frost & sullivan best practices award€¦ · industry challenges ... best practices...

FROST & SULLIVAN BEST PRACTICES AWARD

Visionary Innovation Leadership Award 2019

DEVICE SECURITY MANAGEMENT PLATFORM - NORTH AMERICA

BEST PRACTICES RESEARCH

© Frost & Sullivan 2019 2 “We Accelerate Growth”

Contents Background and Company Performance ...................................................................... 3

Industry Challenges............................................................................................ 3

Focus on the Future and Best Practices Implementation of Mocana ............................ 3

Conclusion ........................................................................................................ 7

Significance of Visionary Innovation Leadership ............................................................ 8

Understanding Visionary Innovation Leadership ............................................................ 8

Key Benchmarking Criteria .................................................................................. 9

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ............................................................................................................... 10

The Intersection between 360-Degree Research and Best Practices Awards .................... 11

Research Methodology ...................................................................................... 11

About Frost & Sullivan ............................................................................................ 11



Background and Company Performance

Industry Challenges

As technology companies develop new Internet-connected devices and connectivity becomes increasingly available, more organizations are leveraging the Internet of Things (IoT) technologies. Frost & Sullivan research shows the total number of IoT devices will grow from 12.44 billion in 2016 to over 45.41 billion in 2023 at a global compound annual growth rate of 20.3%.1 IoT delivers a myriad of benefits and capabilities that were once unachievable through organizations’ traditional operations. For instance, organizations are using IoT technologies to remotely monitor and control a variety of consumer and enterprise devices to manage smart homes, buildings and cities. Industrial businesses are using IoT to improve operational performance and reduce equipment maintenance costs. Unfortunately, this growing connected world increases a network’s attack surface, strengthening a hacker’s ability to access a business’ vulnerable devices.

Furthermore, as the industrial sector began its adoption of IoT technologies, the industry quickly discovered a myriad of unique market challenges and risks specific to industrial customers. Under industrial IoT, organizations must not only struggle with changing security postures with their information technology (IT) systems, but they must also focus on protecting their operational technology (OT) systems, highlighting a new set of challenges. Typical IT cybersecurity solutions either cannot or do not address the security needs of OT systems, causing customers to cobble together disparate security solutions, often creating gaps in their security coverage and leaving them vulnerable or non-compliant with industry standards. Furthermore, organizations are often unprepared to address device-level vulnerabilities resulting from a lack of device-level security protections. An organization that experiences a breach from a cyber-attack can potentially face costly lawsuits or regulatory fines as well as the loss of revenue and customers’ trust. The U.S. government estimates that cyber-attacks cost businesses between $57 to $109 billion per year2. These consequences prompt businesses to seek sufficient protection to maintain a resilient cybersecurity posture, particularly for industrial organizations that need to secure their OT systems.

Focus on the Future and Best Practices Implementation of Mocana

Founded in 2002, Sunnyvale-based Mocana provides comprehensive and compliant device security solutions to protect critical infrastructure and IoT and reduce the cost and risks of managing security. Mocana TrustCenter™ and TrustPoint™ automate and simplify the management of the IoT security lifecycle. The company’s cybersecurity software platform simplifies the integration of mission-critical security into industrial and IoT devices. Mocana protects more than 100 million devices and is trusted by the largest aerospace,

1 Frost & Sullivan, ICS Cybersecurity Market Watch, October 2017. 2 U.S. White House Council of Economic Advisors, CEA Report: The Cost of Malicious Cyber Activity to the U.S. Economy



industrial, energy, healthcare, and communications companies, including globally renowned brands such as ABB, General Electric, HP, Intel, Schneider Electric, Verizon, and Xerox.

Mocana’s Revolutionary IoT and Industrial Cybersecurity Platforms

Mocana TrustCenter™ is an automated security lifecycle management platform that enables clients to secure their IoT and industrial devices and the data stored and transmitted between such devices. TrustCenter™ provides zero-touch provisioning and management of device credentials such as private keys, digital certificates and other device IDs and credentials. TrustCenter™ also enables automated secure firmware and software updates that go beyond insecure manual processes such as USB stick updates or other insecure remote file transfer methodologies. Mocana enables companies to scale the management of IoT security through automation and orchestration, reducing the risks that result from human error or stolen device credentials. This allows higher productivity and lower operational security costs by removing the need to deploy and configure device credentials and updates on each device manually. The platform enables customers to manage every aspect of device enrollment and onboarding as well as ensures supply chain integrity by securing devices and their data at each of the manufacturing stages until the product’s end-of-life.

Mocana TrustPoint™ is a comprehensive on-device security software for industrial and IoT that enables devices, such as sensors, drives, controllers, gateways, and server-class systems, to protect them from the inside out. Mocana is delivered as cybersecurity software that is compiled into device applications or installed on device operating systems or real-time operating systems. TrustPoint™ offers developer-friendly software development tools such as source code, binaries, sample code, and application programming interfaces (APIs), allowing device and software developers to more easily integrate cybersecurity controls into their devices.

TrustPoint™ enables customers to simplify and accelerate integration with software and hardware-based security because the platform comes pre-compatible with 30 real-time operating systems and over 70 chipsets, including a variety of secure elements.

Trustpoint™ uses the company’s own FIPS 140-2 Level 1 validated cryptographic engine and software development tools to implement device-level mutual authentication, extended authentication for passwords, secure communications (IPSec, TLS/SSL, multicast, wireless, etc.), data and device integrity (secure boot, trust chaining, code signing), and on-device firewall. Used to protect both military and commercial systems, the platform ensures that a device is in a trusted state before allowing it to communicate with other systems, protecting clients from hackers trying to gain access to their ecosystem through an unauthorized device in an attempt to steal data or deploy malware, ransomware, viruses, or other malicious threats. Furthermore, Mocana TrustPoint™ enables customers to meet the following standards: FIPS 140-2 Level 1, IEC 62443-3-3



SL4, US NIST 800-53, US NIST 800-63 AAL3, FISMA High, and IIC Endpoint Security Best Practices (ESBP), and NERC CIP 003.

Mocana TrustCenter™ and TrustPoint™: Comprehensive Device Security

Due to the features and capabilities of Mocana’s solutions, commercial and military clients can now secure their IoT and OT ecosystems adequately through a user-friendly interface that increases productivity and return on investment and decreases operational expenditures. By combining Mocana TrustCenter™ and TrustPoint™, customers can scale the management of security for IoT devices and ensure that devices can be trusted and meet industry compliance standards. The company’s technology makes endpoints and gateways tamperproof through strong cybersecurity that can meet the highest levels of authentication assurance. Mocana’s solutions provide clients with unparalleled security through:

Orchestration: complete end-to-end control of the provisioning and management of the IoT device security lifecycle

Developer-friendly Tools: simple set of software development tools, sample code, APIs, a trust abstraction layer for novice and expert cybersecurity software developers

Pre-Integrated Solutions: Mocana TrustPoint™ is integrated with more than 70 chipsets and 30 OSes and RTOSes; and Mocana TrustCenter™ is integrated with leading public cloud platforms, certificate authorities and business systems

Automated Systems: zero-touch provisioning and management of device credentials, keys, digital certificates, software and firmware updates

Standards-based Support: supports standards-based network protocols and cryptographic algorithms for easy integration with OT and IT systems; Mocana TrustPoint™ contains no open source software

Efficient Design: Mocana’s endpoint security software and cryptographic engine is based on a small and high-performance code base designed for both greenfield and brownfield deployments

Proven: Mocana’s solutions protect more than 100 million mission-critical devices in both defense and commercial applications

Compliant: Mocana’s solutions and expertise enable compliance with a broad range of cybersecurity standards such as: FIPS 140-2, IEC 62443, NERC CIP 003, NIST 800-53, NIST 80-63, DO-178

Comprehensive Platform: Mocana’s solutions provide the protection, provisioning, management to secure the supply chain during the entire lifecycle of the device



Impressive Partnerships and Exceptional Customer Support

Mocana works closely with partners to ensure its technology integrates seamlessly and to educate all stakeholders in the market; both contribute to increased revenue for Mocana and its partners. The company’s robust partner network consists of several security industry leaders such as Amazon Web Services, Arm, DDC-I, Digicert, FreeRTOS, Gemalto, General Electric, GlobalSign, Infineon Technologies, Intel, Macnica, Microsoft, NXP, Nuvoton, PrimeKey, Qualcomm, RTI, SAP, ST, ThreadX, Ubuntu, Unified Automation, Verizon, Wind River, and Xilinx. Due to Mocana’s cutting-edge technology, it protects more than 100 million devices, including commercial aircraft, fighter jets, helicopters, industrial automation and controls, medical devices, network gateways, set-top boxes, surveillance cameras, tanks, and thermostats. The company boasts 200 of the largest aerospace, defense, energy, industrial manufacturing, transportation, and utility companies among its customer base.

Mocana develops strong relationships with clients, starting by understanding the customer’s business goals and technical requirements, educating them on its technology, demonstrating its solutions’ capabilities through a proof-of-concept, and working with customers to customize and configure the platforms to meet their particular needs. Mocana ensures success by helping its customers to achieve their business goals of driving revenue, launching new secure products and services, reducing operational security costs and managing IoT cybersecurity risks.

“Supply chain integrity is one of the most important challenges facing the industrial IoT. Mocana’s IoT Trust Platform is tackling this problem head-on by automating device enrollment and security provisioning. With tools for both supplier and OEMs, Mocana’s Trust Service will simplify enrollment and secure updates.”

–Ed Amoroso, CEO, TAG Cyber, LLC.

“Our partnership with Mocana focuses on comprehensive security as we work toward providing customers with an easy and effective way to harden their operational technologies.”

