Forgot your password?

RIM Working On Securing Shared Work/Personal Use of BlackBerrys

failing_back_to_square_one I think RIM has a interesting concept with trying to segregate work and personal use of employee owned/liable BlackBerry devices. The thing is I don’t see a huge market for it so I am not sure why they are spending time on it… In a nutshell RIM is trying to make the restrictive policies of a BES coexist with the simple security suggestions/policies on consumer BlackBerrys. For example, a company would not want you to be able to take a corporate email and forward it out as a tweet or upload a slide screenshot.

The problem is that I don’t see how this will work. It might work for very lax companies that are allowing employee liable devices but those companies tend to have little to no security or IT policies and requirements in the first place. The other problem is that most companies can care less if employees can use their BlackBerrys for personal use… The only way I can see this working is if RIM comes up with a way to virtualize two distinct BlackBerry OS instances on one device.

Let me give you a two examples:

  • Company A blocks all third party application installations on their BES. This way they know that no third party application can access sensitive information like contacts, calendar, email, internal corporate network, and more. How would this coexist with RIM trying to allow employees to run personal apps.
  • Say Company B blocks employee devices from using personal email accounts. Unless RIM can make two totally separate OS instances then there would be no way to clearly separate the two since there are multiple different ways that information could be accessed.

The main problems RIM is going to run into are:

  • Companies do not want to have to support employee owned devices
  • Employees will not want to have their devices locked down if they are paying for them
  • Employers usually care less if their employees are having fun with their devices
  • Most companies that apply security IT Policies are not the type of companies that would allow employee owned devices. For example, a financial or legal firm must lock down these devices tight and they gain nothing from allowing employees to play on their devices other than introducing risk.

What I think RIM should really do is just build in ActiveSync support natively into the BlackBerry OS or better yet just make BIS work with ActiveSync. That way employees can access their work email, contacts, calendar, notes, & tasks from their BlackBerry and companies do not have to deploy their own BES. This would alleviate most of the pain users have with connecting to a work BES especially a companies that would even consider allowing employee liable devices.

What do you think? Is RIM trying to solve a real valuable problem or are they developing a solution with very little in terms of a target market?

7 total comments on this postSubmit your comment!
  1. You are so wrong on this post.

    More and more companies are moving towards device agnostic solutions.

    There is no incentive for our firm to purchase ATT BB’s but rather let the lawyer’s go out and get their device of choice and we just activate it on our BES. This way they can use their family plans and choose which BB they want.

    We are looking into allowing iPhones, Android devices, and WinMo devices access to our Exchange server. But opening up IIS (SSL) is a bit scary to us without using RSA tokens. We are looking into this solution for those who wish to use non BB devices.

    There are products such as Good who makes a “BES like” server that pushes our Exchange email/cal to devices. They do this via an app so we don’t have to worry about the end-user’s device. Good installs an App and has full control (w/ password) over that app. So if the user loses their phone Good can remove the app remotely.

    This is a very simple solution and doesn’t require IT to do much more then set them up on the Good server. Good sends the user an email with a link to the app and their activation pw. Now the user has an app to get their corp email.

    Hardcore BB users will stick with a pure BB solution but the casual email user should like the app solution. With iOS4 and multi-tasking should make this work much better as the old iPhone OS only allowed for push notifications–ugh.

    • Hi Netposer,
      It seems like we both agree. What good does in their app is essentially virtualize the core features of a smartphone like email, calendar, contacts, etc into an app. It is similar to what ActiveBerry does now with activesync just with more separation.
      The thing is that these companies looking for device agnostic or other solutions are not the ones that have IT Policies that do not allow the installation of other applications or limit social networking apps. For example, practically every law firm of medium to large sizes locks their BlackBerrys down like crazy not allowing anything to be installed since they don’t want to risk client data at all. Why would such a company be looking for a way to make a work device more “non-work” friendly? What incentive is there?

      • Totally disagree with your position as well. My 1000+ employer (also a law firm) requires us to obtain our own smartphones (either BB or iPhone) and activates them on the BES. While the firm applies its security policy to our devices, it is not so restrictive that I cannot also use the device for personal purposes (including downloading myriad third-party applications). As I understand it, this is not uncommon among law firms now.

        I would love to separate at least some of the work functions from the personal functions.

  2. Forget Activesync :). There is SyncML and IMAP. It works fine and is not promoted by just one single company. If done right, a sync app could sync different device accounts to different servers.
    More and more people would love to be able to manage all their “lives” on one device, but it’s impossible to do with the current Blackberry devices. There is always something missing.

    • RIM has even added some SyncML support for MDeamon in version 3.1 of BIS the problem is that many services like Exchange Webmail and Google Apps do not support SyncML. That means that even if RIM added it they would not gain much… On the other hand both Google Apps, Gmail, and Exchange support ActiveSync already so the only missing piece in the equation is RIM.
      I know that more and more people would love to have one device but why would a company care? Think about it. If you were a traveling salesman and your company gave you a BlackBerry to access an internal application or database what incentive do they have to make that device more “fun.”

      Even if they did not give you a device and you wanted to bring your own most companies would either allow you to or not. If they already have strict policies like not allowing to install 3rd party apps there is no way they would be lenient enough to allow you to bring your own device.

      • Since RIM supports MS Exchange Server with their BES, EAS (Exchange ActiveSync) is not too far away from that. I can see that happening soon, although I am not a big fan of proprietary implementations. Microsoft is never looking to establish standards but rather to establish controls.

        SyncML looks rather promising but needs the weight of some big pushers like Google.

  3. Ronen, I think RIM has to react to those looking to using personal smartphones but in a more secure manner. Obviously, a BES and enterprise model with corporate-owned handhelds is best, but smaller companies want options and RIM is trying to address those by creating another niche: a fairly secure environment using personal devices.

    I agree that no company should allow personal devices to handle their important corporate data or access to their corporate network; however, this is a perfect scenario and principle that few companies follow. Workers often take home corporate docs to work on their own PCs and laptops. The same holds true to smartphones where folks want to use iPhones and Androids, and those are the same IT folks controlling the BES. They’re the ones asking to a reduction in security policies to allow their Androids and iPhones. Some folks in upper management also want their special apps so they’re also begging to install them.

    I say, if you want these apps, get your own device. I don’t care if you have to carry two devices, there should be a separation between work and personal stuff… but that’s just me.

    Unfortunately, the business model is changing and RIM can no longer expect to win this battle for control of the handheld when even the IT department and upper management want a lot of freedom. Of course, these folks aren’t looking at the company’s best interests but their own personal needs, and they’re putting their own needs ahead of that of their company. Company loyalty these days is abismal with all the layoffs we’ve been seeing the last couple of decades, so many people are being sympathetic with employees feeling the need to protect their interests.

    Just look at how many people hate BES, but then they’re just bashing RIM unfairly because RIM is providing an essential service for the corporate market where that kind of security is essential. Most people put everything on facebook and use their son’s name as their password — they just don’t care. Frankly, those people won’t care to protect important corporate secrets either — I won’t hire them.

    Essentially, there are just two different mindsets. Those who treat things belonging to others with respect and those who could care less.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC