Skip Navigation
BlackBerry Blog

How to Secure Your Corporate Apps While Maintaining Employee Privacy

Businessman covering his faceBring Your Own Device (BYOD) has rapidly gained popularity in companies the last several years. While corporate-owned devices are still extremely important for certain roles (i.e., field service, executives) and tasks (i.e., shared tablets for nurses), personal phones and tablets are becoming the most prevalent devices under enterprise management. According to a 2015 survey by Tech Pro Research, 74% of organizations are either already allowing or planning to allow employees to work from their own phones.

(This post is written by Richard Ashley, a senior marketing director for EMEA at BlackBerry.)

Whereas mobile productivity was once an amenity reserved for the few fortunate enough to have a device provided with their job, BYOD can now open up its benefits for the masses.

At the new BlackBerry, we support BYOD for whatever device platform enterprise workers prefer. We also feel successful BYOD is about more than just the device. It’s about securing corporate apps and data without infringing on a user’s native device experience and personal privacy. That means IT needs mobile security controls in place that protect what I call the 3 C’s of Secure Mobility (corporate content, credentials, and configurations).

Corporate Content

Businessman reading document stamped confidential, close-upBlackBerry’s BlackBerry Enterprise Mobility Suites makes extensive use of the Good Secure Container, which protects corporate content at rest through device-independent FIPS-validated encryption. We also uniquely encrypt data throughout the user workflow. Without containerization, copies of a user’s work are placed in each app they use, and these copies remain unencrypted until saved to disk.

The issue is that users don’t always save their work as they move from app to app in a workflow. This in turn means that unencrypted copies of potentially critical documents are strewn all over your mobile filesystem, easily recoverable by a bad actor if a device is lost, stolen, or infected with malware. With BlackBerry, this risk is mitigated.

We also protect content over the air between the corporate network and the device using a dedicated secure connection that does not rely on DMZ relays or native transport such HTPS, SSL, or TLS. Because DMZ relays require open inbound firewall ports, and native transport options have been hit by public exploits such as Heartbleed and GotoFail, we instead rely on our own secure network. The issues with over-the-air security are thus mitigated – and your corporate content remains secure.

Corporate Credentials and Configurations

Credentials TagAuthentication is all well and good, but it’s not ironclad – credentials can be stolen. With BlackBerry, however, all data is stored in the container; corporate credentials and application configuration data (i.e., IPs, hostnames, URLs) are encrypted by default. We do not rely on the OS keychain, nor do we store domain credentials on the device.

Our EMM solutions integrate with enterprise PKIs, eliminating the need for complex workarounds and ensuring consistent authentication. We also leverage existing user repositories like Active Directory and LDAP, eliminating duplicate user stores. And all the above protections on corporate content, credentials, and configurations apply to any app built on the BlackBerry Dynamics platform – whether a Good app, a 3rd party ISV app, or a customer-built app.

Preserving the User Experience with Enterprise Grade Security

Document TradeSecurity’s no good if it impedes your employees. That’s why for all Good-secured apps, the native device user experience is preserved. There’s no need for a complex device passcode, since IT can manage and apply appropriate policy controls to individual applications. Similarly, full device wipes are unnecessary, as IT can simply wipe specific apps.

And if IT needs to perform a jailbreak or root test, they can do so with ease – and without using battery-draining location services. There’s no need for an application blacklist either, as Good-secured apps can be restricted from communicating with non-Good apps. In this way, the Three C’s are kept secure, and employees are free to enjoy the positive side of what mobile has to offer.

Apps like Good Work, Good Access, and Good Connect, meanwhile, are build with native IDEs. And while not the consumer apps that come with the device, they are built to provide a better business experience that takes advantage of the richness of native development. They’re built to not only ensure security, but also enable productivity.

In short, BlackBerry isn’t just a good choice for EMM – we’re one of the best choices.

Interested in learning more? Check out Introducing Good Secure EMM Suites, or go Hands-on with Good Secure EMM Suites in our recently-broadcast live demo. And if you want to see how your own business fits into the current EMM landscape, be sure to also view Making Sense of the EMM Alphabet Soup – a detailed look at MDM, MAM & MCM.

About Inside BlackBerry Blog