I was typing away about mobile security when I kept coming back to my Blackberry, a weathered Bold 9000. It's no longer connected to a Blackberry Enterprise Server (BES), most of the plastic chrome finish is worn off, and I never did find a decent RSS reader, it is actually rusted through in parts, the camera made every picture look like it was of the Loch Ness monster, the volume buttons don't work, and the web browser makes me miss using the old text-only Lynx browser. By Velveteen Rabbit standards, this phone is about as real as anything could ever hope to be!
This phone managed my entire life, two jobs, a small business, and a long-distance relationship. Not to mention bills, bank accounts, passwords, bookmarks, schedule, social networking, recipes, music, family, and the GPS helped me finally find my way out of that damned paper bag. Still, I need a new phone.
My wife has an Apple iPhone 4, my friends all have iPhones or obscenely powerful Android devices, and I must confess I've coveted other phones. I love the Nokia’s N8 camera, but Symbian? Grappling with the menus is a full-time hobby. As for the iPhone, I know that Apple has made great strides, but I'm a security professional. I can't, I just can't.
If Cisco offered an ice cream sandwich powered mobile phone version of its Cius tablet with all the included connectivity, collaboration, and security goodies and with Three Laws of Mobility and all their enterprise-focused Android security extensions having been acquired by Google via Motorola, I would be very, tempted to jump ship.
I know what you're thinking. Blackberry Messenger (BBM) and the keyboard, thousands of revolutionaries and rioters can't be wrong (Have you ever tried to type on a touch screen while driving on a desert road, being shot at?). I admit those two things are great, but no.
1. Over a decade ago, I was handed a 1.44mb floppy disc and told “You have to check this out.” What I saw amazed me, a full operating system, kernel, device drivers, middleware, and GUI, a web browser, and visual text editor, a web server even —all in half the size of a typical MP3. I am speaking of the new Blackberry OS, QNX, an OS that held my fascination until I realized I couldn't run any of the applications on it that I needed.
It's ironic that RIM now finds itself in the exact same predicament, rumors of delays and one incremental update (with no legacy support or upgrade path) after another as they fall further behind because they can't port smoothly their native e-mail application to QNX.
2. Aside from my excitement over the potential of QNX, I love the idea of Blackberry Balance. The ability to separate personal and professional objects on the device is fantastic. It's about time somebody simply accepted the fact that mobile devices are by their very nature, dual-use and that this is a good thing!
Unfortunately, Balance isn't very good at what it aims to do. The more time I spend wondering about what is on that i-luv-u.jar file I found, the less productive I am. I know it might be malware, but come on, phones come and go; love is eternal. Until I can use my phone personally any way I want without regard to impacting the business uses/resources it's not truly living up to its obligations as a dual-use device.
How would I fix all these problems? By looking to the cloud: X-as-a-Service on the Internet and up into the literal sky where planes fly by virtualization. I know, normally my response to virtualization as a solution is “now you have two problems.” I really think this is a rare instance where there is value beyond the buzz, specifically, a separation kernel that allows deaggregation within a single device, a single chip even. Make no mistake, I am in no way implying that virtualization is a silver bullet. There are countless problems it cannot address. However, I believe this could address RIM's immediate and specific problems beautifully. As a general example, create some compartments:
Personal : For all my personal resources, friends' and family's contact info, personal social networking, private media files, and all the apps I want, even if they might contain malware and have been blacklisted by my employer.
Professional: This secure container would be managed by the BES as normal and would contain all my professional data and apps. It would not be possible for me to share this with my personal container, nor would it be possible for my personal container to share my personal viral friends with my coworkers.
Legacy: An execution environment for legacy apps such as the native e-mail application and any custom Blackberry OS apps my employer might have created. This container could read and write to either the personal or professional environment that invoked it.
Versatility: A native execution environment for Android, Symbian, Windows Phone, Debian, etc., to open up a whole world of apps, which again could be tied to the personal or professional containers respectively.
You may think that I'm a dreamer, but this technique is already being used on “ObamaBerry” style Android devices, and this would be an outstanding opportunity for RIM to demonstrate that security can and, in fact, must equate to usability.
Just think, a sexy black device, stainless steel, and lightning fast QNX environment with the ability to run applications from just about anywhere without worrying about repackaging or legacy support. A device that truly understands and isolates based on the real world requirements of dual-use mobility, backed with the solid security reputation and enterprise reception of Blackberry.
