Are BlackBerry security features still an enterprise differentiator?

While BlackBerry's CEO touts the mobile platform's security features, experts question whether the advantage over iOS and Android still exists.

In a period when information security has arguably become the top IT priority in corporations worldwide, can security -- or at least the perception of security -- be a differentiator in the mobile device platform market? One long-struggling device maker is about to find out.

BlackBerry Ltd. was long the go-to choice for mobile devices in the enterprise, but that position of strength has deteriorated in recent years; consumer-oriented devices running Apple's iOS and Google's Android have penetrated enterprise environments via the bring your own device (BYOD) movement. BlackBerry's downward spiral has hastened some organizations' migrations, with some too concerned by the company's financial status to invest in technology whose future seems less certain than its rivals.

Waterloo, Ontario, Canada-based BlackBerry, formerly known as Research in Motion, has seemingly stabilized in recent months, with the firm's stock up more than 33% this year at press time. Recently installed BlackBerry CEO John Chen has sought to win back enterprise customers by evangelizing what he sees as his company's advantage in mobile platform security, but industry observers question whether such a strategy can turn around the company's fortunes and whether there is truly a meaningful gap between the BlackBerry security model and its competitors.

Does BlackBerry security still sell?

At the end of the day, BlackBerry knows security. They take it very seriously and are enhancing the flexibility and control that a firm can use to manage their devices effectively.
Steve Sumnerdirector of IT, Taylor Vinters

The general public's interest in BlackBerry devices has declined since the introduction of iOS and Android devices, as the company repeatedly stumbled in making the touch-screen devices that consumers want and filling them with the popular mobile applications they demand.

Chris Hazelton, research director for enterprise mobility at New York-based 451 Research, said that negative view seemingly hasn't extended to security-focused IT decision makers though. Recent 451 survey data had 45% of enterprise respondents give BlackBerry a "very secure" rating, according to Hazelton, while only 26% gave iOS -- the mobile platform most often touted as the secure option in a post-BlackBerry world -- the same rating. Android and Windows Phone 8 were even further behind with 11% and 9% of respondents, respectively.

Hazelton said he was not surprised by those results because, while BlackBerry has touted the security features inherent in its platform since RIM was first formed, the likes of Apple and Google have only recently made security part of their pitch to enterprises, moving beyond emphasizing employees' willingness to buy devices themselves so they can use the thousands of compatible mobile apps.

Android and iOS security concerns have also, in part, kept BlackBerry devices in the hands of some high-profile figures, including many CEO and board-level types, Hazelton noted, which feeds the perception that BlackBerry is a necessity for security-conscious individuals and organizations. Google CEO Eric Schmidt clung to his BlackBerry well beyond the time when Android devices made their way to market, though he reportedly switched last year; President Barack Obama was notably allowed to keep his BlackBerry device, a first for a U.S. president, because it was the only option his IT security team would permit.

While 20% of those organizations surveyed by 451 Research have decided to transition to iOS devices, Hazelton said that 27% have committed to continue using only BlackBerry for at least the near-term.

"That shows that there is a significant core of the enterprise that is wedded to BlackBerry," said Hazelton.

BlackBerry security: A changing reality?

Though 451's market statistics provide hope for BlackBerry and its customers, Hazelton questioned whether the perception held by some of those surveyed is rooted in BlackBerry's past more than its present.

In particular, Hazelton wagered that many of those surveyed still persist with legacy BlackBerry 7 devices, which in the past were deployed in conjunction with BlackBerry Enterprise Server (BES) 5. That model allowed enterprise IT teams to maintain essentially full control over the devices because all data, including email, was transmitted through BlackBerry's back-end infrastructure.

The introduction of BlackBerry 10 devices and BES 10 has changed that recipe by allowing organizations to handle email through Microsoft's Exchange infrastructure -- a move that Hazelton says eliminates BlackBerry's security advantage over iOS.

"With BlackBerry 7, you can lock down everything," said Hazelton. "I think there would be a close level between BlackBerry 10 and iOS 6 and 7 because that email is going through Exchange versus the BlackBerry infrastructure. If you were to put iOS 7, and even to a degree Android, under mobile device management, you can make that device pretty secure."

Steve Sumner, director of IT for U.K.-based law firm Taylor Vinters, agreed that having BlackBerry 10 devices connect directly to Exchange is problematic from a security perspective, but emphasized that the option isn't mandatory.

