Mocana: Mobile Security For “Emerging Endpoints”


Mobile “emerging endpoints” offer “a massive opportunity,” John Aisien, President and COO of mobile security provider Mocana, recently told us. Emerging endpoints include the exploding proliferation of device types that will communicate largely over mobile networks and the equally explosive, runaway growth of mobile apps.

Mocana’s strategy is to bridge two broad and very different main product areas of mobile security. Their Atlas Platform, focuses on enterprise mobile, and is described by Aisien as “specifically optimized to secure mobile apps running on mobile devices.” Their other prime area addresses security aspects of the Internet of Things, IoT, market and is based around their Security of Things Platform.

Aisien points to the growing “pervasiveness” of IoT as one key trend, while the other is the fact that mobile apps will be the “primary means of consuming mobile data in enterprises.” The company is seeking to capitalize on both of these trends.

Atlas – Enterprise Mobile App Security Platform

Mocana describes its Atlas Extended Enterprise Platform as involving three basic steps. The first is to envelop apps in Mocana’s MAP (mobile app protection) security software. This is a secure wrapper for individual apps. It should be noted that working with partners, such as SAP, there are a number of apps that are “MAP-ready.” Custom apps can also be wrapped. In addition the platform includes a secure browser, Compass, that enables intranet and other web resources to be easily extended to mobile and covered within the secure platform.

The second step involves a significant innovation in Atlas, which is the Atlas Appliance. This is a hardware item installed at the enterprise network edge. (A virtual, software, version is available.) It provides a secure mobile VPN (virtual private network) gateway and performs critical authentication functionality.

Once the apps are secured with MAP and the Appliance is set up, the third step is to go ahead and use the system. Without going into great detail, it appears that Mocana has set out to address a number of issues related not only to security, but also to app usability and end user engagement, as well as simplifying security issues for app developers.

Included among these issues are: enabling single sign-on (SSO); reducing the need for penetration testing (basically testing against threats) of individual apps; retaining the user’s state if they lose signal and have to sign off and then wish to sign on again; and other matters.

Added to this is the scope and scale of the platform, which is to enable uniform features across massive enterprises with thousands of users and dozens of applications. The scale ambition is illustrated by the fact that the Appliance is intended to be able handle up to 250,000 simultaneous users.

IoT – Security Of Things

Security of the IoT is an intriguing and vital subject of interest to the multiplicity parties involved in the area. The McKinsey/GSA study on IoT, discussed in our recent article (“Internet Of Things” – Identifying The Real Issues, 10/5/15), identified security and privacy issues as the biggest challenges facing the growth of the IoT.

As stated in a recent Carnegie Mellon/Peking University paper (“Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things”):

“Most vendors only deal with parts of the IoT ecosystem and, typically, their priorities have been providing novel functionality, getting their products to market soon, and making them easy to use. Unfortunately, security and privacy risks have not received as much attention.”

It appears that in this area Mocana is again striving for a more comprehensive approach that can embed security features into the widest array of devices. As the company puts it, they will “secure all aspects of device data and communications for any connected device.”

Their platform provides a series of features, all under the marketing heading of “Nano” (NanoCrypto, NanoCert, etc.) These provide a heavy duty cryptographic engine, authentication, secure networking, secure cloud connectivity, remote firmware updating, and other features.

Business Area Strategies

While the mobile data business has been primarily aimed at enterprises, Aisien states that the company does address the top end of the SMB market, primarily with virtual and cloud offerings. While its revenue is dominated by product sales, they are in the process of forming a small professional services group to accommodate customers who have customized needs.

Aisien states that the Atlas enterprise business is entirely a subscription – generally 3-5 year term – business. He says that they have 150 enterprise customers. The IoT business is being transitioned into the subscription model, which is typically charged on a per user, or device, model.

In a case study by Forrester Research (commissioned by Mocana) costs to a large enterprise of using Atlas to serve 4,000 relatively light users and 1,500 “power” users (mostly sales people) were identified as $177 thousand for implementation and annual charges of $303-409 thousand. Aisien said that this was a fairly typical situation.

The Security of Things IoT, platform has over 300 customers. Overall, Aisien told us, they secure over 100 million devices, including even F-35 jet fighters.

The company maintains a small direct salesforce for the IoT business. Aisien states that their emphasis has been on industrial automation, defense and certain selective consumer use cases.

Distribution for the enterprise mobile apps business is largely through partners. Among the high visibility allies are SAP and Apperian.

The company holds over 40 patents. However, Aisien explains that their success is not based upon their patent position, but rather their ongoing ability to deliver new products and address new areas that require security solutions.

Our Take

Our take is that the company’s assessment that the area of “emerging endpoints” offers highly fertile ground for the growth of security solutions for years to come, is quite sound. The major challenge for Mocana, in our view, is that they are a relatively small company trying to address two vast areas of mobile security, which pose different issues, some perhaps technological, but even more so, on the marketing and business strategy side.

In the enterprise sphere, as we have noted in several articles, progress towards mobile “awareness” and strategy is proceeding at a fairly uneven rate among various verticals. However, the need for security solutions is widely understood and the marketing issue for Mocana appears to us to be primarily reliant on its ability to recruit strong distribution partners, SAP being a banner example.

The IoT market is a far different case. The market is chaotic. It is still at a stage where basic solutions and products must be proven out. Once again, the McKinsey/GSA study gives a good description of the unresolved issues, by vertical area for IoT. We realize that a number of industry groups are working on addressing security standards and related issues. This is likely to be a laborious process, not only because standards setting always is, but because there are so many distinctive and new issues raised by the prospect of placing billions of communicating devices around the globe.

By moving ahead rather boldly Mocana has an opportunity to gain a leading position in this emerging area of mobile security. We will be quite interested in their progress.

Visit their website:

1 comment