Put a halfway decent camera on it and I'd buy it. In fact, slap on a power-on pass code and RIM would have essentially resolved every enterprise concern I've ever heard about mobile devices.
Comments, contact security@acgresearch.net.
This phone managed my entire life, two jobs, a small business, and a long-distance relationship. Not to mention bills, bank accounts, passwords, bookmarks, schedule, social networking, recipes, music, family, and the GPS helped me finally find my way out of that damned paper bag. Still, I need a new phone.
My wife has an Apple iPhone 4, my friends all have iPhones or obscenely powerful Android devices, and I must confess I've coveted other phones. I love the Nokia’s N8 camera, but Symbian? Grappling with the menus is a full-time hobby. As for the iPhone, I know that Apple has made great strides, but I'm a security professional. I can't, I just can't.
If Cisco offered an ice cream sandwich powered mobile phone version of its Cius tablet with all the included connectivity, collaboration, and security goodies and with Three Laws of Mobility and all their enterprise-focused Android security extensions having been acquired by Google via Motorola, I would be very, tempted to jump ship.
I know what you're thinking. Blackberry Messenger (BBM) and the keyboard, thousands of revolutionaries and rioters can't be wrong (Have you ever tried to type on a touch screen while driving on a desert road, being shot at?). I admit those two things are great, but no.
1. Over a decade ago, I was handed a 1.44mb floppy disc and told “You have to check this out.” What I saw amazed me, a full operating system, kernel, device drivers, middleware, and GUI, a web browser, and visual text editor, a web server even —all in half the size of a typical MP3. I am speaking of the new Blackberry OS, QNX, an OS that held my fascination until I realized I couldn't run any of the applications on it that I needed.
It's ironic that RIM now finds itself in the exact same predicament, rumors of delays and one incremental update (with no legacy support or upgrade path) after another as they fall further behind because they can't port smoothly their native e-mail application to QNX.
2. Aside from my excitement over the potential of QNX, I love the idea of Blackberry Balance. The ability to separate personal and professional objects on the device is fantastic. It's about time somebody simply accepted the fact that mobile devices are by their very nature, dual-use and that this is a good thing!
Unfortunately, Balance isn't very good at what it aims to do. The more time I spend wondering about what is on that i-luv-u.jar file I found, the less productive I am. I know it might be malware, but come on, phones come and go; love is eternal. Until I can use my phone personally any way I want without regard to impacting the business uses/resources it's not truly living up to its obligations as a dual-use device.
How would I fix all these problems? By looking to the cloud: X-as-a-Service on the Internet and up into the literal sky where planes fly by virtualization. I know, normally my response to virtualization as a solution is “now you have two problems.” I really think this is a rare instance where there is value beyond the buzz, specifically, a separation kernel that allows deaggregation within a single device, a single chip even. Make no mistake, I am in no way implying that virtualization is a silver bullet. There are countless problems it cannot address. However, I believe this could address RIM's immediate and specific problems beautifully. As a general example, create some compartments:
Personal : For all my personal resources, friends' and family's contact info, personal social networking, private media files, and all the apps I want, even if they might contain malware and have been blacklisted by my employer.
Professional: This secure container would be managed by the BES as normal and would contain all my professional data and apps. It would not be possible for me to share this with my personal container, nor would it be possible for my personal container to share my personal viral friends with my coworkers.
Legacy: An execution environment for legacy apps such as the native e-mail application and any custom Blackberry OS apps my employer might have created. This container could read and write to either the personal or professional environment that invoked it.
Versatility: A native execution environment for Android, Symbian, Windows Phone, Debian, etc., to open up a whole world of apps, which again could be tied to the personal or professional containers respectively.
You may think that I'm a dreamer, but this technique is already being used on “ObamaBerry” style Android devices, and this would be an outstanding opportunity for RIM to demonstrate that security can and, in fact, must equate to usability.
Just think, a sexy black device, stainless steel, and lightning fast QNX environment with the ability to run applications from just about anywhere without worrying about repackaging or legacy support. A device that truly understands and isolates based on the real world requirements of dual-use mobility, backed with the solid security reputation and enterprise reception of Blackberry.
Put a halfway decent camera on it and I'd buy it. In fact, slap on a power-on pass code and RIM would have essentially resolved every enterprise concern I've ever heard about mobile devices.
Comments, contact security@acgresearch.net.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.