How RIM secured the Blackberry

Businesses tend to underestimate the complexity of giving their workforce access to secure mobile devices, says Blackberry maker Research In Motion (RIM).

Businesses tend to underestimate the complexity of giving their workforce access to secure mobile devices, says Blackberry maker Research In Motion (RIM).

Companies make the mistake of believing they can apply the same approach to security for mobile devices as they do in the rest of IT, said Sinisha Patkovic, senior manager, Blackberry security RIM, France.

"Although the threats are the same, the limited resources of mobile devices demand an entirely different approach," he told Computer Weekly at the ISSE 2009 security conference in The Hague.

Most IT departments deal with each new security challenge by adding a specialised software client on enterprise PCs to take care of it without any noticeable impact on performance, he said.

"But mobile devices can handle only a very limited number of such data protection and other security clients before performance is seriously reduced," he said.

According to Patkovic, the only way around this barrier is to optimise everything for use in the mobile world, for example by automatically encrypting data on the device.

RIM has created a single piece of management software that sits on an enterprise server behind the organisation's firewall.

"In this way, the business can manage all its mobile devices remotely from a central point to set and enforce access policies and automatically encrypt all wireless data movement," said Patkovic

Encryption of data both on the device and in transit is key to mobile computing, he said.

By authenticating the factory installed operating system on the device each time it is powered up, the system ensures that security controls cannot be modified or bypassed.

This eliminates the need for any clients on the mobile devices and gives the enterprise complete control over what applications users can run locally or access on the network, he said. Enterprises can also lock and wipe any devices that are lost or stolen.

This approach has earned RIM recognition from several independent rating bodies, including the Chartered Communications Electronics Security Group (CESG) in the UK, which approves technology for use in the public sector.

"The CESG has given the Blackberry smartphone the highest level of approval for a commercial, non-bespoke device," said Patkovic.

On the strength of this rating, he said, one in six members of the UK police use Blackberry smartphones to access work-related e-mails and national police records in the field.

RIM has also proved its ability to scale with its enterprise server software typically handling around 30,000 mobile devices.

"The biggest government customers, however, are able to centrally manage more than 100,000 devices in the field," said Patkovic.

Read more on Mobile hardware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.