Every year I look forward to BlackBerry’s annual event so that I can catch up with John Chen, the impressive CEO that turned that company around. This year that didn’t happen thanks to the damned COVID-19 virus, which is turning us all into homebodies and making me wonder if the world ended outside of town, and no one told me.
But with the rapid pivot to work-at-home, a lot of companies were caught flat-footed, and in their rush to provision employees for remote work created some pretty impressive security problems. These problems include allowing employees to use hardware—both smartphones and PCs—that were already infected with malware, an inability to provide remote support at scale, VPNs that weren’t set up to stream Netflix, and a ton of security issues like kids messing with mission-critical applications.
I recall one story of a CEO who left his laptop for a short time and later found his kid, thinking it was funny, had renamed and moved all his critical files. I’m figuring that kid won’t sit down again until he is 40.
Let’s talk about some of the critical products BlackBerry showcased at their event this week.
It Started With A Spark
BlackBerry Spark is the firm’s comprehensive bundle of offerings that can also be purchased separately. The offering was developed as an Edge case because it seemed unlikely that most firms would need the entire set. Then COVID-19 hit, and suddenly this became a mainstream offering because this one bundle handled the majority of management, provisioning, and the security problems driving IT nuts. This comprehensive product includes endpoint protection, detection, and response, mobile threat defense, continuous authentication, an SDK (software development kit) to embed security into business apps, digital rights management, identity management, device management, and a set of secure productivity apps and clients that interface with Microsoft apps.
BlackBerry Protect on Mobile Devices: This is a fascinating offering in that it builds security into mobile apps. Smartphones don’t have much overhead, so if you can make security into the app and then assure the phone isn’t running screen scrapers or critical loggers, you can ensure the session is secure even if other things on the phone aren’t. This offering allows the user to own control and management of the device still while IT just holds the apps that IT provides, vastly lowering overhead. If they have a problem with their phone, they don’t call IT, reducing overhead.
BlackBerry Persona: This is an almost magical offering. That CEO I mentioned at the top desperately needed this because it continually authenticates the user based on observed behavior. If anyone accesses the PC or smartphone that isn’t supposed to, it will lock that user out until they can re-authenticate. It protects against a common problem in the home when the adult is called away for some local crisis with a child or pet, and their device gets molested by one of the other kids with too much time on their hands or a spouse thinking they are funny. BlackBerry Persona could help protect your marriage if you are married to a prankster with poor impulse control and reduce the temptation to paddle your child (something they would likely appreciate while they are locked up with you at home).
BlackBerry Desktop Access: This is cool in that it is a dedicated secure sandboxed browser. If you have apps on the web, this is the way you want your user to access them as they can’t cut and paste out of the browser only within it, so you don’t have users moving information from a secure container to something that is unsecure.
BlackBerry Protect From Cylance: This is one of the most potent AV products in the market. Driven by an AI, it looks at the behavior of an application, and if that application is misbehaving, it blocks it. It looks at files at the binary level and autonomously stops threats. And the algorithm only has to update once every year. It doesn’t wait for the threat to execute. There’s no human classification dependency or on-prem infrastructure. It doesn’t requires constant updates or need signatures or heuristics. I don’t know why everyone doesn’t run this because you can layer it, and it doesn’t require the performance overhead of other AV products that aren’t as comprehensive.
We’ve just shipped a ton of folks home that aren’t used to working from home and put them in with their kids and pets while asking them to do real work. We didn’t provision or secure them well because this was done so quickly, and most of these people, and our companies, are exposed as a result. And, realizing this, the hostile attackers are coming out of the woodwork to take advantage of these mistakes.
BlackBerry has what appears to be the most comprehensive solution to this critical problem. It would be worth your while to check it out. Just saying.