Lookout, a mobile security company which previously focused on consumer protections and anti-malware services, is today taking a step to expand its footprint further with the launch of a new, standalone product for business. Arriving later this year, Lookout for Business intends to allow larger organizations the ability to secure mobile devices attaching to the network – like the employee-owned smartphones and tablets arriving via BYOD (bring-your-own-device) programs.
For those unfamiliar, Lookout’s Mobile Security applications for Android (including Kindle) and iOS devices have historically helped to identify and block threats on consumers’ phones and tablets, including blocking and alerting to mobile malware, phishing attempts, malicious websites, and apps that try to grab too much of a user’s personal information. The company also offers mobile backup solutions as well as its own take on Apple’s “Find my iPhone,” with a service that can track down and remotely wipe lost or stolen mobile devices.
It makes sense for Lookout, today with 45 million users on board its flagship product, to now turn more of its attention to the business world, where the line between consumer and enterprise is blurring as consumer devices become employees’ phones and tablets. Here, the Lookout for Business platform will allow I.T. departments to augment their existing MDM (mobile device management) programs with protection against mobile threats like spyware, malware, phishing attacks, and new ones yet to arrive.
Lookout’s Consumer-First Strategy As A Means To The Enterprise
Lookout chose a different path to the mobile security enterprise market than others by first developing a product that consumers would adopt on their own. When the company was founded back in 2007, its focus was Windows Mobile (no, not Windows Phone!) security solutions. But when the iPhone and Android later appeared, Lookout realized it had reached a fork in the road.
According to Lookout CTO Kevin Mahaffey, though focusing on businesses may have seemed like the obvious next step, Lookout chose to address the consumer market first. “That was kind of weird – from the outside, at least. We made a bet on this shifting of how I.T. works,” he explains.
In other words, Lookout bet on the trend now commonly referred to as the “consumerization of I.T.” No longer would I.T. departments be able to lock down employees’ devices in the same way they once locked down PCs, though the first generation of MDM companies may have certainly tried. This was a notable power shift in organizations, where before I.T. dictated policy. Now, CEOs told I.T. staff: “well, I’m using my iPhone. Figure it out.” (Yes, speaking from personal experience on that one.)
But the employees bringing their own devices to work would either find their private data and devices in I.T.’s hands when they submitted to having their personal phone secured, or they would end up carrying two phones. Neither solution is ideal.
This was Lookout’s opportunity. It first aimed to build a service consumers would adopt on their own, then use that to shuttle their way into the business world. In part thanks to Android’s publish first, ask questions later app marketplace (a marketplace which only last month received even the most basic protections in terms of banning apps from making changes without user consent!), it soon became easy enough to convince consumers that smartphone devices needed protection too.
According to Mahaffey, around a year and a half ago, the company’s consumer-first strategy began to pay off. It started to receive inbound requests from businesses looking to buy licenses in bulk, and to date, they’ve received “thousands of inbound requests,” he says. In addition, the company claims that over half of the Fortune 1000 already has employees using Lookout on their work devices.
How Lookout Differs From Traditional Anti-Malware Services
Though the company isn’t yet discussing the specific feature set of the Lookout for Business offering, there will clearly be a lot of overlap with the technologies Lookout has already developed. For instance, the company offers remote wipe, and lost device location services (as do many MDMs), but it also has developed a different strategy to fight mobile malware and threats.
Traditional anti-virus vendors for PCs used signature-based protections via downloads of a virus definition file. Mahaffey explains that Lookout didn’t want to use the same methodology when building for mobile, because mobile simply changed too quickly. The solution, it turned out, was to build a data set of every application – every binary – in the world. Today, Lookout uses that data to develop its own matching technology that can identify bad blocks of code known to be associated with malware or even just resemble it. And it can catch it earlier, too.
“For example, if an enterprise has an application on their network that doesn’t match any signature, but also doesn’t do anything bad, most anti-viruses would say that it’s okay,” says Mahaffey. “But our backend system can tell it has a fingerprint that’s similar to someone who has written malware in China, and that this application is nowhere else in the world.” I.T. could then flag and block the app, even before it had begun its strike.
Of course, Lookout took a risk by arriving to the enterprise later than others. It will face a lot of competition from various mobile security products in the industry, including anti-malware products from traditional firms like Symantec, Trend Micro, McAfee, etc., as well as those from bigger, established players like IBM, MobileIron, Air-Watch and other MDM makers. But the bet Lookout is making now is that enterprise will go for best-of-breed products for mobile (which it believes it is), or businesses will see room to fit in Lookout in a lineup which already includes an existing MDM system.
But the company’s secret to enterprise entry may actually be the back door: the employees. Like any good “consumerization of I.T.” product, the battle was first fought for consumer mindshare, not for room in the I.T. budget. The Lookout for Business product will likely have some feature that will help switch on or over those consumer installations to bring aspects of the device under I.T. management. (While still respecting user privacy, of course, lest there be a backlash.)
Ahead of the public launch of Lookout for Business, the company says it has also secured a partnership with Samsung, which will see its service pre-loaded on all new Samsung KNOX devices – Samsung’s secure device offering for enterprise. On KNOX, Lookout will provide real-time, cloud-based scanning to protect against malware, web-based threats and privacy breaches. If Android is the new Windows, and Samsung is the leading OEM, that’s a good partner for Lookout to have on hand.
Lookout for Business is currently in private beta trials after having quietly launched a page on the Lookout website detailing its forthcoming product roadmap in this area. The company will offer more product details and pricing before year-end.