BlackBerry Security Summit: security with usability

The Canadian company now licenses its mobile keyboard technology to third-party device providers like TCL Communication and still has plenty of legacy devices in the field (an estimated 8 million), but is increasingly known for its software solutions that enable everything from mobile operating systems to enterprise solutions to automotive intelligence and fleet management.

A hallmark of the presentations on the first day of the conference was not only more cyber-secure solutions but enabling people to use them securely. CEO John Chen acknowledged in his opening keynote that there is no such thing as a perfectly safe solution — only as safe as you can possibly be under the circumstances. “Mobile security is a cat and mouse game,” he said.

Chen’s opening presentation was followed by a series of BlackBerry customer stories and case studies (images below), including one from Thomas Farley, president of the NYSE Group, who remarked that at the New York Stock Exchange, cybersecurity awareness is constant. “We think about it all the time,” he said. The NYSE takes a three-factor approach, according to Farley: Try keep the bad actors out of their networks; assume they’re already in there; and that the biggest threats are insider threats. Farley quizzed conference attendees about whether or not they administer phishing tests to their employees as a precautionary measure. Only about half raised their hands.

Chen later elaborated in a Q&A session with media that “the No. 1 security breach at any company is from within — it’s about 80 per cent. Attacks from the outside are only about 20 per cent.”

On Day 1 of its conference, BlackBerry released survey results based on data from 200 IT professionals working in the financial services industry. The reported indicated that more than one-third of employees working at those organizations use file-sharing applications not approved by IT, and more than 25 per cent of respondents said a security breach had been caused by accidentally sharing sensitive files. Another major concern was the amount of crossover between business and personal devices, as well as the use of personal email accounts in a business context.

Chen highlighted the value of employee education and a sound network architecture. “In order to address those [architecture] issues, enterprises have to re-architect a lot of their application architectures and accessibility, either through the network or through the mobile infrastructure.”

He also spoke of the importance of creating a secure environment than does not unnecessarily hamper workplace productivity. “What I see is a constant tug of war between usability and security. On the one hand, you want a system that is completely safe. On the other hand, you want a system that is productive. [Productivity] has to tie to individual usability.”