Bye bye BlackBerry, it's software not hardware that will secure mobility, says Good CEO

Christy Wyatt tells Computing why she believes a focus on securing the device rather than the data on it is the wrong approach

A quick perusal of BlackBerry news stories so far this year reveals a generally optimistic picture, especially compared with 2013's headlines. Supporters point to new CEO John Chen's determination to get back to basics with a fresh focus on the enterprise rather than trying to please the fickle consumer, the pursuit of which many believe was instrumental in the Canadian smartphone vendor's dramatic fall from grace. Indeed shares in the company have risen this year as investors bet that the company has at last hit the bottom and is beginning to extract itself from the wreckage.

Whether it will succeed in the long term is another matter. After all, much has changed in the world of enterprise mobility since BlackBerrys were the only fruit, and most evidence points to organisations moving away from the BB platform towards the ubiquitous i-Devices and their Android counterparts.

In September last year, analyst Gartner publically recommended its clients to "take no more than six months to consider and implement alternatives to BlackBerry". With this sort of sentiment in the market place, Chen's success in reversing BlackBerry's fortune certainly cannnot be guaranteed.

One competitor who is betting on it not succeeding is Good Technology, which is offering a free migration programme for companies moving away from BlackBerry.

"A lot of customers have been moving their devices away from BlackBerry very slowly, and really all we're seeing over the last two quarters is a great acceleration of this process," Good CEO Christy Wyatt told Computing.

BlackBerry's problem, as Wyatt tells it (and of course she does have a rather substantial dog in the fight), is that its security is rooted in the devices themselves, rather than the applications and data running on them.

"BlackBerry's solution was about managing hardware. But as people wanted to start using different kinds of phones then the solution became 'how do you do that same kind of management on different devices'," Wyatt said.

"Their approach, and that of other MDM [mobile device management] companies, is 'if I manage the phone I'm going to be secure'. We strongly disagree with that philosophy. Our philosophy has always been 'secure the data'. Managing the phone and securing the data are completely different things. Our solution has always started with securing the data, with encryption, with built in network control."

This software-based approach, Wyatt said, is more in tune with the way that organisations and individuals operate today.

"We believe that if you start with the data then you have a flexible platform that addresses not only the employee driven models like BYO, but we also have customers that are using our technology to enable their supply chain, procurement vendors and brokers of their services, because I can push an application and secure the data without having to take over your phone."

BlackBerry's bulletproof security is what made it great and secure messaging continues to be key to its appeal, but Wyatt said software has caught up.

"For a long time you were forcing users to use certain pieces of hardware because that was the only form of security. When we delivered Evaluation Assurance Level 4 (EAL4+) people said, 'OK now we have a solid alternative'. I also think that CIOs and the broader IT organisation realise that creative users will send their data to where they are going to be most productive, and if they don't give them flexibility in devices and tools create a great user experience they'll be less productive - and they're going to experience more data leakage not less."

[Is VDI an alternative? Turn to next page]

Bye bye BlackBerry, it's software not hardware that will secure mobility, says Good CEO

Christy Wyatt tells Computing why she believes a focus on securing the device rather than the data on it is the wrong approach

Another problem with a hardware-based MDM approach, Wyatt said, is that it leads to difficulties in defining lines of responsibility with BYOD and other scenarios where work and play are mixed.

"You get into a very complex conversation around who gets to delete the picture of your children if you lose your device," she explained.

"It's all about liability: who is liable for the naughty applications on the device? Who's liable for the bad things that happen to the device? And if to secure my own data I harm some of yours who's at fault? Clearly the device is not the right level to solve the problem. If you're trying to segment data you have to take a data level approach."

An alternative approach to mobile security, virtual desktops accessible on any device (as offered by rival Citrix and possibly later in view of its purchase of AirWatch, VMware), also gets short shrift from Wyatt.

"Even in the desktop space with a full keyboard and cable access where the experience is the best it's ever going to be, most users say they're pretty unhappy because of the latency, the response time. So try to apply that to mobile where the device is moving, the data is irregular, she said.

"We're not trying to create a corporate world versus a personal world," Wyatt continued.

"Whoever is the owner of the data can publish applications in a very natural way, and the applications - invisible to the user - are secure and protected by policy. So the data owner gets to decide: will my data be accessible on a jail-broken device or not? That can be decided at an application level not at a phone level."