Like seat belts and motorcycle helmets (especially those belonging to Pittsburgh Steeler quarterbacks), mobile and wireless security devices and systems often go unused by those who could most benefit from them.
A report on a study by In-Stat suggests -- perhaps a bit over-optimistically -- that this will change as the market grows to $4.4 billion in 2010. The release doesn't say where the market is today, so it's hard to get an idea of how big a jump is expected. The sense is, however, that it will be significant. We say that the predictions of change could be overstated simply because a flood of products in the field doesn't mean they are being used.
Before discussing the dynamics of wireless and mobile security, it's helpful to deconstruct the overall sector a bit. There are two core constituencies involved in wireless/mobile security: IT departments and end users. Among other things, security management is responsible for creating policies that include good end-user practices. The IT department's "consumers" -- the laptop- and BlackBerry-toting traveling CTOs, CEOs and, increasingly, mid-level managers -- are responsible for following these rules once they are in place. Today, neither policy-setters or users seem to be doing a particularly great job.
There is one more step to the deconstruction. As the In-Stat release makes clear, there are two types of untethered security. The one that gets the most attention -- because breaches are more dramatic -- focuses on securing mobile devices that are being used away from the office. The other centers on protecting wireless networks and devices that are hosted by office wireless local area networks (WLANs).
The point here is that it is easy to talk about a big topic, such as wireless security. The reality, however, is that there are subgroups. Each of the four overlapping categories mentioned here -- policy establishment and enforcement, end-user compliance, traveling security and in-office security -- has its own dynamic and set of challenges. It certainly is possible to slice the categories more finely. In many cases, these categories are covered by different vendors or, at least, different departments of a single big company.
The bottom line is that the overall sector is highly complex. The fact that more money is flowing into it is a good sign, but not a guarantee that networks will become more secure.