Interview: BlackBerry Regional Director of Security, Nader Henein, spills all
If you ever lost your phone, you know the feeling for frantic searching as your mind races taking stock of just how many memories in photos you just lost, how many contacts you have and you can’t recall the last time you backed up the phone.
IT administrators in corporate environment live with this anxiety feelings constantly. It is just a matter of time before someone walks into your office saying they just lost their phone losing all those company emails, documents, business contacts and any corporate network access. The loss of this sensitive company information is not just a pain, but is a real issue for companies – especially those companies that are in industries that are heavily regulated.
It would seem that IT administrators have an impossible job. They have to keep giving users mobile freedom to play Flappy Bird and still retain control over company data.
Over the years I have been following the evolution of BlackBerry’s enterprise solution. This is what BlackBerry is known for and this is BlackBerry’s focus for the future. So I grabbed the opportunity to meet with Mr. Nader Henein, BlackBerry’ Regional Director of Advance Security Solutions, Advisory Division to discuss Blackberry’s vision into enterprise security.
BlackBerry does not compromise
With the move towards smartphones, I asked how does a company balance the user’s needs to play Flappy Birds and at the same time access sensitive company information? Mr. Henein explained that “We built BlackBerry on two fundamentals: No compromise on security and no compromise on user experience”. This has lead to the birth of Blackberry’s Enterprise Service with its Balance feature.
Balance is the ability to separate the Personal life (games, apps, internet, emails etc.) from Work life (work apps, documents, contacts, emails etc.). It is like running two separates phones where data can not be transferred between the two world. However, unlike competitors, BlackBerry has built its operating system with security in mind from the ground up which allows for certain applications to straddle both worlds where is makes sense. For example: competitors will have a work calendar and personal calendar. This makes it impractical to schedule a meeting as you have to check both calendars to know if you are free. BlackBerry’s solution is to have the “busy” marked out in the calendars so you have to check just one. The same applies to the BlackBerry hub where you can check your work mail and your personal mails in one location and yet still maintain safety between the two worlds. You can not copy info from Work to Personal and visa versa.
In other words, Balance allows the enterprise to control applications. Users can still have the freedom to play games and still not run the risk of having the company info unknowingly sent to third party.
WhatsApp breaks POPI
When it comes to security, the scary-catch phrase is “malware” – some rouge software that invades your phone typically via an app. However, even legitimate applications can be an issue for a corporate who legally has to be POPI compliant (Protection of Personal Information Act). The POPI act says that no information may be saved on a third party server without the user’s consent. If you have some business contacts on your phone and you install a legitimate app like WhatsApp, you have just broken the POPI law. Why ? WhatsApp is a legitimate application and for WhatsApp to work it needs to take your address book, upload it their servers so it can match your contact’s phone numbers with its registered as users. This means that a copy of your address book, is now sitting on a third party’s server without your customer’s consent. With BlackBerry’s services, work contacts are separated from personal contact so this scenario does not happen. Using a service like Possible Now can help to ensure you are not violating customer consent.
Wiping a BlackBerry is a time bomb
BlackBerry’s Enterprise Service is 7 times larger than it nearest rival with over 30 000 installs around the world and therefore it has recognised that no one organisation is able to fully dictate to its staff which devices to use. The Bring Your Own Device to work is a trend that is here to stay. Therefore as part of the BES, BlackBerry has a Mobile Device Management (MDM) system that not only manages BlackBerry devices in the organisation but also manages Android and iOS devices too. It will soon manage Windows Mobile devices as well.
Part of the MDM is the ability to remotely wipe devices in the event that phones are lost or stolen in order to protect the company’s information. I asked Mr. Henein about how secure is this “wipe feature”. Techies know that when you delete something from your computer, it is not deleted – just inaccessible. However, by running a recovery software, a techie is able to retrieve the “deleted” data. Can one do the same off a deleted BlackBerry phone ? Mr. Henein confirmed that BlackBerry uses a method to ensure that this is not possible. When the Wipe command is issued to the phone, the data is deleted on the hard drive and then it is overwritten multiple times with 0 and 1 combinations so making a retrieval of the original file impossible.
BlackBerry has taken this one step further. With phones that are stolen, typically the first thing the thief does is remove the SIM card and disconnects any network or mobile access. This allows the thief time to go through the phone undetected as the phone is untraceable. BlackBerry has built in a time-bomb. In the event that phone does not make contact with the authorised company network within X number of days, the phone will automatically reset itself to factory defaults wiping all the information off the device. This is a setting the network administrator sets which obviously can be overridden by him/ her if someone is on holiday or on extended leave. This feature is also available to Android and iOS devices too.
Encrypted Instant Messaging
Thinking of the Oscar Pistorius case where WhatsApp messages were read out in court, I questioned about BBM and its security. Mr Henein replied that BlackBerry doesn’t keep any messages so that even if they are presented with a warrant to hand over correspondence, they can not. Even if the cellular operators tried to keep any records, these would be highly encrypted. BlackBerry is even expanding BBM to the enterprise with the eBBM Suite. One of the initial products in the suite is BBM Protected which provides enterprise messaging with end-to-end encryption of message. It also has the ability to separate non work BBM contacts so again there is no cross over of personal and work space.
So in summary:
Enterprise solutions is what BlackBerry does and does well. They have the years of experience, with corporates and governments around the globe who trust their systems and communications to BlackBerry’s platform. Whilst competitors have their own suite of products, these will always be bolt-on to the underlying operating system and are currently fragmented.
I equate it to baking a cake. BlackBerry bakes the cake from scratch incorporating all the ingredients to form the final secure product and yummy product. Competitors are trying to add onto the cake after its been cooked.
Personal Data security protection is critical and will only continue to be more so as we move more of our lives online. Enterprises need to be very conscious of how much of our personal data they are putting at risk with unencrypted devices. And the risk they are facing by doing so.