Indeed, Sumner, whose firm has deployed company-owned BlackBerry 10 devices to nearly all of its 93 users, said that BlackBerry offers BES 10 customers with a licensing option to hold encrypted email content in a secure workspace. Enabling that option means messages to and from BlackBerry 10 devices are transmitted securely through port 3101.

"[It's] effectively the same as older versions of BES," said Sumner.

That level of support is vital for Taylor Vinters, according to Sumner, because legal firms in the U.K. are subjected to regulation by the Solicitors Regulation Authority, who he said have a "deep interest" in ensuring they maintain a certain level of service and confidentiality regardless of circumstances. BlackBerry recently claimed that 74% of the U.K.'s top 31 law firms are using or evaluating BlackBerry technologies, a statistic that Sumner said is realistic considering the security demands that such firms need to meet.

"At the end of the day, BlackBerry knows security. They take it very seriously and are enhancing the flexibility and control that a firm can use to manage their devices effectively," said Sumner. "We are also in a position where we can react to increased regulatory requirements quickly and easily if needed. I know of other major firms having a similar approach [as Taylor Vinters]."

Security key to BlackBerry's future

Jack Gold, president and principal analyst for J. Gold Associates, said that while BlackBerry has experienced rocky times in recent years, security will likely need to be its saving grace if it will continue to operate independently. However, he said the company may need to move past its traditional security model, which involves control of both the mobile device and the server, if it wants to compete for enterprise customers that no longer want to roll out BlackBerry devices.

An organization running BlackBerry devices through BlackBerry infrastructure will indeed get the best security available among current major mobile platform players, Gold noted, but for many enterprises, iOS or Android devices in conjunction with burgeoning enterprise mobile management (EMM) suites provide enough security so "they don't worry too much about it."

If the BYOD movement continues to dominate the enterprise landscape, Gold said that BlackBerry will likely struggle selling devices when app creators focus almost entirely on the iOS and Android app markets. The company even faces upstart challengers in Boeing Co.'s Black smartphone and SGP Technologies Ltd.'s Blackphone that are built to focus on data security and privacy, potentially chipping away at BlackBerry loyalists in enterprise environments.

BlackBerry made the important step of opening up BES 10 to iOS and Android devices though, said Gold, which places its BES squarely into the growing EMM market against other established players like Good Technology Corp. and MobileIron Inc. As for why an enterprise would choose BES 10 over those vendors, Gold said there are currently two primary reasons: the ability to manage BlackBerry devices, if needed, along with iOS and Android, and competitive pricing.

Still, industry observers concur that BlackBerry must hone its BES 10 strategy if it wants to achieve broad adoption among organizations without large BlackBerry user bases. Hazelton noted that he hasn't seen much non-BlackBerry interest in BES, and Sumner said his firm experienced several problems when it tested an iOS and Android rollout in conjunction with BES 10.

"The BES 10 deployments to incorporate Android and iOS devices were not simple things to do," said Sumner. "We operate in a managed service environment, so all the various firewall rules had to be passed through strict change control processes with our providers. To be secure, you have to apply the good practice installation guides so [that] only the proper ports and addresses are open."

Michael K. Brown, vice president, security product management and research for BlackBerry, said that planned released of BES 12 in the fall will further the company's EMM scalability and management options, as well as provide support for Windows devices. Brown also emphasized that BlackBerry offers the most complete mobile security services available, with the firm holding more security certifications than any other vendor in the space and Full Operational Capability to operate on U.S. Department of Defense networks.

If the vendor can refine BES to work well with non-BlackBerry devices, combined with the niche following of BlackBerry users that want keyboard-style devices, Gold said there is enough positive momentum for the company to survive for the foreseeable future.

"If what you're concerned about is nice secure applications, especially around email," said Gold, "and you're looking that you make sure you have the highest level of security, BlackBerry is actually a pretty good choice."

Next Steps

For organizations considering the switch from BlackBerry to iOS, resident application and platform security expert Michael Cobb offers his take on iOS security issues, and Securosis CEO Rich Mogull provides a rundown of iOS 7 security features.

Dig deeper on Handheld and Mobile Device Security Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Brandan Blevins asks:

If security were a top priority, would your organization consider BlackBerry mobile device technology?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close