BIackBerry Security Summit: Securing the Enterprise of Things

News by Tony Morbin

BlackBerry is not dead, it just moved from the physical to the digital world where it aims to utilise the mobile, security and privacy expertise gained from phones to secure the world of connected Things.

While there are still a few holdouts where BlackBerry mobile devices exist as physical entities, the company has firmly nailed its future onto taking its mobile security and privacy capabilities as a software and advice offering in the IOT.

Or as the company itself described it during the BIackBerry Security Summit in London today, its new BlackBerry Spark brand is "the only Enterprise of Things (EoT) platform designed and built for ultra-secure hyperconnectivity from the kernel to the edge."

Is it all marketing and hype or is there any substance behind the claims? Talking to the press during the event Charles Eagan, BlackBerry CTO & SVP, mobility software solutions agreed that BlackBerry Spark was effectively the new name for BlackBerry Software, but said it was grounded in new technology, "...and then comes marketing. BlackBerry Spark is a name to describe the tech leading us into this interconnected future - a unifying force of all the security bits in BlackBerry - and tipping its hat to the history of BlackBerry with the Spark logo."

He added, "There's a tidal wave of IOT devices coming [75 billion connected things predicted by 2025] and a backlog of demand for securing them. Through acquisitions and working with our partners we've learned how to integrate other technologies - intergrating other tech without a tech device in the field. By taking the ability to do this in a secure way to others, BlackBerry helps you monitor all end points and connected products even if they dont use BlackBerry software. You don't need to manage every device, but you need to know that device can be trusted."

John Chen, executive chairman and CEO BlackBerry elaborated: "All the BlackBerry tech teams from software to automotive were brought together to leverage capabilities in a more aligned way. From B to B to Consumer, putting everything we do together as one, or we'd have competition in a fragmented way. Our idea was to have the same approach from manging endpoints from the kernal to the edge. Then it was decided not to make our own cell phones but sell the secure software and extend into Linux."

He described three operating groups for the organisaiton:
1 From the server side - containers, collaborative software - how enterprises manage mobile comms
2 Endpoint management - which was focused on phones, but now covers anything
3 QNX - mostly automotive, now anything, including medical devices etc

A variety of use-cases were put forward to demonstrate that the move is more than theoretical but already deployed globally, some deployments tying AI to identity management. This includes crisis management applications such as the London Shield programme - where partners are currently being signed up in a bid to replicate the Melbourne Shield programme (linking police, hospitals and other emergency responders so that they share information and implement a pre-agreed policy and actions), or the US Federal government programme where 2.3 million people are connected in Washington state.

Working with manufacturers, particularly car-makers, includes securing over-the-air updates, and investigating whether theoretical hacks can be exploitable in relation to the security of politicians' and diplomats' vehicles.

In the US where healthcare devices can't be modified without FDA approval, the company has created an ability to monitor network traffic to the device and detect if anything is happening that's not normal and shut the device off the network.

It is also building GRC/Risk - for GDPR assesement, ISO and PCI assessment, and risks to cyber-reslience, including helping customers respond and recover if breached, plus working in digital forensics.

Chen was asked how he could work with, and not compete with organisations such as Microsoft. He replied, "I don't want to fight (with Microsoft). We have security and privacy as a heritage. Microsoft wants to move people to the cloud, and 365 is the vehicle. We come from mobile side and they don't - [The example of expanded Bridge capabilities was cited, which lets customers seamlessly access, edit and save Microsoft Office 365 files from applications in the BlackBerry container.] We add mobility and security as a native experience on their mobile offering. By accepting fact that 365 will be part of everyone's estate, you ask, what value can you add, and we can add mobility and security."

Chen went on to note how the world of IOT is a completly open hetrogenious world where veryone is in IOT, from telcos to white goods manufacturers, and no one vendor will dominate. And the market doesn't want one vendor. Consequently BlackBerry, "...Will work with different ecosystems and that resonates with customers, not being locked in."

A follow up question was, what about Microsoft overcoming BlackBerry's market lead in this area by buying the company?
Chen replied: "My job is to create value for the shareholders and not fight 'religious' wars, and shareholders can decide. I have to create the option that we can do well on our own. My only angle is secure communications, to bring privacy and data protection. So everyone can network securely."

A raft of new technology based on the Spark concept was also announced such as Ransomware recovery (allowing selective roll back to last unencrypted version of specific files, including those on mobiles, not needing reset of everything); Secure global director; Secure embedded Linux; AtHoc API; AtHoc for BlackBerry Radar; Secure manufacturing service; Intelligent transportation systems; Intelligent security service. Also a wide range of partners were announced for the open, universal platform, including working to make the Amazon Alexa smart speaker more secure, to allow its use on say corporate documents. "We are able to securitise whatever environment they want to create," concluded Chen.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews