When I’ve got questions, challenges, or thoughts about security, I’m lucky to be just a phone call away from Michael K. Brown, the VP of Security Product Management & Research at Research In Motion (RIM). Earlier this month, as we hopped around the globe hosting the BlackBerry® 10 Jam World Tour – Enterprise Edition events, a few questions came up about mobile applications for enterprise and concerns around security – so sure enough, I gave Mike a ring. Check out our chat below:
Hi Michael, thanks for joining me today! In your opinion, to what degree should security be a concern when developers work on creating business apps?
Security is key because it actually enables you to be confident in working with corporate data. When you know that you can rely upon the way data is sent to and from the mobile device and how the data is stored on it, you can let the application access more, process more, and be more powerful in its benefits for a business. So if you choose a platform that is taking care of many of the base security threats, then you’re free to build an even more powerful application.
Will BlackBerry® continue to lead in the area of mobile data security with the upcoming BlackBerry® 10 platform?
From the very beginning, security has been a pillar of how we design and build our enterprise solution, from the handhelds, to the operating system, to the applications. Over the past decade, this has evolved – from our first Mobile Device Management (MDM) controls to let administrators manage the new thing called “mobile”, to more advanced technologies like process separation, stack cookies, and ASLR. We’re very excited to keep pushing the envelope with BlackBerry 10 and do even more! BlackBerry® Balance™ technology is a great example of that continued emphasis on security, and creating a great user experience along with it.
How is the BlackBerry platform unique in helping enterprise developers create secure business applications?
We approach security as key aspect of the entire platform. This end-to-end view makes creating secure business applications that much easier. With BlackBerry transport encryption and MDS-CS, we give the developer an efficient, always-on, encrypted connection to the application back end in the enterprise. With data at rest encryption and strong cryptographic APIs, we give the developer native methods to protect data stored locally on the device. With the upcoming BlackBerry® Enterprise Service 10 and BlackBerry App World™ for Work, developers know that the administrator can easily push an application to all appropriate users. In our developer documentation, we give developers tips on how to write secure code within the Native SDK. And with our emphasis on Security Certifications, the developer knows that they can focus on selling the virtues of their app to the customer, and not have to worry about convincing the customer on the security of the platform.
(As of February 2015, BlackBerry holds 70+ security certifications and approvals from governments.)
Do you see BYOD as a threat to the security of enterprise data? How can this be handled?
Bring Your Own Device (BYOD) provides a great opportunity for an enterprise in that it helps push the benefits of mobility to its user base. The challenge is in enabling employee choice without compromising the security of corporate data and driving up support costs through complexity of administration. Through BlackBerry® Mobile Fusion and the upcoming BlackBerry Enterprise Service 10, administrators can manage the complexity of the entire mobile deployment – BlackBerry smartphones, BlackBerry® PlayBook™ tablets, iOS®, and Android™ – through a single console. And with BlackBerry Balance technology, they can provide BlackBerry device users with a best of both worlds in a BYOD solution – strong separation of personal and corporate data but a unified experience for the employee on a single device.
In your involvement with security research, can you highlight any interesting and relevant trends that you’re seeing in terms of security and enterprise apps?
The joy of focusing on the field of security is that it is constantly changing and evolving. We have the merging of traditional desktop computer threats along with the new threats from the more uniquely mobile arena, such as location-based services and cellular radios. An interesting trend right now is around NFC usage. Most often NFC is considered as a credit or debit card replacement, but where it is also coming up is in Physical Access Control – for example, the work we have been doing with HID. Using my BlackBerry smartphone to open a door is hugely powerful, especially since that means you can remotely manage my access card!
Thanks again for the insights, Mike!
Do you have questions about security and business apps? Share in the comments below.