As a fan of technology and, in particular, mobile technology I’ve long been intrigued by RIM. Trailblazers for sure, but do they continue to deserve a place at mobile’s top table? Ask most people, particularly those of a corporate persuasion, and they will likely be quick to offer up the fact that “Blackberry is the mobile of choice for business because it’s far more secure”; but press even those with significant relevant expertise and experience and the actual evidence to back that statement up starts to get a little hazy. It would seem (to me at least) that the continued dominance of RIM is more a result of fear of change than any real value proposition they continue to bring.
I’ve spent some time looking for hard evidence to confirm or deny this, and I’ll detail my findings in a bit. But to paraphrase from the outset, I remain unconvinced that the RIM security story is still valid – at least for 95% of mobile users across the planet. I’ll caveat this post right now with the usual “it’s just my opinion” and it is only based on my experiences and access to information. To be honest I’m writing this post in part as I still need more concrete information to firmly resolve things in my mind. So if you read this and have an opinion (either one that agrees with my position or, more interestingly, conflicts) I’d love to hear your thoughts and comments. I know Blackberry, like Palm and Apple, can elicit strong emotions….
I’ll start by recapping the Blackberry story as I understand it, as I think it’s highly significant in describing why RIM gained such popularity and also why I’m sceptical as to the legitimacy of it’s model in todays world. According the Wikipedia, the first Blackberry mobile phone appeared in 2002 (several BB branded pagers had been sold prior to this, since 1998). A number of non-RIM produced handsets have also come to market utilising the Blackberry email client, which is important as part of the security story these days focuses on the fact that RIM controls the end-to-end experience. It’s important to remember that the world was a very different place back in 2002. No 3G, not a great deal of WiFi or broadband penetration either. What RIM did well (better than ANYBODY by a long shot) is two fold. They delivered a fantastic push-email experience on a mobile device. Their architecture ensured that emails arrived in an incredibly timely way. Secondly, they managed to get the significant amount of data in emails through the narrow pipes that were available back then. Their compression technology and, again, architecture was way ahead. These 2 factors added up to really give them an advantage – and rightly so.
But roll on almost a decade. 4G is being rolled out. And mobile integration that ensures emails arrive immediately is commonplace. Those 2 critical advantages are no longer relevant. So Blackberry, in a relatively dominant position, look at what else they have in their toolbox to take on the young pretenders in Apple and Google. Two things emerge – a fantastic hardware experience for email (RIM has learnt – and patented – a thing or 2 when it comes to hardware keyboards) – and security. Now keyboards will only take you so far, especially as the way people interact with mobiles is changing to include so much more than just email. Touchscreens are on the rise for all but the most gnarly of emailers. Digital natives are using email for less (and rightly so in my opinion, but that’s for another time). So that leaves security. And RIM know it.
I’m not disputing they have a great story. Their architecture was developed and has grown in such a way that it is naturally secure. They control the process end to end which gives them an advantage over others looking to use more open standard. However, as I’ve already mentioned, a number of non RIM devices have been introduced in the past with the Blacjberry email client which would somewhat contradict this. Not that these devices are still appearing, but I do find it a slight anomoly in the “end-to-end” security story.
But my question really is how relevant is that architecture in todays world? As I mentioned, my understanding is that much of the architecture was built to deliver timely email over narrow pipes, and security (at least initially) was secondary to those critical success factors. They had a head start and when Android and the iPhone started making waves back in 2007, 2008 and 2009 they certainly understood that side of things far far better. But with every new release of software and hardware, Apple, Google and the various partners have learnt lessons. And quickly. Hardware encryption, software encryption, remote wipe, auto device locks, certificate security and high level encryption standards are all now in place for both of those platforms.
I read an article that explained the “extra” level of security RIM has in their solution. In this article the extra level is likened to hearing a conversation spoken in code when the FBI has tapped into a phone call. Blackberry provide the ability to speak in code (although crucially don’t control that code and so couldn’t break it themselves – only the people on the conversation has the ability to decrypt the message). Whilst the likes of Apple and Google could provide the same protection against tapping the call, if someone was able to do that only RIM provides the additional security measure of coding the messages within that.
That sounds great. But in reality having someone tap into your messages whilst in transit given todays security standards in this area would not only require considerable resource and ability, but also significant motive to do it. To my mind, there are only a few sectors, companies within those sectors and even workers within those companies that would even be a target, let a lone be at risk. To me it’s like having armed guards and a vault at a supermarket. Sure, that kind of security is important for a bank, but do retailers on the same high street all need that level of security? No, because they’re not likely to be targeted in the same way.
So I’m at a point where I think, for 95% of the potential mobile population (be that consumer or business), Blackberry Enterprise encryption is not required. Moreover, it may even be detrimental on a number of levels (just look at the issues RIM has in Saudi Arabia and India). Having no visibility and not being able to monitor communications at all is a potential business risk.
But the other side of the coin is the adage “you’ll never get fired for going with IBM”. Same rules apply – RIM is proven. Big time. They have more experience of mobile in enterprise than any other company out there. My argument is that their success was primarily as a result of reasons other than security, reasons that have all but gone away. Security is all they have left from an architecture that isn’t relavent today. But it’s the only card they have left to play other than undertaking a major shift in direction. And in playing it, they create enough doubt in peoples minds to retain a strong position.
But it’s clear things are changing. Demand is there to do more for less, for more flexibility in how and where we work and with the line between business and pleasure blurring more each day I think this change will continue. I hope RIM has a strategy. My issue isn’t that RIM are bad, I like their devices and their shift towards a younger audience with focus on their BlackBerry Messenger (BBM) is brilliant. I’m just hoping that there is more by way of innovation and
leadership – areas where RIM has historically excelled – than by a strategy of creating fear and doubt.
For me, I’m unconvinced by the story that anything other than Blackberrys are unfit for enterprise use. Mobile is happening and the way we’re using mobile technology is changing in the most unbelievable and creative ways imaginable. That is what I love, that is what is driving enterprise 2.0. And to my mind, businesses should be open minded and look at all the options, not just those that have worked in the past.
please, ask yourself why Saudi Arabia, UAE, India have tried to ban Blackberries, and have not really tried with apple, gmail, … . Only because SSL is not providing real data security ( operators can easily use fake certificates to snoop on your data ) and companies really need to have secure channels to communicate about commercial and technical business.
Android and iphone are very nice phone for everyone to play with , but if you need security there is still only RIM.
{"id":null,"mode":"button","open_style":"in_place","currency_code":"GBP","currency_symbol":"\u00a3","currency_type":"decimal","blank_flag_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"TheDigitalLifestyle.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"TheDigitalLifestyle.com","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"TheDigitalLifestyle.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
please, ask yourself why Saudi Arabia, UAE, India have tried to ban Blackberries, and have not really tried with apple, gmail, … . Only because SSL is not providing real data security ( operators can easily use fake certificates to snoop on your data ) and companies really need to have secure channels to communicate about commercial and technical business.
Android and iphone are very nice phone for everyone to play with , but if you need security there is still only RIM.
About SSL lack of security : http://www.wired.com/threatlevel/tag/ssl/