What is RIM's 4-Point Focus on Security?
For many organizations, wireless access to information is mission critical. In this article, Scott Totzke, Vice President, Global Security Group at Research In Motion (RIM), sheds some light on RIM's four-point focus on security. Included is a look at RIM's approach to data confidentiality, IT policy, standards and independent verification.
We also take a look at the BlackBerry® Smart Card Reader, RIM's solution for bringing two-factor authentication to mobile users, currently deployed within the U.S. Department of Defense.
4-POINT FOCUS ON SECURITY
"Security has always been one of the pillars of the BlackBerry® Enterprise Solution and it's something we decided from the very beginning would be an integral part of the architecture," explains Scott Totzke, Vice President, Global Security Group at Research In Motion (RIM).
"In essence," says Totzke, "it provides a simple, easy to use, end-to-end solution with a strong security model."
RIM's focus on providing products and services that meet strict security requirements, is what makes the BlackBerry® solution such a popular choice among security conscious organizations like the U.S. Department of Defense.
As Totzke points out, saying "Communications between the BlackBerry device and the BlackBerry® Enterprise Server take place via secure and authenticated connections. This built-in approach means IT Administrators don't have to worry about evaluating and integrating third party security applications."
According to Totzke, BlackBerry security encompasses four key areas of focus, explained here:
- Data Confidentiality: The BlackBerry solution is designed to ensure data confidentiality. Protecting email or application data transmitted between the enterprise and a BlackBerry device is different than protecting data transmitted over a wired connection between a laptop and the enterprise.
The level of encryption must be very strong, so the BlackBerry solution provides AES-256 encryption for data that is transmitted wirelessly, as well as any data stored on the device.
The encryption is provided as an out-of-the-box feature. For an administrator, it means that they don't have to search for a third party encryption mechanism or worry about integration with wireless devices; it's already built-in to the BlackBerry solution.
- IT Policy: Providing robust configuration management tools to the IT group is another key requirement. Administrators need to manage everything, including: approved applications for the device, permissions for each application, password management, and local database encryption.
Managing all the various policies must be seamless, easy to implement and immune to circumvention by end users.
The BlackBerry Enterprise Server simplifies the management and application of IT policies. This is critical to ensure customers have the tools they need to meet corporate governance and compliance requirements, such as Sarbanes-Oxley.
- Standards-Based: the BlackBerry Enterprise Solution supports industry standards such as S/MIME, AES, PGP, TLS, SSL and PKI.
Some customers, including the U.S. Department of Defense, have compliance issues requiring the use of S/MIME and smart cards to address the confidentiality of the information that they send via email. Making these solutions available to the BlackBerry user makes the trade off between mobility and security a thing of the past.
- Independently Verified: RIM works with a number of security organizations around the world to obtain external validations of our products or particular components within the solution.
For example, the BlackBerry® device was the first mobile device to obtain a FIPS-140 validation for its embedded encryption technology. Independent verification gives customers additional confidence in deploying a BlackBerry solution.
For a complete list of approvals and certifications relating to the BlackBerry solution, click here.
PKI Infrastructure and the BlackBerry Smart Card Reader
Another growing requirement is the ability to efficiently mobilizing the PKI (Public Key Infrastructure) environment to meet the needs of users on the go.
For vendors, PKI security today involves supporting standards developed for desktop environments (such as the Common Access Card, S/MIME, OCSP, LDAP and CRLs) in a user-friendly manner, while operating within a highly constrained environment.
That's why RIM developed the BlackBerry Smart Card Reader, which builds on the security, flexibility and mobility already inherent in the trusted BlackBerry solution.
The BlackBerry Smart Card Reader is currently deployed within the U.S. Department of Defense. According to Totzke, "The BlackBerry Smart Card Reader is a wearable reader that brings two factor authentication and the signing and encrypting of email messages to mobile users, without compromising the form factor of the device or its ease of use.
For additional information about the BlackBerry for Government, including the BlackBerry Smart Card Reader, visit http://na.blackberry.com/eng/ataglance/security/government.jsp.
For a complete list of approvals and certifications relating to the BlackBerry solution, visit