2016 Global Mobile Enterprise Security

Company of the Year Award

2016
 BEST PRACTICES RESEARCH

Contents
Background and Company Performance ........................................................................ 3

Industry Challenges .............................................................................................. 3

Visionary Innovation & Performance and Customer Impact ........................................ 4

Conclusion........................................................................................................... 8

Significance of Company of the Year ............................................................................. 9

Key Benchmarking Criteria .................................................................................. 10

Best Practice Award Analysis ..................................................................................... 10

Decision Support Scorecard ................................................................................. 10

Visionary Innovation & Performance ..................................................................... 11

Customer Impact ............................................................................................... 11

Decision Support Matrix ...................................................................................... 12

The Intersection between 360-Degree Research and Best Practices Awards ..................... 13

Research Methodology ........................................................................................ 13

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best

Practices ................................................................................................................. 14

About Frost & Sullivan .............................................................................................. 15

© Frost & Sullivan 2016 2 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Background and Company Performance

Industry Challenges
Professionals and IT departments across every industry understand that smartphones and
tablets enhance productivity and worker satisfaction. However, there is a wide range of
business data that these devices are used to access; in Bring Your Own Device (BYOD)
environments, both business and personal data are accessed through a number of apps on
the same device. In the wrong hands, the data accessed via mobile apps can be used for
phishing attacks, identity theft, banking fraud, industrial espionage, and a variety of other
criminal activities.

The fact is that 99% of business users don’t know enough about mobile security to
adequately protect themselves from cyber criminals. For example, most users don’t think
twice before using a FREE public Wi-Fi network in airports, hotels, trains, and stores. Since
smartphones and tablets are designed to be convenient for end users, these devices
remember networks and automatically connect to them when they are in range.
Unfortunately, requests to connect to a known network can also be detected by hackers
with devices that have the ability to spoof known and trusted Wi-Fi networks to enable
Man in the Middle (MitM) attacks. When a MitM attack occurs, it becomes possible to sniff
and actively manipulate data traffic that leaks from the device in order to exploit human
errors or software vulnerabilities.

Frost & Sullivan notes that these challenges don’t end with Wi-Fi. Mobile devices allow
users to install mobile configuration profiles that are useful for setting up a mobile VPN,
work email, or calendars. Because most business users are only moderately tech savvy,
having a mobile configuration profile available to install a needed service is very
convenient. Unfortunately, it can also lead users to install profiles that are of questionable
provenance. When a malicious mobile configuration profile is installed, it can collect login
credentials for hackers and compromise every system a device connects with.

Additional threats can come from malware installed from third party app stores and at
times from first party “curated” App Stores. The most common capabilities of mobile
malware include the theft of sensitive data, login credentials to enterprise resources and
cloud-based services, as well as surveillance through GPS tracking and turning on cameras
and microphones. Frost & Sullivan points out that hackers developing modern mobile
malware have evolved their criminal business models beyond adware to focus on spyware
capabilities that enable data exfiltration. As such, modern mobile malware is more than
just an annoyance; it also has the ability to materially harm organizations across all
industries.

Frost & Sullivan also points out that these are just a small handful of business reasons
that companies in every industry need to raise the bar on mobile security to protect their
customers, revenues, and brands.

© Frost & Sullivan 2016 3 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Visionary Innovation & Performance and Customer Impact

Addressing Unmet Needs

There are 4 key pillars of mobile security for every smart phone and tablet; physical
security, security against malware, protection against vulnerability exploits, and network
attacks. The rarely discussed fact is that most organizations focus their mobile security
efforts exclusively on analysis to determine if a device has been rooted, has a PIN number
established, and follows other basic hygiene rules before accessing corporate data. The
device analysis is typically done by enterprise mobility management (EMM) solutions - and
rarely leverages crowd-sourced mobile security intelligence in the cloud.

Skycure Enterprise Mobile Threat Defense provides deep device analysis using crowd-
sourced security intelligence in the cloud that finds more threats, including malware as
well as malicious Wi-Fi networks and mobile configuration profiles. When an attack is
detected, Skycure opens a VPN connection for the duration of the attack and shuts down
the VPN when the attack ends (a critical privacy and battery saving feature). If a VPN
connection cannot be established during an attack, Selective Resource Protection (SRP)
takes over. SRP is a feature unique to Skycure that allows companies to define which
enterprise resources can or cannot be accessed when under an attack. Skycure’s SRP
feature is critical for traveling enterprise users accessing public Wi-Fi networks that may
block VPN connections and leave users vulnerable to MitM attacks.

