BlackBerry

The only surprise in this week's announcement that BlackBerry is getting out of the hardware business is that it took this long. CEO John Chen has been hinting broadly for two years that this would happen, and the parade of unsuccessful Android smartphones that followed the parade of unsuccessful BlackBerry 10 OS smartphones pointed in only one direction: the death of hardware.

But BlackBerry was and is not simply a hardware company. Chen has spent considerable effort to transform it into a software company focused mainly on mobile security tools, but also a little on communications tools. Today, BlackBerry has a grab bag of technologies it's acquired to stake out that software claim.

[ InfoWorld's deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | InfoWorld's Mobile Security Deep Dive: Download it today in your choice of PDF or ePub editions! ]

Here's which ones should matter to you and which ones shouldn't.

Good Secure EMM suites

IT has long known and used BlackBerry Enterprise Server (BES), which was renamed BlackBerry Enterprise Service when it was expanded to support iOS and Android in 2012 through the 2011 acquisition of Ubitexx. BES is now a component in the Good Secure EMM Suites, for which most of its components were obtained through another acquisition: Good Technology, in 2015.

Good is the sole significant survivor of the original, pre-iPhone enterprise mobility management (EMM) providers. Today, newcomers like MobileIron and AirWatch (bought by VMware a few years back) dominate the market, and Microsoft is trying to muscle in with its Enterprise Management Service product suite.

Like MobileIron and AirWatch, Good's suites support iOS, Android, Windows 10, and MacOS for what's called omnidevice management. Good also provides the option of wrapping custom applications with its proprietary APIs via the Good Dynamics tools to add security features not natively supported by the iOS and Android APIs; MobileIron and AirWatch offer similar mobile management extensions. And like MobileIron and AirWatch, the Good suites tie into identity management systems -- an essential connection for users entrusted with sensitive corporate data and workflows on both mobile and desktop devices.

Good has a long history in IT, and it remains a real contender for your EMM platform, especially if you've already invested in its tools.

WatchDox

There's a lot of noise lately around document management on mobile devices. Microsoft has one approach for Office 365, Apple has one for e-books in iOS, and every cloud storage vendor has tools to manage document access across devices.

WatchDox, purchased by BlackBerry in 2015, takes a heavy-handed approach, adding digital rights management to files to ensure they can be read and edited only by authorized users. That makes sense for truly critical documents, but it means your people are restricted to using only WatchDox apps for that content -- which may or may not make sense for specific documents and workflows.

WorkLife

Part of the Good product set BlackBerry acquired, this split-billing component tracks cellular data usage by Good Dynamics apps. Ostensibly, it helps IT manage cellular data costs in BYOD scenarios, but in practice, it does not.

That's because users work with many other off-the-shelf apps that don't call the proprietary Dynamics APIs, so their data usage isn't tracked. Besides, if you provide a fixed reimbursement for work use of BYOD items, there's no need to track cellular data for each person to figure out the relative billing balance.

AtHoc

Based on a 2015 acquisition, the AtHoc platform lets you manage crisis communications, such as sending automated messages to staff and others in case of a natural disaster, an unexpected building closure, a mass shooting, or even a meeting delay. AtHoc has no strong relationship to other BlackBerry services, so any decision around its use need not factor other BlackBerry relationships.

Secure messaging: SecuSmart and BBM Secure

BlackBerry bought SecuSmart in 2014 to offer encryption-secured calls and text messaging for Android and iOS smartphones. This was back when former NSA contractor Edward Snowden revealed the U.S. government was snooping on foreign leaders' calls, and governments started seeking a way to block the NSA.

SecuSmart works only on smartphones. Its text-messaging encryption is tied to a mobile phone number, so tablet-based messaging is protected only if it goes through a protected smartphone, such as if an iPad user is using Handoff to text via his or her iPhone.

BlackBerry also offers BBM Secure, which protects text messages on Android and iOS smartphones via the BlackBerry Messenger app. Its capabilities are similar to those of SecuSmart, and it's unclear why BlackBerry offers both options.

Again, note the limitation to smartphones. If you want to secure text messaging across all user devices, look elsewhere.

BlackBerry Messenger

Available for Android and iOS devices for several years now, BBM sought to take advantage of the popularity of the BlackBerry phone's beloved messaging service. It works OK, but if you have multiple devices, it's a pain to use because only one device can be active at a time -- not a restriction on the many other messaging apps available today. Plus, there's no desktop client.

If your concern is privacy, I'd go with Snowden's recommended Signal app instead, from Open Whisper Systems. If you want a great messaging app across all popular devices with good support for voice, text, and video, Signal fits the bill nicely, too.

