Security Experts:

BlackBerry CSO Talks Enterprise Mobility Management

Any organization that operates a mobile work policy, whether that's through a Bring Your Own Device (BYOD) or company owned device approach, must consider an enterprise mobility management system. Gartner recently published a Magic Quadrant to help organizations choose which products to consider.

"BlackBerry," said BlackBerry CSO David Kleidermacher in conversation with SecurityWeek, "was named one of the 'leaders'. That's not surprising," he added, "given our acquisition of Good Technology  -- the market leader in terms of market share. But there are five other 'leaders' in the Quadrant; and purchasers need to be able to select which to adopt." Here he suggested that buyers turn to an associated Gartner report: Critical Capabilities for High-Security Mobility Management.

This report looks in greater detail at the six 'leaders' and 13 other mobility management products. In a blog post last week, Kleidermacher noted that Gartner "gave BlackBerry the highest score in 6 out of 6 use cases in its 'Critical Capabilities for High-Security Mobility Management' report, which provides vital guidance to help companies select vendors that offer enterprise mobility management (EMM) solutions."

Those six categories are High-Security Government Grade; High-Security Commercial; Shared Data; Shared Devices; Nonemployee; and Bring Your Own (BYO). Other high scoring products include Atos, Samsung, MobileIron, Citrix and IBM -- but none is as consistent as BlackBerry. 

The BlackBerry product, named Good Secure EMM Suites, merges the features of BlackBerry Enterprise Server (BES12), Good Collaboration Apps, Good Dynamics and WatchDox Enterprise (also acquired by BlackBerry last year). The result is an EMM product that can be used with BlackBerry PRIV, DTEK50, Android and iOS devices; although not all functionality is available for all platforms. One area currently lacking in the product is anti-malware and app reputation support, although these can be provided via third-party applications.

Gartner's reports are ultimately 'reputation' reports that draw on their own expertise and feedback from thousands of users.

For example, the report comments, "Feedback from highly regulated clients indicates that the PRIV is not considered as a substitute for the protection levels of the BB10 platform."

This is reputation, rather than a low-level technical comparative test; and Kleidermacher believes that a lack of adequate mobile security testing standards has led to a generally low level of user confidence. That's why, he told SecurityWeek, he has launched the new BlackBerry Shield initiative. 

"When we talk to our customers," he said, "they are concerned that they don't really know whether all of their defenses can adequately protect them." There's a low level of confidence in the field he said. His response was to acquire a professional services firm to which he has added BlackBerry's own vulnerability testing experts to provide the 'Shield' as a service to customers.

"BlackBerry Shield," he said, "is the check-up," likening it to getting a medical diagnosis from a doctor. "Within a 90 minutes conversation, Shield reviews 100 controls -- technical, administrative and governance -- and provides a confidential written report that scores all of the customer's individual controls." It's not in itself the cure, but helps the customer understand the most urgent problems. 

Shield is not a BlackBerry product. It's a free service that is vendor agnostic.

"It's our attempt," said Kleidermacher, "to counter the customers' lack of confidence and help push the market in the right direction." It is also, he said, cross-sector. Since different industries have different risks and even risk levels, each assessment for each control is based on a number of different factors including the risk to the customer's own business. "So someone who does something in a bank might get a red mark, while the same behavior in an SMB might be yellow or green because the risk is different."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.