With the recent spate of bad news about Blackberry and the prediction from IDC that by 2018 their market share will fall to a mere 0.3% it is unsurprising that several companies are reviewing their phone purchasing policies. The big worry for businesses is security and how they are able to secure Android and iPhones in the same way they used to with their old Blackberry devices.
Simply supplying out of the box iPhones and Android devices will not enable you to match the security you enjoyed with Blackberry however this does not mean it is not possible. In fact the same level of security is available but businesses need to look at augmenting their mobile security by buying Mobile Device Management (MDM), Mobile App Management (MAM) and containerisation solutions for their new phones.
For the purposes of this blog I will primarily compare Blackberry functionality with MaaS360 however Orb Data also consults and supplies other solutions such as IBM Endpoint Manager (IEM) for Mobile Solutions, Cello for Managed Service Providers and Divide.
So let’s look at the advertised Blackberry Enterprise Security features one by one and see how they can be implemented with MaaS360.
Strong IT policy enforcement and management
|A BlackBerry Enterprise Solution administrator can require BlackBerry smartphone users to protect their smartphones with passwords and set policies about the length and complexity of the passwords.
|Of course you will know that if you have a SmartPhone such as an iPhone or an Android device that this is a standard feature. However as a business the issue is not whether you can set this but whether it can be enforced. The answer to this is yes using an MDM solution. For example MaaS360 can enforce a policy which defines Passcode Quality (or type), length, maximum age, passcode history and the number of failed attempts before the data is wiped.
|Local encryption of all data (messages, address book entries, calendar entries, memos and tasks) can also be enforced via IT policy.
|Storage on an Android device can be encrypted but only if the device supports this option. On iOS there is no option to encrypt the device, only the profiles that you deliver to the device can be encrypted. However MaaS360 Secure Mail leverages FIPS 140-2 compliant, AES-256 encryption for iOS, Android and Windows Phone devices to deliver an office productivity app with email, calendar and contacts to allow employees to securely collaborate with colleagues while preserving the mobile experience on their corporate or personal devices. Through authentication and authorization, only approved, valid users can access sensitive emails and data. With policies to control the flow of data, you can restrict sharing by users, forwarding of attachments and copying and pasting. In addition devices that are lost, stolen or compromised can be selectively wiped to remove the secure email container, all attachments and profiles.
|System administrators can create and send wireless commands to remotely change BlackBerry smartphone passwords and lock or delete information from lost or stolen BlackBerry smartphones.
|Within the Device View of MaaS360 MDM, an administrator can look up and retrieve smartphone information and then run several device actions. For example some common device actions include:
- Device lock based on your corporate mobile polices
- Full and selective remote wipes for lost, stolen or jailbroken/rooted devices
- Change policies in seconds for varying user levels
- Distribute apps, documents and other features without ever touching the device
|BlackBerry Balance technology enables you to wipe all information or just work information on BlackBerry devices remotely. Therefore if an employee using a personally-owned BlackBerry device leaves, an administrator can remotely wipe business information from the device or if a device is lost or stolen, the administrator can wipe all information from the device to help prevent sensitive information from falling into the wrong hands.
|MaaS360 can also protect corporate data quickly and simply when a mobile device has been lost or stolen. It can also selectively remote wipe only corporate data from the device (Android and Apple iOS only) and fully remote wipe a mobile devices back to its factory settings.
Secure browser connections
|The BlackBerry MDS Connection Service permits BlackBerry smartphone users to access web content, the Internet or your organisation’s intranet. It also permits smartphone apps to connect to your organization’s application servers or content servers to retrieve data and updates. It authenticates with Microsoft® Active Directory® on behalf of users, verifies the users’ identities and retrieves the resource on behalf of the users.
|MaaS360 offers similar protection via a Secure Browser that protects data and increases productivity by securing and controlling access to corporate intranet sites and public websites for iOS, Android and Windows Phone devices. With customized blocking, kiosk mode, real-time notification, exception and reporting options, it reduces the vulnerability devices have to risky websites that may contain malware, violate HR policies or simply waste users’ precious time.
Application access controls
|BlackBerry smartphone apps require developers to sign and register their applications with Research In Motion (RIM). This adds protection by providing a greater degree of control and predictability to the loading and behavior of apps on BlackBerry smartphones.
|MaaS360 simplifies mobile application management by delivering an easy-to-use enterprise app catalog with full security & operational lifecycle management of apps.
- Enterprise Application Catalog – An intuitive, customizable enterprise app catalog for iOS & Android devices.
- Mobile Application Lifecycle Management – A platform to distribute, update, manage & secure both public & enterprise mobile apps.
- MaaS360 Mobile Application Security – A mobile application container for enterprise apps with full security management.
- Mobile Application Compliance & Enforcement – Security policies to blacklist, whitelist & require apps. Automated enforcement rules to alert administrators, block email, restrict network resources & perform remote wipes.
- MaaS360 App Cloud – An option to host & distribute your enterprise mobile apps on a globally optimized app distribution network.
Manage work and personal data in a simple, secure way
|Apps and data that are sent by your organization to BlackBerry devices it manages are restricted from being accessed by personal apps. This helps ensure work information is kept separate and secure. So users’ personal apps can’t access work information, and work information can’t be copied and pasted into personal apps or email messages.
|MaaS360 Secure Productivity Suite is an app that separates a user’s work in one secure environment. They can manage email, contacts, calendars, enterprise applications and the Web from an isolated workspace on their mobile devices.The app can be configured with policies to control the movement of data, data sharing, forwarding of attachments, and copying and pasting. This also allows devices that are lost, stolen or compromised to be selectively wiped to remove corporate data.
End-to-end data encryption
|The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES), for all data transmitted between the BlackBerry® Enterprise Service 10 and BlackBerry smartphones. Data sent to the BlackBerry smartphone is encrypted by the BlackBerry® Enterprise Service 10 using a key retrieved from the user’s mailbox. The encrypted information travels securely across the network to the smartphone where it’s decrypted using the key stored on the smartphone. Data remains encrypted in transit and is never decrypted outside of the corporate firewall.
|MaaS360 Mobile Enterprise Gateway enables collaboration while securing your content with authorization, encryption and containerization policies. The data is secured in FIPS 140-2 compliant, AES 256 encrypted container with data leak prevention (DLP) controls. Its key benefits are:
- Enable secure mobile access to corporate data without device VPN
- Mobilize SharePoint, Windows File Share and all of your Intranet sites
- Leverage in-app VPN tunnels to your enterprise systems
- Collaborate anytime, from anywhere
- Protect sensitive corporate data with robust security policies, including authorization, encryption and data leak prevention (DLP) controls
- Provide access without requiring changes to your network or firewall security configuration
This blog shows that changing provider from Blackberry need not mean losing the security features that you rely on and that Blackberry has built its user base upon. Therefore if you are thinking of moving from Blackberry to other devices or even implementing a BYOD scheme then give us a call and we can help with your project whether it be choosing a vendor or writing a policy.
If you would like to trial MaaS360 then click here.