It's always nice to see RIM Vice Presidents freely express their thoughts to the BlackBerry community. Micheal K. Brown, the VP of Security Product Management & Research at RIM, did just that. In a recent one on one chat conducted by Luke Reimer of the InsideBB Biz Blog
, Brown discusses mobile applications for enterprise and security. Check out the full chat below:
Hi Michael, thanks for joining me today! In your opinion, to what degree should security be a concern when developers work on creating business apps?
Security is key because it actually enables you to be confident in working with corporate data. When you know that you can rely upon the way data is sent to and from the mobile device and how the data is stored on it, you can let the application access more, process more, and be more powerful in its benefits for a business. So if you choose a platform that is taking care of many of the base security threats, then you’re free to build an even more powerful application.
Will BlackBerry® continue to lead in the area of mobile data security with the upcoming BlackBerry® 10 platform?
From the very beginning, security has been a pillar of how we design and build our enterprise solution, from the handhelds, to the operating system, to the applications. Over the past decade, this has evolved – from our first Mobile Device Management (MDM) controls to let administrators manage the new thing called “mobile”, to more advanced technologies like process separation, stack cookies, and ASLR. We’re very excited to keep pushing the envelope with BlackBerry 10
and do even more! BlackBerry® Balance™
technology is a great example of that continued emphasis on security, and creating a great user experience along with it.
How is the BlackBerry platform unique in helping enterprise developers create secure business applications?
We approach security as key aspect of the entire platform. This end-to-end view makes creating secure business applications that much easier. With BlackBerry transport encryption and MDS-CS
, we give the developer an efficient, always-on, encrypted connection to the application back end in the enterprise. With data at rest encryption and strong cryptographic APIs, we give the developer native methods to protect data stored locally on the device. With the upcoming BlackBerry® Enterprise Service 10
and BlackBerry App World™ for Work
, developers know that the administrator can easily push an application to all appropriate users. In our developer documentation
, we give developers tips on how to write secure code within the Native SDK. And with our emphasis on Security Certifications
, the developer knows that they can focus on selling the virtues of their app to the customer, and not have to worry about convincing the customer on the security of the platform.
Do you see BYOD as a threat to the security of enterprise data? How can this be handled?
Bring Your Own Device (BYOD) provides a great opportunity for an enterprise in that it helps push the benefits of mobility to its user base. The challenge is in enabling employee choice without compromising the security of corporate data and driving up support costs through complexity of administration. ThroughBlackBerry® Mobile Fusion
and the upcoming BlackBerry Enterprise Service 10, administrators can manage the complexity of the entire mobile deployment – BlackBerry smartphones
, BlackBerry® PlayBook™
tablets, iOS®, and Android™ – through a single console. And with BlackBerry Balance
technology, they can provide BlackBerry device users with a best of both worlds in a BYOD solution – strong separation of personal and corporate data but a unified experience
for the employee on a single device.
In your involvement with security research, can you highlight any interesting and relevant trends that you’re seeing in terms of security and enterprise apps?
The joy of focusing on the field of security is that it is constantly changing and evolving. We have the merging of traditional desktop computer threats along with the new threats from the more uniquely mobile arena, such as location-based services and cellular radios. An interesting trend right now is around NFC usage. Most often NFC is considered as a credit or debit card replacement, but where it is also coming up is in Physical Access Control – for example, the work we have been doing with HID
. Using my BlackBerry smartphone to open a door is hugely powerful, especially since that means you can remotely manage my access card!