John Chen steps out on the stage at the BlackBerry Security Summit in New York not vastly unlike Tom Cruise at the climax of a Mission Impossible movie. Truth is, he has already achieved a mission far more absurd than Cruise at his worst. He took over the running of BlackBerry 21 months ago, tasked with rescuing a company that had become an afterthought in the smartphone world.
The previous incumbent, Thorsten Heins, fell disastrously short through a strategy focused on fixing the hardware platform. He did a great job, technically speaking, getting the BB10 operating system out of the gates. Problem was, it took so long, the world lost interest. BlackBerry as a smartphone brand was so, like, 2011.
But Chen has already met his first goal, and one that many had assumed unlikely: he has brought the company back to operational profitability, with a few billion dollars spending money in the bank, and taking business away from major competitors. But that’s not smartphone business.
BlackBerry remains a world leader in securing mobile communications, and the only handset manufacturer that routinely receives military clearance for its devices to be used in the field. Its security software and platform extends well beyond its own devices, including a partnership with Samsung, and the underlying operating system for the “connected car” interface on new Ford vehicles.
Now Chen is embarking on the second mission; building the brand back to its former greatness.
“From day one I recognised the company had some greatness in pursuing privacy and security, and that this market was developing rapidly,” said the company’s CEO and exec chairman. “Last year we spent more than $100-million in creating more product for security. All our operational units are focused on that number one priority and principle. Then we want to acquire capabilities to fill in the gaps.”
It is a mark of the both the capability and confidence Chen has brought to the business that few would contradict his core message at the event: “BlackBerry has the most secure mobile platform the industry has to offer.”
And never has it been more needed. David Kleidermacher, BlackBerry’s chief security officer, explained how the advent of the Internet of Things is opening numerous backdoors into enterprises and critical systems.
He gave the example of smart hospitals, which not only aim at making access and updates of patient records smarter through the use of handsets, but can also automate many medical processes, like administering drugs.
At this point, the BlackBerry team demonstrated how a malicious hacker could easily gain access to the controls of a standard drug infusion device. The device is linked to the hospital network either through a network port or via Wi-Fi. Its IP address – a unique identifier that all Internet-connected devices have – is published in the device manual for all to see. In most cases, there is no password protection, and the security configuration is usually not up to date.
As a result, basic hacking tools can expose all the information on the device. Not only can this allow for the hacker to change the dosage and kill a patient, but also potentially access other hospital systems through following the links up the chain.
“We are creating additional surfaces of attack,” said Kleidermacher. “These become the soft underbelly of corporate access. One of the problems with security is, if it is too complicated, it gets circumvented or ignored.”
Ironically, then, precisely because we are adding more complexity to our security world, enterprises are losing the security battle.
BlackBerry’s solution, outlined at the Security Summit, is based on five principles: an end-to-end solution; a priority on productivity for both users and administrators; security at the heart of the network; a data-centric approach which means protection moves with the data; and a proactive approach that prevents vulnerabilities rather than patches them after the fact.
Not surprisingly, BlackBerry is pushing hard on the first of those principles, which corporate strategy vice president Jeff Holleran summed up as “a single solutions track from single trusted vendor”. However, he put this thrust neatly in context by describing BlackBerry’s role of intrusion detection and handling access requests as “acting as the bouncer in the sky”.
That may be convincing for customers who experience the benefits, but can BlackBerry convince the broader market that it’s in a position to provide protection in a rapidly evolving mobile environment?
For chief operating office Marty Beard it isn’t a question of if, but why the company wins this particular battle: “We’re not aspirational about getting into this world; we’re in it. We’ve got deep decades of expertise in managing devices. The world of sensors and machines will not be a surprise.”