remarkably similar to how VMware got its start – so much so that I wrote a blog about my thoughts. Clearly my sentiments resonated with others as readership on this blog entry was off the charts the first month and has continued to attract a large number of readers every month since it was posted.

The blog entry also seemed to strike a chord with Nirvanix because when I ran into them and stopped by its booth at VMworld a few months later in Las Vegas, it had a printed off copy of that blog entry sitting on its display table that it was handing out to people who stopped by.

#4 – Cable Labeling as Part of Data Center Management Part II by Tim Anderson. This blog entry is an oldie but a goodie that continues to generate readership year after year with this being the 4th year in a row that it has appeared in DCIG’s Top 10 most viewed blog entries. When Tim wrote this blog entry, he shared with me that others often asked him to share his insight on this topic and that he needed a forum in which to share this information. As DCIG’s web site was just getting off the ground at that time, any contributed content was much appreciated by me.

As it turns out, Tim’s thoughts on cable labeling have continued to be widely appreciated by many others as well over the years. However if you just expect to read about cable labeling as part of data center management, you will find that this blog entry covers best practices for labeling servers and storage in data centers as well.

In any case, what I find ironic about this blog entry is that even as topics like “cloud,” “deduplication,” and  “virtualization” generate a great deal of buzz, a simple blog entry on how to label cables, servers and storage consistently outperforms them in terms of regular reader viewership. Go figure!

Check back tomorrow for the blog entries that did not quite reach the Top 10 but earned a year end honorable mention.

Also, if you missed which DCIG blog entries were ranked 8 – 10, follow this link to see those results.

01/04/2012 Update – The blog entry announcing the blog entries
that achieved positions #1 – #3 in DCIG’s Top 10 for 2011 is now
published and may be viewed here.

Think AES is Unbreakable? RSA Security’s Shamir Debunks that Notion

The 2008 Crypto Conference provided a lot to talk about this year. If you didn’t know a Crypto Conference existed, you aren’t alone, but it is where the best and brightest mathematicians gather to discuss cryptographic and cryptoanalytic research. However at this conference Adi Shamir (the “S” in RSA Security that stands for Rivest, Shamir and Adleman and that is now owned by EMC) gave a presentation for a new attack on encryption systems called the “cube attack”. The ramifications of this attack sent a collective shockwave across the data security sector. Since encryption is revered as our best alternative and last safe harbor from data exposure, any weakness shown by encryption algorithms can have a dramatic ripple effect in data security.

The presentation was general as to the details it revealed but the recently published white paper called “Cube Attacks on Tweakable Black Box Polynomials” by Itai Dinur and Adi Shamir provides an in depth look at how this attack is carried out. While I would not assume to describe this type of attack better than the white paper itself, this attack provides an order of magnitude improvement for capturing the encryption key through solving such tweakable polynomials.  Tweakable polynomials contain both secret variables, or key bits, and public variables, or plaintext bits. 

The two most common types of encryption algorithms are block ciphers, such as AES, and stream ciphers such as Trivium. Block ciphers encrypt data in predefined blocks while stream ciphers encrypt data one bit at a time. Although more susceptible to attack, stream ciphers are widely used due to the dramatic performance gains that they deliver over block ciphers in the encryption and decryption processes.

The cube attack shows a dramatic improvement in attacking low polynomial algorithms of which stream ciphers are comprised. Conversely block ciphers polynomials grow exponentially with the number of rounds.  A round is considered the specific sequence transformation process plaintext data goes through to perform encryption.  The number of rounds in an algorithm is dependent upon the key size.  For example AES with a 256 bit key has 14 rounds.  So, the cube attack would theoretically lack the ability to successfully attack block ciphers. But with that being said there still could be reason to worry for the following reasons:

  • Possible order of magnitude improvement over exhaustive and current attack techniques. Shamir theorizes in the paper that the cube attack could be coupled with other attacks such as side-channel, or meet-in-the-middle attacks, to reduce the order of magnitude of cracking block ciphers. This is particularly worrisome due to the wide distribution of AES in both private industry and government. If it is possible to lower the order of magnitude by coupling this attack with a separate attack, then we would have a real reason to worry if the attack were perfected and performed timely. Although Shamir will bring forth more information in a future publication on the meet-in-the-middle coupling within the cube attack, it would seem reasonable that if a reduction in the order of magnitude of attack is accomplished this could be very worrisome to the future security of widely deployed block ciphers.
  • Stream Ciphers are all susceptible. Stream ciphers are low polynomial algorithms and are particularly susceptible to the cube attack.  Trivium was used as an example since no previous attacks against it had been better than an exhaustive attack. The cube attack showed a dramatic order of magnitude improvement over an exhaustive attack. Shamir’s conclusion is that Trivium is easily breakable. Bottom line there are now serious security concerns regarding the use of stream cipher algorithms. 
  • LSFR (Linear Shift Feedback Registers) are likely susceptible. LSFR’s are widely used as random bit/number generators in stream ciphers. Everything digital that uses LSFR random generators is therefore susceptible which could affect any of a number of current applications that employ LSFR, such as Bluetooth, GSM and RFID.    

The effects of the cube attack are still being worked through and its true effects on the industry are still mostly unknown.  But if Shamir’s new attack method plays out (and I have no reason to believe it will not), the viability of stream ciphers are already seriously weakened just by the potential of such a cube attack.  Furthermore if in the future it can be shown that mixing the cube attack with other attacks dramatically lowers the order of magnitude in capturing the block cipher encryption key, industry’s last safe harbor might just be a data security bomb shelter.