first_imgWhile Blackberry commands a shrinking fraction of the smartphone market share, it has an incredibly diverse install base because of its proliferation in the enterprise sector. Corporations, small businesses, and governments from around the world use Blackberry devices in their respective environments.A diverse install base and enterprise adoption means that Blackberry has to deal with a vast spectrum of threats: from third party apps that intrude into a user’s privacy, to government requests for decrypted BBM traffic, and everything in between.Because Blackberry deals with such a diverse array of threats, and platform security is paramount to the brand’s reputation, the company has an internal Security Incident Response team. This team is staffed 24/7 and takes the lead on any threat to the Blackberry ecosystem that emerges.Last week at CanSecWest in Vancouver we got a chance to sit down with Adrian Stone, Director of Blackberry’s Security Incident Response Team, to discuss some of the unique challenges his team faces.Question: What keeps the Blackberry SIRT team up at night?Answer: Vulnerabilities in our product that were not reported directly to us. If we hear evidence of an exploit in the wild, or a vulnerability that’s being talked about that we didn’t have a read on.What kind of threats are the most challenging to deal with?Dealing with third party app ecosystem. We’ve been fortunate at Blackberry because we haven’t seen the systemic issues with malware that have plagued competitors. However, it’s still something we deal with a lot.Today we released a privacy notice to let our customers know that here’s an application that’s not malicious — it’s not malware —  but it’s doing some things from an information perspective that we’d like our customers to know more about.Thats an area we’re investing a lot of time with. We’ve launched a collaboration with Trend Micro for app vetting.Governments are amongst Blackberry’s largest enterprise clients. What happens when a government makes a request that isn’t in the interest of another client? What sort of challenges emerge?Our policy at Blackberry is that we protect the larger ecosystem. That’s our goal. We’ll never look to be put in a position where one government is necessarily in a disadvantageous sort of situation given some of the dynamics that are out there. Obviously all of our government customers have some pretty significant requests or demands, and we start from “What is in the interest of our broad customer base? Not just government A, B, or C”. There’s been a lot of coverage in that space over the last year.What’s the process of response to the discovery of a threat?The SIRT team is staffed 24/7. When we see an alert that comes in through a result of our analysis capability, or watching communication, or watching the press, the team immediately starts working to determine the technical facts and severity of the situation. We also work with the response communication team to make sure we inform customers at a regular very quick sort of cadence so they understand what’s happening. We want them to have situational awareness. Once we determine the severity and impact, it it meets our criteria for a fix, or some type of engineering resolution, we move into our release phase.[Unlike other vendors at CanSecWest] Blackberry doesn’t have a compensation for exploit program, but it sponsors pwn2own and mobile pwn2own. We believe pretty strongly in the research community [and work with them in various ways]Why is Blackberry the most secure system for enterprise clients?Our customers require a unique level of protection. The way we communicate to customers, the level of transparency we’ve developed over the last couple of years that gives our customers timely information that allows them to form their own risk assessment and take their own action.I also think that BB10 features like “Balance” that creates a segmented user and work space and within that work space. All of the information in the workspace area of the device cannot be transferred into the user space.Some features won’t work in the workspace, like emulating Android apps. So what does that mean? You’re less likely to have your corporate data exit out unintentionally through the user’s personal email, or social media. We provide a very unique level of protection through communication, engineering capability, and giving enterprise customers the controls that they need to manage risk.last_img