Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Unified Endpoint Management: Security Built from the Ground Up

Securing technology is a complex problem that becomes increasingly difficult as more devices connect to corporate networks and more employees work from home. The rise of connected Internet of Things (IoT) devices and employee reliance on mobile and remote technology has extended the battleground beyond the firewall and network perimeter. Fortifying company resources behind layers of defenses is simply not effective when employees connect work devices to home networks, or access internal data from outside the firewall.

Modern organizations need modern security solutions that cover employees while at work, in transit, and away from the office. Protective coverage needs to include and secure a variety of devices and platforms and remain effective across multiple locations. For example, workers may be accessing or storing company data on multiple platforms like iOS®, Windows®, macOS®, Android™, or others.

Trying to incorporate separate security solutions to address the various combinations of devices, platforms, and applications used by employees creates an administrative nightmare and drives down user productivity. When a user’s experience is degraded by intrusive security layers, they find and use unauthorized shortcuts – which lowers their overall security posture.

The BlackBerry Spark® Unified Endpoint Management (UEM) Suite is designed to tackle the complex threat landscape by consolidating effective security tools into a single interface. Flexible deployment options make the BlackBerry Spark UEM Suite an ideal fit for organizations working strictly on-premises, in the cloud, or using a mixed model.

Security-Focused From Inception

BlackBerry’s communication infrastructure has been evolving for decades to provide instant connectivity and the highest levels of security to financial services and government agencies. In an era when network speeds were 9-15 kB/s, BlackBerry was innovating secure and efficient technology for mobile email, calendar, and browsing to drive productivity.

Starting with security as a primary goal, BlackBerry has since grown a mature platform used by companies, corporations, and governments worldwide. Every BlackBerry® offering maintains a core focus on security rather than adding cybersecurity features as an afterthought like many so-called next-gen security companies do.

As technology has advanced and bandwidths increased, the BlackBerry platform has expanded to accommodate secure voice, video, real-time collaboration, and more. Other companies rely on VPN-based solutions to connect offsite workers with organizational resources. This legacy approach encounters problems when resources become mobile rather than remaining at a static location. For example:

  • Mobile resources and workers can encounter coverage issues during travel or relocation.
  • Establishing and re-establishing connections to mobile resources can lead to an excessive drain of battery power when devices repeatedly execute the task.
  • Applications that are not VPN-aware might error-out if the users try to launch an application before the on-demand VPN completes its connection process – increasing calls to IT support.
  • VPNs were traditionally designed to support about 20% of the user population being connected at the same time. Expanding support to cover all users, all the time, is expensive and requires more servers to manage and support.
  • Once a device connects using VPN, all applications use the same provided data path, including personal apps which create a security risk, especially with BYOD users.

BlackBerry allows remote connectivity without relying on VPN. The BlackBerry NOC infrastructure enables secure connectivity for users regardless of their location or the location of the work resource. The BlackBerry Spark UEM Suite is built upon the BlackBerry NOC secure infrastructure to ensure that managing endpoints, devices, data, and users is robust and secure.

What is the BlackBerry NOC?

The BlackBerry NOC, at the most basic level, is a hosted proxy that requires zero inbound ports through the firewall to facilitate access to internal resources. This means that communication, traffic, verification processes, and other business operations are encrypted and routed through BlackBerry rather than directly to the organizational infrastructure. This approach reduces susceptibility to denial of service attacks and also hides business network traffic from unscrupulous actors seeking to breach data.

For example, consider an employee sitting in an airport café and using the free airport WiFi. Suppose a threat actor is in the same location and has devised a way to “sniff” nearby network traffic. All the attacker will be able to determine is that the employee has an encrypted connection to BlackBerry. They will learn nothing of the contents of the traffic or the identity of the employee’s organization.

Most technology-oriented professionals will recognize NOC as an acronym for network operations center. The BlackBerry NOC, aside from referring to encrypted infrastructure, also includes a team of engineers who monitor client traffic for anomalies. These professionals analyze traffic and can quickly address problems or resolve network carrier issues before they impact users.

What is the BlackBerry Spark UEM Suite?

The BlackBerry Spark UEM Suite is a single platform solution that streamlines the management of processes across devices, apps, and users. It allows employees to securely access business resources using multiple platforms including iOS, Android, Windows 10, macOS, and Chrome™ OS.

The BlackBerry Spark UEM Suite offers superior security and robustness by placing a server behind the firewall (not the DMZ). The server connects to the BlackBerry infrastructure, then encrypts and routes traffic without requiring an open inbound port on the firewall (see Figure 1):
 

Figure 1: BlackBerry infrastructure offers the highest level of encryption with the lowest level of user friction.

BlackBerry® Connectivity was designed to act like a router for mobile devices, with connection times optimized to be near-instantaneous. During hardware activation, trusted certificates are pushed to the device and authenticated to the BlackBerry infrastructure. Once the device is authenticated, all traffic to and from the BlackBerry® UEM server is encrypted through a process that remains invisible to the user.

Other features of the BlackBerry Spark UEM Suite include:

  • Mobile content management (MCM)
  • Full digital rights management (DRM)
  • Identity and access management (IAM)
  • BlackBerry® Dynamics™ SDK
  • Multi-channel notifications
  • Flexible deployment options for on-premises, cloud, or mixed work environments

The BlackBerry Spark UEM Suite is fully open, allowing customers or independent software vendors (ISV) to create apps that leverage the secure infrastructure. This means organizations can focus their coding projects on what they do best, while leaving data and communication security to BlackBerry.  

Build Your Success On a Foundation of Security

The workforce in 2020 is going through many changes due to uncertain times and the simultaneous mass adoption of mobile and IoT technology. Allowing workers to remain connected and productive from remote locations or while in transit is a critical ability for modern organizations. The BlackBerry Spark UEM Suite is built upon decades of innovations and evolving infrastructure created expressly for securing mobile traffic connectivity and ensuring connectivity.

For information on how your organization can take advantage of BlackBerry secure infrastructure and the BlackBerry Spark UEM Suite, contact us.

Alex Willis

About Alex Willis

Alex Willis serves as the Vice President, Global Technical Solutions at BlackBerry.