According to a new research study from Strategy Analytics, commissioned by Research in Motion (RIM), the BlackBerry Enterprise Solution (BES) not only provides the most secure mobile platform but also the lowest total cost of ownership (TCO) for mobile deployments.
Using the U.K. government as an example of typical best practices, the entire mobile solution was examined, including devices and device management for a 100 user smartphone deployment running at IL2, the minimum security standard for all U.K. government departments including schools, health departments and local government.
BES vs. Walled Garden
The study compared two recommended approaches to mobility: the BES and a “walled garden” approach to mobility. This term can mean the same as “sandboxing” or “containerization” — a sandbox typically provides a tightly-controlled set of resources for guest programs to run in.
Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. Most MDM solutions that support multiple platforms operate sandboxed environments. The impact on user experience is that a user has to log in each time they want to enter a protected or sandboxed areas of the platform, such as email, protected files or apps against which IT policies are enforced.
After one year, the cost to securely manage other devices using this architecture was found to be 39% more expensive than BlackBerry devices in a BlackBerry Enterprise Server (BES) deployment. The analysis indicated that this trend would continue over time.
Andrew Brown, director of enterprise research at Strategy Analytics says, “When looking to define a cost-efficient, long-term enterprise mobility strategy, we would caution all organizations across both the public and private sectors to look at the total cost of supporting multiple devices with multiple operating systems over several years.”
Based its cost analysis, Strategy Analytics would suggest the following to any enterprise, public or private.
Consider all costs associated with deploying an end-to-end solution, including network architecture, transport and device OS capabilities, and reuse of existing network resources. Often optimizing an existing setup can be more cost-effective than changing the setup completely.
Take into account the hidden costs associated with BYOD. While it may appear to be a quick and easy way to drive greater productivity and efficiency and drive down cost, the cost of BYOD and the supporting solutions can actually result in many hidden costs when the end-to-end solution is considered.
Training and support are key cost factors that need to be considered when deploying an enterprise mobility solution. For example, if the U.K. government changes the criteria for devices, there are costs for not only making changes and supporting multiple platforms, but also hidden costs and time constraints involved in training.
“OEMs and device OS manufacturers need to ensure greater technical controls on their platforms to limit platform vulnerabilities, and other operating systems have a long way to go before they can be considered viable options,” concludes Brown.
Strategy Analytics also assessed the security of the BlackBerry7, Apple iOS5, Symbian S60 and Windows Phone 7 (WP7) operating systems, using eleven key threats as a framework. (See chart)
Some key points emerge from the analysis:
The report called out BES as an example of the right end-to-end architecture, specifically for including encryption for data at rest and in transit that mitigates the maximum amount of risk and offers essential support for corporate IT policies.
- A single supplier providing an end-to-end architecture mitigates the maximum amount of risk
- Encryption for data at rest and in transit is essential. The higher the level of cryptography, the better
- VPN solutions work well for the PC world, but have an impact on battery life and increase vulnerability when not connected in the mobile world
- Poor setup or software implementation can render the most secure solutions vulnerable
- An MDM server, such as the BlackBerry Enterprise Server, is essential to provide sufficient support for IT policies
The study concluded that, if on-device elements in the OSes display vulnerabilities, it could compromise elements all the way back to the core network. Therefore, the most suitable platforms for an enterprise and for the U.K. public sector are devices that support the most technical controls, or controls that can be enforced without the need for user intervention. This mitigates the maximum amount of risk.
Other procedural controls are a manual function that either the user or IT needs to carry out in order to reduce vulnerability and risk. What remains is the residual or real risk that cannot be mitigated by either technical or procedural controls and represents a genuine threat.