Blackberry - A smart phone made by a dumb company.
BlackBerry Work Space is now available for iOS and Android, creating a secure container (under your own BOFH's control, natch) on devices owned by employees. That container houses a web browser, intended for Intranet access, and clients for email, calendar and task management. All of these are partitioned from the local OS to …
A smart company
I think this is a very clever move.
They've lost the handset (OS) war but they retain their unique selling point - secure business comms.
By giving away clients for other operating systems for free they can keep their core business and flog BES licenses. Very well played.
Re: A smart company
Their unique selling point - secure business comms? Didn't they give that away when they started handing out decryption keys out to every public servant that shuffled towards them wearing an angry face? Their actions following the last major lot of UK riots further highlighted their willingness to sacrifice customers security if they thought there might be a pat on the head in it. Sorry RIM, say hello to Odin for us when you get to the great hall. Lets hope Odin doesn't look like Steve (either of them).
I've said it before, I'll say it again
Novell came up with a similar idea when MS started to eat all their file server business. Novell's security was way better than MS so they were able to combine the two.
Worked really well, then MS caught up. End of Novell.
Except that nobody cares any more. IT departments are not "allowing" users to bring their own devices--the practice was imposed on them, due to executive and business pressures, in spite of their policies.
I really doubt that enterprises are now going to seriously entertain going back to some limited functionality, encompassed in some alien platform interface, for the sake of some purported security benefit. Especially on iOS devices.
Until somebody leaks something, and everything gets locked down again. This sounds like it might be a reasonable compromise between what people want and what corporate IT is prepared to provide.
In your office maybe.
But, there are many businesses where security is important. I know of design firms where engineers have two computers on their desktop - the one that is allowed to access the Internet and the one where they do all their work designing ships, oil rigs, etc. If that is their PC policy there is no way they allow any old iDevice access to anything. Perhaps with something like this from Blackberry they might.
Re:due to executive and business pressures
Read "I need to impress the other CEOs by being able to carry the same phone Jay Leno does. Screw our business security and continuity plans."
I do support work in a US government agency that tossed BBs for iPhones. Because somewhere or other there's a law about it, the phones need to be secure. So they are encrypted. But we aren't allowed to have iTunes on computers. So they can be a PITA to activate. And they have to be password protected. And we have to disable the ability of users to buy and install apps. But we don't have the expense of the BES servers.
So what do we gain? At least one user a month (out of 200 or so) calling to ask us for a password reset because they can't remember what they changed it to. Sure it was a pain to get that reset on the BES. But at least I could do it. Now they have to put in the wrong password 10 times, then let the phone wipe itself and turn it back to us to be provisioned again.
iPhones for government was a bad idea that isn't going to get any better. I imagine that's true for most companies as well.
does this come bundled in as part of the Blackberry license that we already pay for BES? or is it a bolt-on feature? because, we already pay for a Good license so that we can read our emails securely on Android and iOS. so if the cost is included, then we could make a saving by rolling this out
As I understand it, yes, this is included. Need to upgrade to BES 10.1 (free client access license upgrades for any BB devices upgraded to BB10 before end of year), and would need CALs for IOS/Android devices added as per your bulk discount rate.
chroot? (FreeBSD) jail?
Are BB marketing something different?
Organizations who require their BYOD users access company intranet and e-mail with their personal devices, could find this useful, but only if the company is willing to buy this BES 10 Server. At this point, there are plenty of companies who allow their employees to access intranet sites with username and password, as well as Exchange E-mail accounts without using any BES Server. So a needs assessment may be done by some companies to determine if these BES secure services are needed.
"At this point, there are plenty of companies who allow their employees to access intranet sites with username and password, as well as Exchange E-mail accounts without using any BES Server.
Well yes, except that giving a user unfettered access to company Exchange servers is just asking for sensitive company data to find its way out, nasty stuff to find its way in, and is generally perceived to be a Bad Idea (if the company cares about its data). Imagine a jail broken Android mobile stuffed to the gunwales with malware connecting to your company's servers - sounds like a bad idea don't you think? How do you prevent the company's entire CRM contact list being nicked by a piece of nosey malware?
What BlackBerry are offering is a means for the company sys admin to have some control over user devices to protect their company's data. Think of it as being like a Domain Controller, but for mobiles. BlackBerry are betting on companies wanting that sort of reassurance, just like they did for desktops.
I suspect that it's quite common for companies to not care that much and, as you point out, just let their users connect anyway. Thing is, with that sort of approach there is no problem at all right up until that crucial piece of company data gets swiped. At that point the company's opinion as to whether their security measures are adequate may now be irrelevant, because they may be about to fold. They can then contemplate the meaning of 'hindsight' at leisure...
And to reinforce the point - how many security snafus have happened right after some sys admin said "Nah, it'll never happen to us...".
I once worked as a Network Support Analyst for an insurance company who's idea of "antivirus protection" was installing a local client on each PC, updating them all manually, and being quite surprised when viruses made their way in via e-mail. At first, they thought the suggestion of running antivirus from the server was crazy. That thought process changed after viruses made their way in via e-mail attachments.
I understand how this BES 10.1 security works and am certainly not against it. It's something I would advocate to a company I worked for. Unfortunately, not everyone in IT at companies is as serious about network security as you are and I am. I've been called paranoid about network security until problems occur and people realize I'm not paranoid. Network security is a serious issue that should be taken seriously.