Skycure has identified numerous malware instances in the past, when other solutions
simply did not detect any threats on the device. This was done by leveraging Skycure’s
patented repackaged app detection and crowd-sourced intelligence. For example, Skycure
identified a repackaged version of the Pokemon Go app within 48 hours of it launching and
before it became an Internet sensation.

In addition to crowd sourced security intelligence in the cloud, VPN protection when a
device is attacked, and SRP, Skycure properly understands that an updated mobile OS is
an important part of keeping a device secure. Mobile OS update notifications for iOS are
rolled out in phases across different regions, which delay the installation of security
updates. Skycure eliminates the delay by immediately notifying enterprise users that a
new version is available and should be downloaded. For Android, notifications for critical
OS updates don’t always reach end-users because of Android manufacturer/carrier
fragmentation and for a variety of business process reasons unique to the Android OS. In
the case of Android, Skycure notifies specific enterprise users of OS updates as individual
mobile telecom carriers around the world make them available.

Lastly, unlike other competing mobile security vendors, the full Skycure app is available
on the public app stores for both Apple and Google. Frost & Sullivan feels that this is
quite important for enterprises that cannot risk their mobile security on private API
features that might get deprecated in future OS versions and require a lot of heavy lifting

© Frost & Sullivan 2016 4 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

in deployment, management and upgrading. Many vendors, including a recent mobile

security company, have gone out of business because of their reliance on private APIs.

Visionary Scenarios Through Mega Trends

Today Skycure secures smart phones and tablets, yet the company is already focusing on
the natural evolution of Internet of Things (IoT) technology that leverages iOS and
Android mobile platforms for things such as connected kiosks and automobiles. Potential
IoT uses are only limited by the imagination of technologists, but the common aspect to
IoT is that network connectivity is required. With connectivity comes security threats, as
the world has recently witnessed when thousands of IoT (smart) devices were
compromised to create one of the largest distributed denial of service (DDoS) attacks in
history1.

Protecting smart devices against zero-day threats requires a security solution capable of
detecting known and unknown threats. Some mobile security vendors continue to rely on
signature-based antivirus (AV) technology that is both outdated and ineffective. Skycure’s
crowd-sourced and cloud-based security intelligence is capable of protecting against
known and unknown threats on new smart devices that run iOS or Android, works without
requiring user interaction, doesn’t change the native user experience that users of the OS
are accustomed to, and doesn’t overtax battery life. Skycure is already protecting IoT
devices used in public locations and is in a position to expand that line of business as IoT
technology evolves over the next 5 years.

Blue Ocean Strategy

Unlike other mobile enterprise security vendors, Skycure chose a research and
development (R&D) path that clearly set it apart from competitors. From the start,
Skycure focused on solving what is undeniably the more difficult mobile security
challenge: protecting iOS. Apple’s iOS is known in the security industry as being closed
and difficult to develop a comprehensive security solution for… but that is exactly what
Skycure accomplished.

Choosing to solve the iOS security challenge first changed Skycure’s thought processes
around mobile security. As a result, it led the company to develop the first active
honeypot in the mobile security industry, which Skycure has since patented. Focusing on
solving the harder iOS security challenge first forced Skycure to develop its technology in
a different way than its competitors, which in turn made it easier for the company to
adapt its solution to secure Android devices as well.

1
https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
© Frost & Sullivan 2016 5 “We Accelerate Growth”
 BEST PRACTICES RESEARCH

Implementation Best Practices

Since 2008, the Frost & Sullivan (ISC)2 Global Information Security Workforce Study2 has
observed the long-term shortage of qualified information security personnel that is
impacting the ability of IT Departments to shore up security defenses. In the 2015 study,
62% of enterprises said there were too few information security professionals.

As a security company, Skycure wanted its solution to help the workforce shortage
challenge in IT security - instead of becoming a periodic hindrance. This way of thinking
forced Skycure R&D engineers to focus on automated protection and not just detection.
Attention was also paid to tight enterprise integrations, which allows companies to use
their existing solutions and processes as compared to creating new ones.

