BlackBerry 10 better and more secure, but not good enough

Amid all the hype that preceded Research in Motion's (RIM) unveiling of its BlackBerry 10 on Tuesday, most analysts agree on this much: the new device is the best, and most secure, the company has ever made.

However, they are not convinced that will be enough to turn around RIM's sagging fortunes or its miniscule market share -- 1.1% of the smartphone OS market.

Michael Davis, CEO of Chicago-based consultancy Savid Technologies, writing in Information Week, said the improvements to the device itself, along with the new BlackBerry Enterprise Service 10 (BES10), are "too little too late" to challenge the dominance of Apple and Android.

"We don't think the new enterprise features -- which are really the only enhancements to the device as all of the consumer enhancements are just copycat functions of iOS and Android -- are going to be enough for the end user to stick with BB when facing the decision to change," Davis wrote.

"BES10 is too little too late for most enterprises," he wrote.

Jan Dawson, chief telecom analyst at Ovum, said in an interview with the Wall Street Journal that while he thought the launch of BlackBerry 10 would provide a short-term boost for RIM, its enterprise customer base has started to fall, "and I expect it to continue to go that way."

"The new platform, as good as it is, is not good enough to win converts," Dawson said.

He said while the new BlackBerry 10 means RIM is finally reaching parity with market leaders, "there's nothing that makes it head and shoulders above iPhone or Android ... It will appeal mainly to existing users."

There is some advance praise for BES10 security features, after some well-publicized problems with flaws in previous versions, but it is tempered by the new reality of a market that RIM used to dominate.

Zach Lanier, senior research consultant at Accuvant Labs R&D team, said: "RIM has learned some lessons from the BlackBerry PlayBook (whose TabletOS effectively served as the predecessor to BB OS 10), given that it was a foray into a new operating system and platform paradigm for them."

[See also: Android vs iOS vs BlackBerry: Which is most secure?]

But a new OS could also bring new problems, he said. "For any company, introducing a slew of new bits of code -- especially code that isn't necessarily developed or maintained by RIM directly -- comes the possibility of introducing new bugs."

Davis wrote that the upgraded service is now using an AES256 encrypted tunnel for all communications between BES and the device, which is also FIPS140-2 certified. The means the government can use these anywhere, he said.

"Think of this tunnel like a VPN (virtual private network) tunnel," he said. "This enables the enterprise to allow the browser on the BB device to route and access internal enterprise Web apps through the tunnel without the pain of having to configure a VPN profile or even provision a VPN username and password."

A second new feature is Balance, a managed container that divides the personal and working worlds of users. "Each partition is encrypted and secure with the Work Partition being controlled remotely by a policy," Davis wrote. "You can have personal email from Gmail on your personal side and your corporate email on the work side and not have the pesky security restrictions enforced on your personal email as you do on the work email."

However, Balance requires the new BES10, and access is not clear. "RIM could not confirm how many BES email hosting providers are planning to upgrade to BES10 or even support BES10, so if you are not an enterprise that wants to use BB Balance you may be out of luck until the major BES hosting providers catch up," Davis wrote.

Michael Disabato, a research vice president at Gartner for Technical Professionals Research, said that besides managing Balance, BES10 "will also be able to run the Fusion extensions, which can manage iOS and Android devices. If that is something you need, then the management is better."

Lanier said RIM's tradition of enterprise-friendly management features coupled with RIM's history of things like device encryption, code signing enforcement, etc. are a good indicator that BlackBerry 10 will continue that tradition, and build upon it. "But, with new features, like running Android apps; WiFi file sharing; and even the stuff that makes Balance/Bridge work, there's the possibility for degradation of security in some areas," he wrote.

And despite being more secure than other devices on the market, Eric Maiwald, a research vice president at Gartner, notes that devices are purchased for business purposes. "If two devices are completely equal in user experience, apps and capabilities, then buying the more secure device is a better choice -- that said from a security analyst."

But he said that businesses look at the entire ecosystem around the device, including existing apps, development environments, developer familiarity, use cases, etc.

"John McGreavy," the pseudonym for Information Week's "secret CIO" advice column, wrote this week that he has "little confidence that even if its new BlackBerry device and server innovations are successful, RIM has the ability to innovate at the speed the market expects."

"Regardless of how successful [BlackBerry 10], we have other devices in play and will have more going forward," McGreavy wrote. "RIM says its Fusion MDM platform will manage it all, but I don't see support of rival products making it to the top of the company's development plan."

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags MDMapplicationsovummobile securityRIMsoftwareData Protection | Wirelessblackberry 10data protectionApplesecurityblackberry enterprise service 10

More about AppleBlackBerryGartnerLanier AustraliaMotionOvumResearch In MotionWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts