Solution Brief
Check Point Capsule for Mobile Computing Security,
Operations Efficiency, and Business Enablement
Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore, Research Associate
Abstract: Organizations are increasingly reliant on mobile devices for BYOD and business process improvement, but
mobile security continues to lag behind. Point tools provide some help for IT operations but they don’t provide a true
enterprise-class mobile security solution. Check Point Capsule is a refreshing alternative that may actually bridge the
enterprise mobile security gap. Why? Check Point Capsule is one of few mobile security products that provides threat
prevention, document-level data security controls, and granular access controls that can mitigate security risks while
enabling mobile business processes.
Overview
Mobile computing is no longer a “fad”—recent ESG research data shows that 87% of enterprise organizations say mobile
computing is either “critical” or “very important” for supporting business processes and employee productivity.1 While
e-mail access and calendars are common mobile applications, many organizations are now developing and deploying
new types of applications to bolster employee productivity or improve customer relations. In fact, ESG research
indicates that 42% of enterprises are actively developing a significant number of mobile applications themselves (see
Figure 1).
Figure 1. Development of Custom Mobile Applications
Is your organization developing its own custom applications specifically for mobile devices?
(Percent of respondents, N=242)
No, my organization is
not developing its own
custom applications
specifically for mobile
devices but we are
interested in doing so
No, my organization is
in the future, 4%
not developing its own
custom applications
specifically for mobile
devices but we plan to
do so within the next
24 months, 10%
Yes, my organization is
developing a modest
amount of its own
custom applications
specifically for mobile
devices, 38%
No, my organization is
not developing its own
custom applications
specifically for mobile
devices and we have no
plans or interest in
doing so in the future,
5%
Yes, my organization is
developing a significant
amount of its own
custom applications
specifically for mobile
devices, 42%
Source: Enterprise Strategy Group, 2014.
1
Source: ESG Research Report, The State of Mobile Computing Security, February 2014. All ESG research references and charts in this brief have
been taken from this research report.
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Brief: Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business
2
Enablement
Clearly, mobile computing devices such as tablet computers and smartphones have supplanted PCs as the primary user
devices and are poised to dominate end-user computing in the future.
Mobile Computing Security Challenges Remain
In spite of a seemingly unlimited number of business benefits, mobile computing also comes with numerous security
concerns as it introduces new devices and new threat vectors to enterprise organizations. These risks are already
creating security havoc. According to ESG research, 47% of enterprise respondents indicated that they have experienced
security breaches as a result of a compromised mobile device.
Why are these security breaches occurring? Mobile computing is still a nascent IT domain but it is evolving at a frantic
pace. Furthermore, mobile computing is distributed and constantly changing by its very nature. Finally, mobile devices
are often lost or stolen and thus breached.
Beyond security breaches however, security professionals also find mobile computing security particularly vexing. In
fact, ESG research indicates that enterprise organizations face an assortment of mobile security challenges such as (see
Figure 2):



Protecting sensitive data “at rest” and “in flight.” A significant number of security professionals (43%)
claim that it is challenging to protect confidential data when it is accessed from a mobile device while 41%
say it is challenging to protect sensitive data when it is stored on a mobile device itself. This is certainly
understandable as mobile computing can create blind spots where the security team can’t monitor or
manage sensitive data once it is accessed and stored on mobile devices. To paraphrase an old management
adage, “you can’t secure what you can’t see.”
Enforcing security policies. Many security policies were originally created with PCs and wired Ethernet ports
in mind. While the proliferation of Wi-Fi access networks stretched traditional security policies beyond their
original boundaries, mobile computing adds additional challenging dimensions that fall way outside of the
legacy policy spectrum. Why? Unfortunately, many organizations find that the only way to address policy
enforcement is by implementing new tools and infrastructure for mobile computing security. This creates
additional technology complexities and operational overhead for an already overwhelmed security team.
Integrating mobile security into existing cybersecurity processes and technologies. As organizations create
a mobile security “overlay” infrastructure, it becomes increasingly difficult to maintain consistent policies,
coordinate enforcement actions, or monitor users and devices across the network. This will likely improve as
mobile security matures but CISOs are asking a legitimate question: “Why can’t mobile security be managed
with existing tools and processes?” This is a logical question since mobile devices are IP-based and access
the same resources as other systems. Given this, it makes sense to manage the nuances of mobile
computing with tried-and-true approaches—if this is possible.
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Brief: Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business
3
Enablement
Figure 2. Mobile Computing Security Challenges
Overall, which of the following would you say are the biggest challenges around mobile
computing security at your organization? (Percent of respondents, N=242, multiple responses
accepted)
Protecting data confidentiality and integrity when sensitive
data is accessed by a mobile device over the network
43%
Protecting data confidentiality and integrity when sensitive
data is stored on a mobile device
41%
Enforcing security policies for mobile devices
41%
Integrating mobile device security processes and technologies
with other enterprise security processes and technologies
36%
Educating users on best practices for mobile computing
security
35%
Establishing the right workflows and processes between the
security team and other IT groups
34%
Managing malware/threat management on mobile devices
34%
Ensuring that staff members have proper training and skills on
mobile device security
34%
Dealing with lost/stolen mobile devices containing sensitive
data
33%
Supporting new device types
31%
Creating security policies for mobile devices
29%
Dealing with scale issues caused by the sheer number (i.e.,
hundreds, thousands) of mobile devices to protect/secure
28%
Discovering mobile devices as they gain access to the network
21%
None of the above
2%
0%
10%
20%
30%
40%
50%
Source: Enterprise Strategy Group, 2014.
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Brief: Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business
4
Enablement
What’s Really Needed for Mobile Computing Security?
CISOs are being asked to support BYOD, embrace new mobile applications for business process improvement, and make
sure to mitigate new mobile computing risks. Regrettably, accomplishing these goals can be quite cumbersome when
they require new skills, processes, and tools simultaneously.
Rather than layer-on discrete “mobile-only” security solutions, large organizations may be better off by extending their
existing security controls that support “mobile-friendly” functionality. To accomplish this task, security professionals
must look for mobile security platforms providing:




Unified policy management across all mobile devices. Tablet computers, smartphones, and PCs are
different types of end-user computing devices but, as the ESG data indicates, security becomes difficult
when different devices are managed with different policies and enforcement points. To bridge this gap,
enterprises need security tools that support a wide variety of mobile devices while offering device-specific
options for policy creation, management, monitoring, and enforcement. With a unified policy management
platform across device types, security professionals can create and enforce security policies based upon
business processes and users rather than remain in the technical weeds at the iOS or Android level.
Strong document-centric data security. When it comes to data, most mobile computing security remains
elementary, offering VPN capabilities, storage encryption, or partitioning methods like containerization.
These security controls are critical to establish a secure business environment on mobile devices but mobile
security should also enforce policies at the document level as well. For example, it may be okay to access
and view sensitive data in a spreadsheet on an iPad, but unacceptable to share this document with others.
Mobile security tools must provide granular access controls and digital rights management (DRM) for what
can and can’t be done on a document-by-document basis throughout each document’s lifecycle.
Granular access policy enforcement. To balance business productivity and IT risk, authorized mobile users
should have seamless connections to key applications supported by granular access controls for high-value
IT assets and sensitive data. For example, the CFO will always have seamless access to end-of-month reports
from the corporate LAN regardless of the device she uses. Alternatively, some organizations may want to
preclude this type of access when she tries to access documents from a public network, geographic
locations, or various timeframes like the end of the quarter. The key here is being able to enforce these
policies across several parameters like user, device, document sensitivity, etc.
Threat management. Mobile malware isn’t considered an enterprise threat vector today but it likely will be
in the future. Many organizations already block PCs from accessing malicious URLs or downloading
suspicious files so why not extend these best practices to mobile devices as well? Enterprises should prepare
for this eventuality with the right controls and monitoring capabilities for threat prevention, detection, and
response sooner rather than later.
While all of this security functionality is critical, leading CISOs also recognize that they need security tools that are
intuitive, easy to deploy and integrate, and deliver immediate value. The goal? Help the overworked security staff work
smarter—not harder. It’s a given that large organizations need strong security efficacy but security technologies that can
accomplish this goal AND streamline operations will go to the head of the line.
Introducing Check Point Capsule
A lot of mobile security options have come from new vendors with a sole focus on mobile devices but this myopic
coverage isn’t extensive enough for enterprise organizations and can create operational overhead as previously
described. Check Point Software, a recognized leader in enterprise security, intends to alleviate these issues with the
announcement of Check Point Capsule.
Check Point is focused on bridging the mobile security gap as Capsule offers:

Mobile threat management. Check Point Capsule allows organizations to extend corporate security policies
to mobile devices via a secure cloud. This can be used for an assortment of security functions such as
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Solution Brief: Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business
5
Enablement


denying access to malicious files, blocking malicious websites, and preventing C&C communications with
malicious hosts. In this way, Check Point can help CISOs implement best practices for threat management in
the mobile world, just as most organizations do today for protecting employees, PCs, and sensitive data.
Secure business environment. Mobile devices have two major functions: personal use and professional use.
Check Point Capsule segregates the business data and applications from the personal data and applications,
allowing users to seamlessly access business apps without sacrificing ease-of-use or device performance.
This also helps mitigate risk because it protects corporate networks and assets from nefarious consumeroriented software.
Protect business documents. Check Point Capsule allows organizations to customize how they secure their
documents, regardless of where they go. Features include native password-protection, specifying a list of
authorized recipients, and document encryption that stay with the document throughout its lifecycle. In this
way, Check Point takes mobile data security beyond basic encryption by introducing business-centric DRM
into the mix.
Check Point’s announcement is well timed as many organizations are in the early stages of the mobile security maturity
curve and CISOs want mobile security—rather than IT operations—technologies to mitigate risk. Just as important,
Check Point Capsule brings Check Point’s security management and operations prowess to mobile security, aligning
ease-of-use with strong security. Given these business, operations, and security benefits, Check Point Capsule could be
in the right place at the right time.
The Bigger Truth
The onslaught of mobile devices has made security more difficult for enterprise organizations and, unfortunately, the
security industry addressed this increasing security challenge with an army of add-on point tools. This has created a
mobile security gap along with an operations nightmare. Furthermore, mobile security tools provide basic data
confidentiality and integrity protection but they lack granular access policies or DRM-like capabilities at a document
level.
Check Point clearly recognized those concerns and is now introducing a unique top-to-bottom mobile computing
solution that can help organizations bolster mobile security, lower IT risk, and align business-centric security policies
with granular controls. Given these advantages, CISOs would be well served by investigating Check Point Capsule and
assessing how it aligns with their mobile computing business and security needs.
This ESG brief was commissioned by Check Point and is distributed under license from ESG. All trademark names are property of their respective companies.
Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG.
This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc.
Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to
receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages
and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.