By Scott Totzke, Senior Vice President for BlackBerry Security.
In today’s world, we have so many device options – smartphones, tablets and laptops – to stay connected to either the office or manage our personal lives. For consumers, many use their mobile devices to manage everything from their personal calendars to making online purchases and even secure financial transactions with their bank.
But, unlike computers, most of us rely on applications we download to our mobile phones and tablets. These applications may have the ability to broadcast your location, private conversations, pictures, banking information and other sensitive data, sometimes even when these mobile devices are not in use.
Now imagine if your smartphone contained classified information pertaining to our national security.
Whether it’s a device owned by the consumer or one that’s managed by your company, every piece of data that leaves your device or that comes in from another source is at the potential risk of hackers.
It has been well documented that various foreign entities – both governmental and criminal – have ramped up attacks on the electronic communications and information systems of the United States. Given that mobile computing has become a necessity, government agencies need proven partners that follow top-to-bottom security protocols.
As veterans of this industry, my colleagues and I have learned to understand the impact of cybersecurity and cyber defense from a global perspective. And, we must understand the value of securing mobile communications from end to end.
At its core, cybersecurity means protecting and securing our networks from all forms of attacks and ensuring that these networks continue to operate in times of crisis. For governments and enterprises this is best done through the application of a comprehensive cybersecurity policy that enhances the safety of an organization, its partners and its customers, thereby minimizing the risks of exposure and exploitation while maintaining valuable brand credibility. The cumulative measures that individuals and organizations take to protect their network assets (personal computers, mobile phones, servers, and so on) are generally known as cyber defense.
My company, BlackBerry, holds the position that a secure mobile solution needs to be built from the ground up and embedded in all aspects of the design and implementation of the products we ship. We also know that the best way to protect data is end-to-end data encryption. This means encrypting data before it leaves the enterprise and decrypting it within the device such as a smartphone, after it is delivered.
Encryption works to protect the integrity of the data at all points outside of your control, and traveling over the carrier network. Since the time BlackBerry released the first mobile communications device – a pager that changed the world – our focus has been to protect the transaction between the end points - your device and the BlackBerry Enterprise Service running behind your company’s firewall.
Today, BlackBerry uses AES-256 as our standard for our encryption. AES is an international standard and one that has more public scrutiny than any other cipher in the world. In short, when it comes to encryption, AES is state-of-the-art.
For those not familiar with AES, it is the most studied and trusted encryption scheme available today. It is fundamental to all online security from securing web traffic when you do online banking, to the VPNs used that enable employees to connect to their corporate networks, to the embedded encryption included in every BlackBerry device we ship.
As an industry, we need to meet the public demand for secure personal and business information, and our communication solutions need to provide built-in security features that allow users to manage their privacy protection easily and consciously. Every security decision is an exercise in risk management and we need to ensure that the mobile technology that users have access to a level of transparency and assurance around the protections afforded to them by their mobile solution providers. While technology vendors can provide components of these solutions, it is equally important that we help government, enterprises, and consumers understand the risks involved with all types of online activities.
Security has to be a pillar of everything we do to protect our information. It is in all our interests to focus on implementing the strongest, industry leading, open standards possible. This includes being open to independent testing and validation of claims, and to provide an open framework for customers so that they may incorporate their own security capabilities.
BlackBerry products and solutions have already received more security accreditations globally than any other wireless solution and our customers value this level of transparency when it comes to protecting their information. We intend to continue to lead the industry in innovating smart solutions that help government, enterprises, and consumers understand how to keep their sensitive information from falling into the wrong hands.