Why Samsung won't beat BlackBerry in the mobile enterprise
Earlier this week I was asked to review the Samsung SAFE offering, which is being rolled out to make Samsung's Android phones more acceptable to the enterprise. SAFE reminds me a lot of what vendors from Netscape to Sony did to address what they thought were enterprise needs and often showcased without actually speaking to their own IT organizations.
The issue comes down to the general tendency for technology companies to be run by engineers with no IT experience and therefore no real clue about what a business IT organization-including their own-actually does.
IT, when done right, is largely transparent. As a result, it's often taken for granted. This makes it hard to build products for IT without engaging IT and hiring people with significant IT experience to work on the effort.
BlackBerry: Keeping IT in Mind From the Beginning
BlackBerry started with businesses as its primary customers. Then known as Research in Motion, the company initially brought the two-way pager into the mainstream-and, unlike today's typical smartphones and tablets, these actually entered the market as executive tools, not consumer products. From the very start, the company had to learn what IT needed and how to protect top executives. These were lessons hard learned.
Look at BlackBerry security efforts, then, and you see that they start and end with targeted IT needs. BlackBerry ties its systems into IT policy, assuring that IT can easily get the devices to conform. This is critical; IT doesn't have the time to manage everything that's currently on the table, and BlackBerry is designed to assure compliance without significantly increasing IT overhead.
One of the most talked-about problems since the introduction of the smartphone is separating personal and corporate information. This is because IT doesn't want to deal with personal apps and files, and users don't want IT seeing their personal stuff.
BlackBerry separates the environments on its devices, giving the user his own space and letting IT manage and secure the business information under its control. This is unique in the market-and it was driven by IT demands for this feature.
When developing its unique tablet, the BlackBerry PlayBook, the company tied it to its overall security framework and sandboxed the apps so they can't do hostile things. Looking at the overall nature of email and application attacks, BlackBerry created permissions and monitoring components that directly address the damage these attacks can cause, even though BlackBerry platform is generally less likely to be attacked than one of the consumer platforms.
Samsung: Start With an Insecure Platform, Bolt on Security
Samsung, in contrast, created SAFE. The company started with Android, the only platform actively being blocked by IT organizations due to security concerns. I was at an event last year where McAfee showcased that an Android phone can be remotely attacked, put into a loop, overheat and catastrophically fail.
Meanwhile, Kaspersky recently discovered spy software that turns on the microphone of the Android devices, recording what's being said in the room. Finally, SophosLabs documented five classes of hostile Android apps. Some, once installed, automatically install additional apps, send identity information to the attacker, or hijack social network accounts.
So Samsung started with a platform that, by any reasonable measure, provides inadequate security for personal use, let alone business use. Ideally, to fix the problem, the company should have done what Amazon did with the Kindle and forked the code, creating a unique and more secure version of Android that wouldn't be as vulnerable.
Instead, Samsung went with mobile device management (MDM) -- which, in the case of a vulnerable platform, only makes IT more responsible for adverse results but doesn't address the core security problems. The company implemented encryption, which can protect the files unless a user's identity is stolen, which unfortunately is the purpose of much Android malware. Samsung also installed a VPN, which actually makes a compromised device more dangerous, because VPNs tunnel through the perimeter security of a business, potentially granting even greater access to the attacker. Finally, the company made email connectivity improvements, which also giving an attacker greater access via a compromised phone.
A decade ago, I designed and built large-scale web applications for companies all over the world. Using the cloud and mobile technologies available today, I would've built it faster, better, and less expensively -- and quite, quite differently. Here's how the world has changed in the last decade.
We are entering unchartered territory when it comes to surveillance because of information broadcast from our smartphones even when they're off. Right now, it's the NSA collecting this data, but as computing power gets ever cheaper, it could be your local police or even the store you just entered.
It turns out that most IT departments no longer want to buy, install, and run software on their own servers, and the ancillary benefits of the cloud -- like easier mobile access for workforces that combine full-time employees and contractors -- seal the deal.