–Joerg Borchert, Vice President of Chip Card Security, Infineon Technologies



Conclusion

Many Internet of Things (IoT) and industrial cybersecurity vendors continue to offer information technology (IT) network security solutions and operational technology (OT) process controls; however, these approaches leave devices vulnerable to cyber-attacks. Mocana developed its industry-leading automated TrustCenter™ and TrustPoint™ platforms to meet this market imperative for stronger device-level security controls. The company’s solutions ensure that both commercial and military clients meet strict industry compliance standards and can prove unparalleled device and data integrity and tamper resistance. With its innovative solutions, powerful partner network, and strong overall performance, Mocana earns Frost & Sullivan’s 2019 North America Visionary Innovation Leadership Award in the Device Security Management Platform industry.



Significance of Visionary Innovation Leadership A Visionary Innovation Leadership position enables a market participant to deliver highly competitive products and solutions that transform the way individuals and businesses perform their daily activities. Such products and solutions set new, long-lasting trends in how technologies are deployed and consumed by businesses and end users. Most important, they deliver unique and differentiated benefits that can greatly improve business performance as well as individuals’ work and personal lives. These improvements are measured by customer demand, brand strength, and competitive positioning.

Understanding Visionary Innovation Leadership Visionary Innovation is the ability to innovate today in the light of perceived changes and opportunities that will arise from Mega Trends in the future. It is the ability to scout and detect unmet (and as yet undefined) needs and proactively address them with disruptive solutions that cater to new and unique customers, lifestyles, technologies, and markets. At the heart of visionary innovation is a deep understanding of the implications and global



ramifications of Mega Trends, leading to correct identification and ultimate capture of niche and white-space market opportunities in the future.

Key Benchmarking Criteria For the Visionary Innovation Leadership Award, Frost & Sullivan analysts independently evaluated two key factors—Focus on the Future and Best Practices Implementation—according to the criteria identified below.

Focus on the Future Criterion 1: Focus on Unmet Needs Criterion 2: Visionary Scenarios through Mega Trends Criterion 3: Growth Pipeline Criterion 4: Blue Ocean Strategy Criterion 5: Growth Performance

Best Practices Implementation Criterion 1: Vision Alignment Criterion 2: Process Design Criterion 3: Operational Efficiency Criterion 4: Technological Sophistication

Criterion 5: Company Culture



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess their fit with select best practice criteria. The reputation and integrity of the Awards are based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify Award recipient candidates from around the globe

Conduct in-depth industry research

Identify emerging sectors Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

Interview thought leaders and industry practitioners

Assess candidates’ fit with best-practice criteria

Rank all candidates

Matrix positioning of all candidates’ performance relative to one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

Confirm best-practice criteria Examine eligibility of all

candidates Identify any information gaps

Detailed profiles of all ranked candidates

4 Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

Brainstorm ranking options Invite multiple perspectives

on candidates’ performance Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5 Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

Share findings Strengthen cases for

candidate eligibility Prioritize candidates

Refined list of prioritized Award candidates

6 Conduct global industry review

Build consensus on Award candidates’ eligibility

Hold global team meeting to review all candidates

Pressure-test fit with criteria Confirm inclusion of all

eligible candidates

Final list of eligible Award candidates, representing success stories worldwide

7 Perform quality check

Develop official Award consideration materials

Perform final performance benchmarking activities

Write nominations Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8 Reconnect with panel of industry experts

Finalize the selection of the best-practice Award recipient

Review analysis with panel Build consensus Select recipient

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform Award recipient of Award recognition

Present Award to the CEO Inspire the organization for

continued success Celebrate the recipient’s

performance

Announcement of Award and plan for how recipient can use the Award to enhance the brand



STEP OBJECTIVE KEY ACTIVITIES OUTPUT

10 Take strategic action

Upon licensing, company is able to share Award news with stakeholders and customers

Coordinate media outreach Design a marketing plan Assess Award’s role in future

strategic planning

Widespread awareness of recipient’s Award status among investors, media personnel, and employees

The Intersection between 360-Degree Research and Best Practices Awards Research Methodology Frost & Sullivan’s 360-degree research methodology represents the analytical rigor of our research process. It offers a 360-degree-view of industry challenges, trends, and issues by integrating all 7 of Frost & Sullivan's research methodologies. Too often companies make important growth decisions based on a narrow understanding of their environment, leading to errors of both omission and commission. Successful growth strategies are founded on a thorough understanding of market, technical, economic, financial, customer, best practices, and demographic analyses. The integration of these research disciplines into the 360-degree research methodology provides an evaluation platform for benchmarking industry players and for identifying those performing at best-in-class levels.

About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages more than 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from 45 offices on six continents. To join our Growth Partnership, please visit http://www.frost.com.

360-DEGREE RESEARCH: SEEING ORDER IN THE CHAOS

frost & sullivan best practices award€¦ · industry challenges ... best practices...

Documents