Kaspersky Lab’s Ryan Naraine had the most eloquent commentary on the news that Research in Motion (RIM) was posting first quarter losses (RIM stock was down more than 7% in trading by late afternoon Wednesday and has been down about 80% in the last 12 months). He simply Tweeted “Damn” with a link to a news article. I think that sums up the way most people in the security industry feel as we’ve watched the BlackBerry company’s rapid fall from profitability.
It is ironic, though not surprising, that the BlackBerry, with strong security capabilities, is rapidly losing market share at a time when mobile device security is becoming a genuine business concern instead of simply more FUD (fear, uncertainty and doubt) accompanying annual pronouncements of “The Year of Mobile Malware.”
RIM had enjoyed great success with mobile phones and a terrific management platform in what was by definition a closed architecture for its business customers. And that worked really well as long as closed was the way to go, particularly for the enterprise market. You issued some or all of your employees corporate BlackBerrys, and managed and secured them with Blackberry Enterprise Server (BES). It made great good sense as long as businesses — and their employees — were perfectly happy to standardize on a single phone vendor that already had robust management and security. No need to go to a third-party mobile device management vendor to herd cats in the emerging BYOD era.
But the iPhone/Android phenomenon has apparently moved too fast for RIM, or RIM has been too slow to react. More to the point, is that RIM is reacting, when in truth it had to be in the vanguard of the personally owned device trend along with Apple and Google, not trying to play catch-up, and rather badly at that.
Too late, RIM began opening up its management capabilities to third-party phones in a market that already has a number of established MDM vendors. At best, the move was likely to help retain existing customers rather than attract many new ones. Too late, perhaps, RIM pinned its hopes on the very long-awaited BlackBerry 10 smart phone to compete with next-next-generation iPhones and Droids.This latest bad news follows a similar plunge in January, when RIM announced a long delay in the introduction of its company-saving smart phone line. The outlook for the business is not good, and analysts are apparently pessimistic about the prospects for RIM, BlackBerry 10, or even an advantageous acquisition by Microsoft, Amazon or other potential buyers.
This is all bad news from a security perspective. Smart phones have become powerful little computers with lots of storage space for potentially sensitive data. Mobile malware is rising sharply, though the numbers are still quite small compared with the millions of unique malware samples we are seeing on the PC side. A thriving illicit business is growing around unwanted premium SMS messaging. Android is plagued by malicious applications, particularly from unmonitored unauthorized market sites.
And enterprises are struggling to develop policies and procedures around personally owned smart phones and tablets, and manage them and enforce policy with manual controls or an MDM product.
Security, meanwhile, has been a strong point for BlackBerry. Through BES, RIM offers all sorts of security capabilities, including application control over corporately managed BlackBerry’s encryption options for data on phones and in transit, keys, email and SMS messaging. It supports multifactor authentication and controls Bluetooth and Wi-Fi.
RIM’s misfortune continues to be distressing news in the security community, but security is not what is dictating the mobile device market. All we can do is urge enterprises to consider the value proposition RIM offers, the reduced security risk and the management capabilities for BlackBerry and extended to third-party smart phones. At the least, if RIM fails, perhaps the emphasis on strong mobile security will survive as we become increasingly dependent on our smartphones and tablets.