Hillary Clinton’s alleged use of a personal e-mail account for sensitive government communication has received lots of media attention. Clinton’s stated reason for using the private account was an unwillingness to carry two devices: one for personal use and one for work. TV pundits speculate on her motives and how mobile technology may have been used or abused. But if we move past the politics, what should we really take away from this situation?
First, security depends on humans, as well as technology, doing the right thing. POTUS could tweet top secret information but chooses not to. We must always think how to minimize privilege, including access to sensitive information. Secondly, technologists must make security easy to use — otherwise users will intentionally or inadvertently circumvent controls in order to get their jobs done.
Another aspect important to understand is the impact of government regulation on mobility for people like Clinton: current U.S. policy does not permit concurrent access to general Internet services and a classified network on a single commercial smartphone. This is known as a “cross-domain solution” (CDS), and so far cross-domain access is limited only to specialized PCs and thin clients operating in physically-secure locations.
Of course, CDS policy does not apply to enterprises or the vast majority of government users. For more than a decade, BlackBerry has offered the ability to manage multiple e-mail accounts on a single device, and BlackBerry’s Secure Work Space products go much further, enabling users to access their full suites of private/personal and work applications and data, securely isolated on any device – BlackBerry, iOS, or Android.
BlackBerry works hard to make jumping between work and personal content a great user experience, and we apply the same security-by-simplicity mantra to IT – ensuring our BES enterprise mobility management platform is easy to deploy and administer. Of course, there are tens of thousands of man-years of BlackBerry security investment and know-how under the hood, ensuring privacy for the personal domain and security for the work domain. But mobile security technology must always treat productivity as a first-class requirement.