To borrow from an old quote, the only thing necessary for the triumph of bad mobile platforms is for good security pros to do nothing. As the BlackBerry, by far the most secure of today's broadly adopted mobile platforms, careens toward oblivion, enterprise information security pros may be its last hope.
Security pros in the public and private sector who still believe in the BlackBerry need to encourage their CIOs to make a long-term commitment to the platform, with their words and their organizations' checkbooks.
To recap, things aren't looking good for the BlackBerry these days. It's been hemorrhaging market share in recent quarters, both to the iPhone and various devices based on the market-leading Android platform. It's seen several widespread service outages this year, calling its reliability into question; third-party app developers, the lifeblood of successful mobile platforms, are running from the BlackBerry like a burning building; BlackBerry maker Research In Motion Ltd. has seen its stock price fall more than 70% this year, as its strategic direction seems unclear at best; and let's not even talk about the failing complementary PlayBook tablet (whoever invented tethering deserves a nice long swirlie in a public restroom).
But one of the BlackBerry's key strengths has always been information security. As enterprise mobile security expert Lisa Phifer wrote recently, the BlackBerry operating system includes a robust collection of native security capabilities, such as strong support for password locks, automatic remote wiping, AES encryption of data stored on the device, and integrated data transport protection, all easily managed via flexible policies through the BlackBerry Enterprise Server.
A decade ago RIM smartly positioned the BlackBerry as the secure alternative to the myriad of PDAs and emerging mobile messaging devices, nesting itself in a comfortable perch atop several enterprise verticals where mobile messaging security was a make-or-break proposition for corporate adoption. Chief among those verticals has been government, where federal and local governments flocked to the FIPS 140-2-validated device, at one point reached roughly 300,000 government users in the U.S alone.
Today, the consumerization of IT has eroded what once was BlackBerry's position of strength in the enterprise. BlackBerry security has taken a backseat to rivals' flash and functionality, as users are much more concerned with bringing sexy back to the devices in their pockets and needing a single device for both business and personal use. Many enterprise security teams, some pressured by their own executives, have tacitly allowed these mobile devices onto their networks, choosing to look the other way rather than identify and address the security problems these largely unchecked devices present.
Now, however, the security concerns on consumer-centric mobile devices have become impossible for enterprises to ignore. Apple touts the iPhone's "proven mobile device security and data protection" (.pdf) capabilities, but security researchers have uncovered one flaw after another in its Safari browser, various third-party apps and its underlying iOS. As for Android, the many Android security problems have been covered in this space before, and there is no relief in sight.
Even with the emergence of mobile device management technology, or even a BES that supports third-party devices, enterprises will struggle to secure iPhones and Android devices for years to come, with much greater difficulty and much less success than they have had securing the BlackBerry. The explosive growth of both platforms hasn't gone unnoticed, and crafty attackers have realized mobile malware represents a legitimate opportunity.
While this column would be remiss without noting the BlackBerry has had its share of vulnerabilities too, it has made a strong contribution to enterprise mobile security for years. Now it's time for security pros to return the favor. Without a little help, if its revenue and market share continues to fall, a year or two from now RIM could easily be scooped up by one of its competitors. Imagine the BlackBerry platform being folded into Windows Phone 9. Not for the faint of heart, is it?
So it's time for action. Security pros in the public and private sector who still believe in the BlackBerry need to encourage their CIOs to make a long-term commitment to the platform, with their words and their organizations' checkbooks. Enterprises that have committed development resources to custom BlackBerry apps need to share those success stories and prove to the rest of the enterprise development community there's an opportunity to develop a thriving third-party application ecosystem that doesn't sacrifice security for functionality. And in this era of Twitter, Facebook, LinkedIn and the like, it's easy to rally others to join the cause.
Granted, the BlackBerry has an uphill battle. Without a dramatic course correction from within, with or without information security pros advocating on its behalf, RIM and its BlackBerry are likely facing a bleak future. The iPhone is still going to be cooler, and the Android is going to be cooler and cheaper. But there is hope, if security pros want there to be. So ask not what the BlackBerry can do for you, but what you can do for the BlackBerry, before it's too late.
About the author:
Eric B. Parizo is senior site editor of TechTarget's Security Media Group. His rants can be heard each month on SearchSecurity.com's Security Squad podcast.
This was first published in November 2011