BlackBerry® PlayBook™ OS 2.0, having made its debut at CES 2012 in Las Vegas, recently joined the family of FIPS 140-2 certified BlackBerry solutions. Along with it, BlackBerry® Device Service, a component of BlackBerry® Mobile Fusion, is now also FIPS 140-2 certified. This is an important certification and a U.S. government computer security standard; many organizations and governments have FIPS 140-2 certification as a requirement for use within their networks.
(As of February 2015, BlackBerry holds 70+ security certifications and approvals from governments.)
Why does FIPS 140-2 certification matter?
Good question! Certifications in general, and this one in particular, are an indication not only of security and reliability, but also of a process in which independent third parties have provided validation. Beyond government, industries like health care and finance also trust in FIPS 140-2 certifications, as both involve the storing of personal and sensitive information.
Hearing from the Business Analyst community
Today we’ve caught up with Eugene Signorini, Senior Vice President of the Yankee Group’s research team, to chat about these recent certifications of BlackBerry PlayBook OS 2.0 and BlackBerry Device Service. Check out the interview below:
[Biz Blog]: Thanks for joining us today! Why don’t you share a bit of info on your experience and what you focus on in your work?
[Eugene Signorini]: I currently lead Yankee Group’s research team, which is 100% focused on mobility trends and issues. Personally, I focus on enterprise mobility, which includes mobile applications, mobility management, mobile device & OS issues for business, mobile payments, and mobile security. I co-founded Yankee Group’s enterprise mobility research practice in 2002 and have been focused on the topic for more than 10 years.
[Biz Blog]: What is the general significance of certifications like FIPS 140-2? Who does this apply to?
Certifications such as FIPS 140-2 provide an important benchmark for organizations when evaluating security credentials for certain devices and solutions. Essentially, for companies with the most stringent standards for security – whether those are for regulatory or compliance issues, or just standard company practice – benefit from these certifications because it removes uncertainty when approving vendors or suppliers. Knowing something is FIPS certified essentially provides a gold standard, a seal of approval for IT and security organizations. This level of security especially applies to government agencies, financial services firms, and health care, where regulatory and compliance standards are rigid, and require the highest levels of data and information protection.
[Biz Blog]: Is security still an important consideration concerning mobile devices?
Security remains top of mind for IT leaders when it comes to implementing mobility solutions. Yankee Group’s June 2012 Enterprise Mobility IT Decision Maker Survey reveals that security remains the number one obstacle for companies in supporting mobile workers. And mobile security ranks third among all IT priorities across the organization, coming behind only cloud-based services and mobile applications.
[Biz Blog]: What are some of the most prominent security challenges facing businesses today, and how are they reacting?
Most companies are increasingly concerned about managing mobile devices, and securing information on those devices. Specifically, the top three security challenges that we’ve seen enterprises facing are secure network access for mobile workers, mitigating potential loss of data or intellectual property, and prevention of malware across multiple devices and operating systems.
[Biz Blog]: How does security extend beyond simple password protection? Should consumers also be concerned about the security built into their smartphones and tablets?
Password protection is really the baseline level of security for mobile devices – it’s a no brainer and something all organizations should implement. After all, the easiest way to expose sensitive information is by a device falling into the wrong hands. However, organizations are quickly coming to the realization that there is more to security than just basic password enforcement. At the end of the day, it’s about protecting the information on the device both in transit and in static state. Consumers are slower to understand the threats related to information security, but recent events such as compromises to passwords on popular social media and consumer cloud sites raise awareness that consumers need protection as well. I anticipate that as more of these incidents occur, consumers will place a much higher value on device and personal information security.
[Biz Blog]: Thanks for joining us and sharing from your experience!
What type of security challenges is your business experiencing? What steps and approaches have been taken to meet them? Share in the comments below.