Amid reports that Android devices are being tested at the highest level of government, BlackBerry announced that Secure Work Space for iOS and Android, a multi-platform containerization solution managed through BlackBerry Enterprise Service 10 (BES10), is now Federal Information Processing Standard (FIPS) 140-2 certified.
On the same day, CEO and Executive Chair, John Chen, vented frustrations in the Inside BlackBerry blog, where he issued a stern reaction to an internal security breach. No, this was not a matter of mobile device risk, but a network infiltration and stolen corporate information.
Chen wrote, “One of the most frustrating things for all of us at BlackBerry is when a critical and confidential project is reported in the media before we are ready to discuss it. Leaks are, at their best, distracting, and at their worst downright misleading to our stakeholders. The business implications of a leak are seldom advantageous.”
Misleading indeed—Chen said that a person posed as an employee of “one of our carrier partners to obtain access to secured networks.” Confidential information about a future BlackBerry product was stolen and made public.
He acknowledged that leaks mean there is interest in and enthusiasm for BlackBerry, but went on to say that this curiosity turned into criminality and “we must take strong action.”
In this case, there will be prosecution of the guilty parties, but there are no details on what legal action will be taken or about how this breach was discovered.
Leaks in the device space are common and feed the frenzy of consumers looking for the next big thing. But leaks have typically come in the form of blurry images from inside the factories overseas where many of them are being manufactured, and they are often centered on iPhones. A network breach such as this might be unprecedented.
With what’s been going on at the company, frenzy may be just what BlackBerry needs, but Chen explained, “This may mean you see a few less blog posts with photos and rumors of the next BlackBerry smartphones. I know those can be fun for our fans, but rest assured that we’re committed to communicating our biggest updates to you early and often – when they are ready to be shared.”
Security of Another Kind
Considered a critical benchmark for security in government, FIPS validation assures users that a given encryption technology has passed rigorous testing in order to be used to encrypt and secure sensitive information. The certification will allow security-conscious organizations, including U.S. and Canadian government agencies, to confidently deploy BlackBerry’s Secure Work Space to securely separate sensitive corporate data from personal content.
FIPS 140-2 is issued by the National Institute of Standards and Technology (NIST) to coordinate the requirements and standards for certifying cryptographic modules. The standard was developed through the Cryptographic Module Validation Program (CMVP), which certifies products for use by U.S. government agencies and regulated industries that collect, store, transfer, share and disseminate sensitive information. Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2. In addition to U.S. government recognition, the certification is accepted and supported by the Communications Security Establishment Canada (CSEC) for government use.
“Organizations, in both the public and private sectors, must take the necessary steps to protect sensitive data and ensure that their mobile solutions offer the highest level of security,” said Ben Hoffman, mobility analyst at IDC in a release. “FIPS 140-2 certification indicates that BlackBerry is meeting the strict security requirements that many enterprise customers require.”