Dtek for Android

Available for a small number of Android devices, Dtek lets users see what data various apps are monitoring and manage the permissions for each app. That sounds great, until you realize Android Marshmallow (and Nougat) does that natively, with no app needed. In iOS, of course, Apple has long provided this visibility and the controls over apps' use of your data.

BlackBerry Hub for Android

One of the few features in the BlackBerry 10 OS that users liked, the Hub is a central communications zone so that you don't have to switch among apps to handle your various communications channels. I found it overwhelming, but many others really like the Hub.

It's available for Android Marshmallow and later devices; an iOS version is supposedly in the works. BlackBerry Hub is certainly worth a try if you like the idea of a communications hub on your mobile device.

Miscellaneous Android apps

BlackBerry has made some features from its Priv and Dtek Android phones available to other Android devices (not to iOS). If you're the kind of person who likes to use a third-party app rather than the native clients, check them out at the Google Play Store (search for "BlackBerry").

In addition to the Dtek, BBM, and Hub apps already mentioned, the apps compatible with many Android devices include BlackBerry Contacts, BlackBerry Calendar, Tasks by BlackBerry, Notes by BlackBerry, BlackBerry Password Keeper, and BlackBerry Device Search.

Your guess is good as mine as to how long BlackBerry will continue to develop and support these apps.


InfoWorld Security

BlackBerry and mobile security firm Zimperium have announced that Zimperium's zIPS threat protection system now integrates with the Blackberry EMM, which comprises Good Technology and BES12 enterprise mobile management systems (EMMs).

Because EMMs do not generally include protection against malware and hacker threats, users typically require a separate threat protection system to run with the mobility management system.

Following BlackBerry's purchase of Good Technology and Watchdox , "This is part of a continuing drive for us to provide a complete security solution for the mobile ecosphere," BlackBerry's CSO David Kleidermacher told SecurityWeek. "We do not believe that enterprises should have to shop around for bits and pieces of the solution, but should be able to come to a single supplier for a complete integrated solution."

zIPS is a behavioral analysis system. "We look at three areas," said John Michelsen, Zimperium's Chief Product Officer: "the device, the network, and the applications that run on the device." zIPS continuously monitors for aberrant behavior. "We're checking to see if there has been any exploitation or device tampering; whether there is a network attack in progress such as a man-in-the-middle attack or problems with SSL; or whether there is any malicious activity from any of the apps."

The process is 99% about behavior. "We're the only vendor in mobile," claimed Michelsen, "that had already discovered, had already detected, every fundamental device exploit -- whether it came over Safari payload in iOS, like Trident/Pegasus did; or whether it was StageFright, which was exploited by a maliciously crafted multi-media file sent to an Android device; or malicious apps that download and detonate on the device -- we are the only software that could detect every one of those before they were identified and disclosed."

But being able to detect malicious behavior does not in itself protect against that behavior. Consider ransomware -- detecting the encryption process and determining it is malicious is not enough; the process needs to be stopped immediately. While zIPS itself is primarily behavioral analysis, "There are a number of things we can do on the device immediately," said Michelsen. "We have a cloud-based configuration system called zConsole." It provides security teams with visibility across all devices; and it is where the admin defines what he wants zIPS to do in the event of bad behavior. 

"In many cases," he continued, "we have the ability to do lots of good things without any help from third party software. But it's not complete -- especially in the enterprise context." Here the enterprise will have sensitive data on the users' phones, including company information, company apps and company connectivity. Depending on what activity zIPS detects, the enterprise might for example want to remove the user's entitlement to SharePoint because the hacker could use the phone to read the entire SharePoint repository that the user is able to access. 

"So one of the things the enterprise will want to do that we cannot do ourselves is remove that entitlement. That's why," he added, "we integrate with the EMMs like BlackBerry, and why we integrate to ecosystems like Good. Good gives us the integration between the zIPS app and the Good Technology platform that allows us to trigger remediation immediately in the Good ecosystem."

zIPS has support for all of the major EMMs. The primary ones, said Michelsen, "are BES, AirWatch, Citrix and MobileIron -- with Microsoft improving." The advantage of working with BlackBerry is the market range it covers. "Good itself is not a management system per se," he added: "it's a containerization system." This is particularly attractive to companies that get privacy push back from staff -- Good co-exists on the user's device rather than takes over the management of that device. BES is more of an EMM. Customers, however, can have Good or BES; or both -- and zIPS integrates with whichever configuration.

Gartner recently rated BlackBerry as a top EMM solution currently available. If BlackBerry without zIPS was good, BlackBerry with zIPS is even stronger.

view counter

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Previous Columns by Kevin Townsend:

Tags:


SecurityWeek RSS Feed