Upgrading the Security App

Many mobile security vendors use a private API to install their solutions onto mobile
devices. In BYOD environments, this can exacerbate the lack of trust that some
employees already have for their employers (e.g., is my employer tracking my location
and monitoring my activity?) Another negative point for mobile security apps that use a
private API is the time commitment for overworked information security workers to update
the app across the organization.

Skycure uses a public API that enables enterprise users to download the mobile security
app and all updates using a public app store (such as the Apple Store and Google Play).
This has not only helped to alleviate trust issues that employees have with their
employers, it also reduced the strain on an overworked information security workforce. A
third benefit of the public API approach is the unmatched power of crowd-sourced
intelligence that allows Skycure to run tens of millions of network and app tests on global
sensors to give reputation scores to all developers, apps and networks.

Blocking Malicious App Downloads

One of most common processes used to protect end users in enterprises today requires an
EMM solution to take an action, such as blocking a mobile app or shutting down Wi-Fi
access. Skycure certainly works with EMMs, but Skycure technology doesn’t require an
EMM solution to take action on mobile devices. Skycure’s App Blocker technology analyzes
what is being downloaded, who developed the app, and if the app has been seen before. It
looks closely at the structure of a new mobile app download, and when it detects anything
malicious about the app being downloaded, it will prevent the installation of the app, and
can even delete the installation file.

In case of network attacks, other vendors rely on EMM integration to shut off Wi-Fi access.
This process not only relies on EMMs, but also hampers productivity. While EMM
enforcement is good for tackling device-state issues, it is a very weak approach when it

2
https://www.isc2cares.org/IndustryResearch/GISWS/
© Frost & Sullivan 2016 6 “We Accelerate Growth”
 BEST PRACTICES RESEARCH

comes to fighting network-based attacks; in these situations, there is a need to provide

real time protection. Moreover, a MiTM attacker can just block access to the EMM during
their attack, thus rendering the “protection” mechanisms ineffective. Skycure uses smart
VPN and SRP to protect the sensitive data and allows non-sensitive business to continue
without impacting productivity.

Customer Ownership Experience

Mobile security solutions have picked up a bad reputation among some business users for
high battery consumption, privacy issues, negative user experience, and more. Skycure
has worked to directly address criticisms of mobile security technology by keeping daily
battery consumption below 3%, engineering the solution to never collect, store or analyze
data via corporate servers, and by eliminating the need to log into containers that alter
the native OS experience.

Skycure didn’t stop addressing issues that cause friction to adopting the solution. It also
made proof of concept (POC) mobile malware detection testing simple for enterprises by
offering a full version of the app on the Apple and Google app stores. Following POC
testing, organizations that want to license Skycure can have a fully featured enterprise
cloud instance (which includes advanced security, enterprise integrations and automated
protection) started in minutes using the same end user app. Moreover, the installation
process across a large organization is so streamlined that customers with thousands of
mobile endpoints can complete an orderly and phased rollout of Skycure within a few
days.

Following the activation of the fully featured version of Skycure, it proactively tells
organizations where security problems are and helps to fix them.

Lastly, Skycure helps companies and business users make better security decisions, by
identifying public Wi-Fi networks that are a potential threat so users can avoid them, and
by preventing users from accepting fake server certificates that are used by hackers for
MitM attacks.

Brand Equity

Skycure’s brand equity is consistently increasing as many enterprise customers, including

Fortune 500 companies, tell their peers in other organizations about the power of the
solution to quickly improve their mobile security posture. The solution is so compelling for
some enterprise customers that they want to increase their partnership with Skycure by
investing in the company.

Top reasons that Skycure brand equity continues to rise is that it provides enterprises with
proactive, instead of reactive, security that consumes less than 3% of a battery charge,
near-zero false positive and false negative rate, a mature management console, and tight
integration with all leading EMM systems. In addition, Skycure R&D engineers regularly
find and report mobile OS vulnerabilities. In fact, the company reported at least one iOS
© Frost & Sullivan 2016 7 “We Accelerate Growth”
 BEST PRACTICES RESEARCH

vulnerability to Apple in most major iOS releases to date that have since been patched
(with Apple crediting Skycure for their contribution), benefiting both Skycure users and
non-users alike.

