RIM's 'long, slow death spiral' is bad news for security

By | January 11, 2012

Posted in: Network Security Trends

It’s ironic that Research in Motion (RIM), makers of the BlackBerry smartphone and its impressive supporting enterprise architecture, is apparently circling the drain at a time that mobile phone security is moving to the forefront. Until really quite recently, even in IT years (which are like dog years) “Blackberry” and “business smartphone” have been nearly synonymous. Your company-issued phone was “my BlackBerry,” backed by the robust BlackBerry Enterprise Server (BES) for effectively managing and securing your business smartphones and associated infrastructure.

Like the Romans falling to the free-wheeling barbarians, RIM is rapidly losing market share and investor confidence as managers and employees bring their personal feature-rich and application-happy iPhones and Droids into the workplace. From a high in the $60-plus range earlier in 2011, RIM’s stock fell steadily, then plunged 11% to an eight-year-low on news of delays introducing their new phones until late 2012. The stock continued to sag until reports emerged that Microsoft, Nokia and Amazon were among companies interested in buying them out. A MarketWatch headline described RIM’s “long, slow death spiral.” Pretty grim.

RIM’s troubles are bad news from the security person’s perspective. BES offers the kind of controls that enterprises are either forsaking or scrambling after third-party management systems in the path of the BYOD (bring your own device) frenzy. For example, admins can control what applications can be downloaded onto corporately managed BlackBerry’s. Compare with the crapshoot that is the world of the personally owned iPhone or, worse, Android. At least Apple vets its apps. Android, by comparison, is the Wild West; small wonder it is the platform of choice for mobile malware writers.

BlackBerry offers encryption options for data on phones and in transit, keys, email and SMS messaging. It supports multifactor authentication and controls Bluetooth and Wi-Fi. All under robust management via BES. Small wonder it has been the enterprise platform of choice before its fortunes veered south.

Blackberry has taken measures to embrace the BYOD era, but it’s probably too little, too late. RIM management was too slow to react not only to the wild popularity of the iPhone and Droid, but their incursion into and acceptance in the workplace. Even if they have company-managed BlackBerry’s, most people are far more dependent on their iPhone/Droid for everything. Consider this from a recent Reuters report, which noted the small army of engineers working on eBay apps for the iPhone, Android and even Windows phones, but “one or two” working on BlackBerry:

“When he [eBay chief executive John Donahoe] met with reporters to talk about plans for the holiday shopping season, the CEO whipped out his iPhone to show how eBay's apps ran on the device. Reuters asked Donahue about his BlackBerry, he said he still had it but didn't bother to bring it into the room.”

RIM is trying to widen its footprint by bringing other smartphones into its BES management platform, offering industrial strength security for iPhone, iPad and Android as well as BlackBerry. The announcement of RIM’s Mobile Fusion software, which enables companies to control rules for applications, passwords and software, and remotely lock or wipe a stolen or lost phone gave the company’s stock a shot in the arm in late November, but the company still had to deal with handsets that had fallen badly behind the times.

Fusion is scheduled for a March release. Meanwhile, enterprises have a variety of third-party mobile device management (MDM) products and services to choose from as well. Meanwhile, there are indications that the federal government is hedging its bets to allow secure Android and iOS phones alongside of BlackBerry or, perhaps, for life after BlackBerry, as at least two companies are working on federal-grade authentication for the two platforms.

In a recent post, my former SearchSecurity.com colleague, Eric Parizo, bemoaned BlackBerry’s falling market share and urged security professionals to bring pressure to bear on their execs to embrace BlackBerry and, if not stop, at least slow down the bleeding. He wasn’t optimistic, and I think it’s fair to say that ship has sailed. The most secure smartphone platform is threatened with extinction just as the smartphone market and its open development opportunities are finally attracting serious attention from cyber criminals.

You May Also Be Interested In: