How BlackBerry holds onto government users

Despite competition nibbling away at its market share, BlackBerry maker Research In Motion continues to dominate a major chunk of the federal mobile device market, particularly because of BlackBerry's built-in security features. But to remain relevant in a quickly changing market, the company is also deploying its own multiplatform management services.

RIM has encountered increased pressure from Android and Apple-based platforms in recent years, but what distinguishes BlackBerry devices from the competition is their inherent security — a key factor in government, said Scott Totzke, RIM's senior vice president for BlackBerry security, in an interview with GCN.

He said RIM has invested in protecting customer data from the beginning. “It’s been a tenet since the day we started,” he said.

Related stories:

BlackBerry’s new enterprise system supports iPhones, Androids

DOD still has a penchant for BlackBerry 7 devices

RIM is involved in mobile device trends, such as bring-your-own-device (to-work) efforts. The company has been a strong advocate for standardization and certification, two things that help the BYOD process, Totzke said. He added that standardization and formal certifications for consumer and federal markets is an important issue that is also good for industry.

One of the challenges facing BYOD programs is both the large number of vendors and the inconsistent level of mobile security across all of the vendors. Totzke is concerned that in the absence of a firm set of standards “security becomes a race to the bottom.” This lowest-common-denominator approach is a major challenge in federal markets, he said.

Besides security, there are governance and legal issues that federal BYOD programs must consider. For example, what if an organization needs to seize a user’s personal device for an internal investigation? “The policy and governance models we have from a legal standpoint are not keeping pace with the rapid change of technology,” he said.

RIM also is joining the rest of the mobile industry in the move toward cross-platform, multidevice environments with the release of its Mobile Fusion device-management software. But there are aspects of multi-platform operation that worry Totzke. One major issue is the potential for cross-platform vulnerability as the industry moves toward operating systems and browsers based on open-source software such as WebKit.
 
Previously, Totzke said, vendors had very distinct architectures, which meant that attacks were focused on those specific platforms. Because mobile device-makers are using similar systems, they are beginning to coordinate product releases to match software upgrades.

The security implication is that it is now possible for a cross-platform piece of code to be exploited, jumping from a Windows desktop computer to an iPad to an Android smart phone because there is so much shared data. Totzke said RIM has worked to compartmentalize WebKit and sandbox the browser to reduce the potential for attacks.

Another issue is security policy, especially regarding applications. Federal agencies are concerned about third-party applications, especially those that report user location and other data. Totzke said that, compared to the rest of the industry, RIM has been a bit late in releasing new applications and services because it wanted to understand what to provide its customers from a security and manageability perspective.

When RIM introduced location information, he said, the company left it up to the user whether to activate or not, as opposed to an organization’s IT group. Another question RIM has struggled with is how to provide information to non-technical users for their informed consent. Even technically adept users sometimes struggle with the number of options available to them, he said, adding that BlackBerry user prompts have evolved away from very technical queries to simple questions about activating an application.

“The human element continues to be a big challenge,” he said. “Technology is not a panacea — we can’t solve all the problems. We can try to communicate them better, we can try to contextualize them, but at the end of the day, somebody’s got to make a decision ‘yes or no — I want to do this,’ and I think the best we can do is make them do that with as much information that’s as clear and concise as possible.”

Despite security concerns and increased competition, Totzke said he’s confident about RIM’s business model and its market share in the federal sector. He maintained that the company’s government market has been very stable, with more than 1 million customers in North America. “In a time when government payrolls and budgets are declining, our business is stable,” he said.

An important part of this stability comes from RIM’s emphasis on security and its close work with its government customers, Totzke said. He noted that RIM has worked with the Defense Department to revise its policies to allow third-party applications to run on BlackBerry devices. DOD recently approved the acquisition of BlackBerry 7 devices for its personnel. RIM also enjoys a strong product refresh rate in the government, with more than 400,000 BlackBerry devices upgraded over the last year, he said.