Conclusion
Frost & Sullivan points out that Skycure is a different breed of mobile security company; it
cracked the code on protecting iOS devices via an app that uses a public API, thereby
enabling downloads of the Skycure app from public sources - rather than needing to be
side-loaded via enterprise provisioning models. Focusing on iOS in the early days instead
of the more open and customizable Android OS enabled Skycure to develop technology
that better protects both platforms while simplifying the app upgrade process for
information security professionals in IT departments.

Skycure’s focus on maintaining the native OS experience for end users, ensuring that data
privacy walls are strictly maintained between employers and employees, and minimizing
the impact on daily battery life have been key to obtaining buy-in from business users.
Those aspects, combined with ease of installation and upgrades, proactive protection, VPN
tunneling when an attack is detected, Patent-Pending Selective Resources Protection when
a VPN can’t be initiated, and malicious apps installation blockage are all reasons that
Skycure has high adoption amongst Fortune 500 companies.

With its strong overall performance, Skycure has earned the 2016 Frost & Sullivan Global
Company of the Year Award.

© Frost & Sullivan 2016 8 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Significance of Company of the Year

To receive the Frost & Sullivan Global Company of the Year Award requires a company to
demonstrate excellence in growth, innovation, and leadership. This kind of excellence
typically translates into superior performance in three key areas: demand generation,
brand development, and competitive positioning. These areas serve as the foundation of a
company’s future success and prepare it to deliver on the two criteria that define the
Company of the Year Award (Visionary Innovation & Performance and Customer Impact).

© Frost & Sullivan 2016 9 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Key Benchmarking Criteria

For the Global Company of the Year Award, Frost & Sullivan analysts independently
evaluated two key factors—Visionary Innovation & Performance and Customer Impact—
according to the criteria identified below.

Visionary Innovation & Performance

Criterion 1: Addressing Unmet Needs
Criterion 2: Visionary Scenarios Through Mega Trends
Criterion 3: Implementation Best Practices
Criterion 4: Blue Ocean Strategy
Criterion 5: Financial Performance

Customer Impact
Criterion 1: Price/Performance Value
Criterion 2: Customer Purchase Experience
Criterion 3: Customer Ownership Experience
Criterion 4: Customer Service Experience
Criterion 5: Brand Equity

Best Practice Award Analysis for Skycure

Decision Support Scorecard
To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool
allows our research and consulting teams to objectively analyze performance, according to
the key benchmarking criteria listed in the previous section, and to assign ratings on that
basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;
ratings guidelines are illustrated below.
RATINGS GUIDELINES

The Decision Support Scorecard is organized by Visionary Innovation & Performance and
Customer Impact (i.e., the overarching categories for all 10 benchmarking criteria; the
definitions for each criteria are provided beneath the scorecard). The research team
confirms the veracity of this weighted scorecard through sensitivity analysis, which
confirms that small changes to the ratings for a specific criterion do not lead to a
significant change in the overall relative rankings of the companies.

© Frost & Sullivan 2016 10 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

The results of this analysis are shown below. To remain unbiased and to protect the
interests of all organizations reviewed, we have chosen to refer to the other key players
as Competitor 2 and Competitor 3.

Measurement of 1–10 (1 = poor; 10 = excellent)

Visionary
Innovation & Customer
Company of the Year Performance Impact Average Rating

Skycure 9 9 9.0

Competitor 2 7 8 7.5

Competitor 3 7 7 7.0

Visionary Innovation & Performance

Criterion 1: Addressing Unmet Needs
Requirement: Implementing a robust process to continuously unearth customers’ unmet
or under-served needs, and creating the products or solutions to address them effectively

Criterion 2: Visionary Scenarios Through Mega Trends

Requirement: Incorporating long-range, macro-level scenarios into the innovation
strategy, thereby enabling “first to market” growth opportunities solutions

Criterion 4: Implementation of Best Practices

Requirement: Best-in-class strategy implementation characterized by processes, tools, or
activities that generate a consistent and repeatable level of success.

Criterion 3: Blue Ocean Strategy

Requirement: Strategic focus in creating a leadership position in a potentially
“uncontested” market space, manifested by stiff barriers to entry for competitors

Criterion 5: Financial Performance

Requirement: Strong overall business performance in terms of revenues, revenue growth,
operating margin and other key financial metrics

Customer Impact
Criterion 1: Price/Performance Value
Requirement: Products or services offer the best value for the price, compared to similar
offerings in the market

Criterion 2: Customer Purchase Experience

Requirement: Customers feel like they are buying the most optimal solution that
addresses both their unique needs and their unique constraints

Criterion 3: Customer Ownership Experience

Requirement: Customers are proud to own the company’s product or service, and have a
positive experience throughout the life of the product or service

© Frost & Sullivan 2016 11 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Criterion 4: Customer Service Experience

Requirement: Customer service is accessible, fast, stress-free, and of high quality

Criterion 5: Brand Equity

Requirement: Customers have a positive view of the brand and exhibit high brand loyalty

Decision Support Matrix

Once all companies have been evaluated according to the Decision Support Scorecard,
analysts can then position the candidates on the matrix shown below, enabling them to
visualize which companies are truly breakthrough and which ones are not yet operating at
best-in-class levels.

High

Skycure
Skycure

Competitor 2

Competitor 3
Customer Impact

Low

Low Visionary Innovation & Performance High

© Frost & Sullivan 2016 12 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

The Intersection between 360-Degree Research and Best

Practices Awards
Research Methodology 360-DEGREE RESEARCH: SEEING ORDER IN
Frost & Sullivan’s 360-degree research THE CHAOS
methodology represents the analytical
rigor of our research process. It offers a
360-degree-view of industry challenges,
trends, and issues by integrating all 7 of
Frost & Sullivan's research methodologies.
Too often, companies make important
growth decisions based on a narrow
understanding of their environment,
leading to errors of both omission and
commission. Successful growth strategies
are founded on a thorough understanding
of market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degree research
methodology provides an evaluation
platform for benchmarking industry players and for identifying those performing at best-
in-class levels.

© Frost & Sullivan 2016 13 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Best Practices Recognition: 10 Steps to Researching,

Identifying, and Recognizing Best Practices
Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess
their fit with select best practice criteria. The reputation and integrity of the Awards are
based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

Monitor, Identify Award recipient • Conduct in-depth industry Pipeline of candidates who
1 target, and candidates from around the research potentially meet all best-
screen globe • Identify emerging sectors practice criteria
• Scan multiple geographies

Perform comprehensive, • Interview thought leaders Matrix positioning all

Perform 360-degree research on all and industry practitioners candidates’ performance
2 360-degree candidates in the pipeline • Assess candidates’ fit with relative to one another
research best-practice criteria
• Rank all candidates

Invite Perform in-depth • Confirm best-practice criteria Detailed profiles of all

thought examination of all candidates • Examine eligibility of all ranked candidates
3 leadership in candidates
best • Identify any information gaps
practices

Initiate Conduct an unbiased • Brainstorm ranking options Final prioritization of all

research evaluation of all candidate • Invite multiple perspectives eligible candidates and
4 director profiles on candidates’ performance companion best-practice
review • Update candidate profiles positioning paper

Assemble Present findings to an expert • Share findings Refined list of prioritized

panel of panel of industry thought • Strengthen cases for Award candidates
5 industry leaders candidate eligibility
experts • Prioritize candidates

Conduct Build consensus on Award • Hold global team meeting to Final list of eligible Award
global candidates’ eligibility review all candidates candidates, representing
6 • Pressure-test fit with criteria success stories worldwide
industry
review • Confirm inclusion of all
eligible candidates

Develop official Award • Perform final performance High-quality, accurate, and

Perform consideration materials benchmarking activities creative presentation of
7 • Write nominations nominees’ successes
quality check
• Perform quality review

Reconnect Finalize the selection of the • Review analysis with panel Decision on which company
with panel of best-practice Award recipient • Build consensus performs best against all
8 industry • Select winner best-practice criteria
experts

Inform Award recipient of • Present Award to the CEO Announcement of Award

Communicate Award recognition • Inspire the organization for and plan for how recipient
9 recognition continued success can use the Award to
• Celebrate the recipient’s enhance the brand
performance

Upon licensing, company • Coordinate media outreach Widespread awareness of

Take
may share Award news with • Design a marketing plan recipient’s Award status
10 strategic
stakeholders and customers • Assess Award’s role in future among investors, media
action
strategic planning personnel, and employees

© Frost & Sullivan 2016 14 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best in class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in
partnering with Global 1000 companies, emerging businesses and the investment
community from 31 offices on six continents. To join our Growth Partnership, please visit
http://www.frost.com.

© Frost & Sullivan 2016 15 “We Accelerate Growth”