As BlackBerry executives sketched out the mobile pioneer's revised
enterprise strategy at a press and analyst briefing yesterday, I got
more and more frustrated at the superficial presentations, the vapid
happy talk with "special guests," and the "mobile is a war zone" sales
pitch for its latest mobile management server, BES12.
trated with BlackBerry for several years, first by the stubborn, head-in-the-sand idiocy of its founders that almost destroyed the company, then new CEO John Chen's mixed messages
about whether BlackBerry was retrenching to a tiny market or growing
the company in new areas that leveraged but was not caged by its
technology roots.
Despite
that frustration, I'm more optimistic about BlackBerry than I have been
in a long time. I am finally seeing evidence that it is figuring out
how to leverage its expertise to grow in new areas. That cautious
optimism comes from the good hour I spent after the superficial event
with a bevy of technology managers at BlackBerry to find out what their
new technology actually does — and doesn't do.
Some of what
BlackBerry is doing is worth considering for adoption in your
enterprise, and some is not. Some is stuck in a pre-iOS 4.2 mindset
(devices are either BlackBerry or insecure) that is simply not valid,
whereas some is truly forward-thinking
Let me walk you through
the key technologies that are here or coming soon and show which reflect
the old BlackBerry and which reflect the new BlackBerry.
(Unfortunately, both BlackBerrys still exist.)
BES12 is both old and new
There's not much new to say about BES12 itself
since its original February 2014 announcement: It better supports iOS
and Android, adds support for Windows Phone (only for less-advanced
features, due to Windows Phone's own limitations), cleans up its complex
user interface, integrates the formerly separate management consoles,
and gets rid of the old "hot server/cold server" approach in factor of a
dual-hot-sever for high availability and scaling.
Now shipping,
BES12 awkwardly mixes per-device pricing for core features and per-user
fees for new features. Ironically, one of the pitches BlackBerry execs
made yesterday was that BlackBerry manages users, not devices -- except
when it doesn't, obviously. BlackBerry
The BES12 pane for managing an iOS device. Each device has its own
because even when they share policies, their constraints often differ,
so policies can't be realistically provisioned across multiple device
types. What's interesting about BES12 are the new uses outside of well-known device management that it enables, as I describe later.
BlackBerry will support Samsung's Knox in BES12 — so what?
The
deal between BlackBerry and Samsung is where the two BlackBerrys come
together. Samsung's Knox management service uses an approach similar to
BlackBerry's: It builds some security directly into the hardware, then
creates an integrated security stack that goes to at least the
user-facing OS and some apps. (BlackBerry extends that stack to the
network via its network operations centers installed at carriers
throughout the world, that creates essentially a global VPN. Knox does
not.)
BlackBerry's integrated security stack is why it remains the most secure mobile platform on the planet,
the only one trusted for use by presidents, prime ministers, and senior
defense and spy officials. Samsung hoped to get some of that market, or
at least the next level of folks, by having a similar, if smaller,
stack via Knox on its own hardware.
But Knox has been a market failure,
partly because it didn't work as advertised (security is not Samsung's
expertise) and partly because it's available for only a handful of
devices, not for Android at large. Samsung hoped Knox would make its
Galaxys the corporate Android standard, but that didn't happen. Now it
won't because Google has decided to build in a similar — though less
capable — security stack into Android Lollipop via its as-yet-unreleased Android at Work technology.
So, around the time Google shoved Knox to the side,
Samsung and BlackBerry began discussing a partnership, since BES is
designed to work with a security stack like Samsung's, and most
companies have BES in use. That's a forward-thinking partnership for
both.
I wouldn't expect anything to come of it. After all, Samsung
opened Knox management to other mobile management vendors, with nothing
to show for it. BlackBerry and Samsung argue that because BES uses
those secure network operations centers, BES-managed Galaxys should be
more secure than those managed by Samsung's own mobile management server
or that of another Knox-capable management server.
BBM Meetings might finally make online meetings work
The
announcement yesterday that excited me most was BBM Meetings, a hosted
meeting service for BlackBerrys, Android phones, Windows PCs, Macs, and
soon iPhones. (There's no native tablet version for Android or iPads — a
dumb omission that should be corrected pronto.) It's available now and
costs $12 per host user per month.
There are dozens of meeting
systems, so who needs another one? I do. My company uses Microsoft's
Office 365, but Lync is so unreliable and awkward that we had to bring
back Citrix's GoToMeeting. Like Cisco's WebEx, that tool is OK, but it
litters your application folder with endless variants, seems to require a
new download for each meeting, and doesn't integrate well with
calendars.
Plus, the demo of BBM Meeting showed a much nicer
interface for presenting and taking meeting "calls" than I've seen
elsewhere. Even better, BBM Meeting does not require you to use BES, so
you can test it out no matter how you manage your mobile devices — and
even if you don't.
BlackBerry
BBM Meetings supports video chats (left) and text chats (right) on BlackBerrys, iPhones, Android phones, Windows PCs, and Macs. Online meetings is an area where a better mousetrap is needed. Maybe BBM Meetings is that better mousetrap. We'll see.
Speaking
of BBM (BlackBerry Messenger), no, it still doesn't allow simultaneous
active sessions across multiple devices, such as on your phone and
tablet. You have to sign out of a device to sign into another. Sigh.
Carry less because VPN authentication uses your phone as a token
If
you use a hardware token like SecurID for second-factor authentication,
you know what a pain it is to always have that device with you, and to
be able to read its code in dim lights. Why can't your phone be that
second factor?
Well, it can — a lot of services will text a
one-time code to a phone number, but that's not as secure as a hardware
token, and it's still not very convenient. BlackBerry has an approach I
like: Your phone is the second factor, and it doesn't need to send you a
code.
VPN Authentication by BlackBerry (awkward name, I know)
takes advantage of the fact that BES12 manages employees' iPhones,
Android phones, and BlackBerrys, so it knows which devices belong to
which employees. It doesn't need a code to confirm who the recipient is —
the managed phone itself provides that validation.
The user does
have to tap an acknowledgment to gain access, so VPN tunnels are opened
only affirmatively. As always, the user has to have the VPN access and
credentials on the computer, tablet, or smartphone they are accessing
the VPN from — that doesn't change.
The notion of mobile devices
as hardware tokens makes a lot of sense to me. I'm not alone: Google is
using the same concept in a different way — using an Android phone as a
car fob replacement. So is Apple — as a credit card replacement. It's good to see BlackBerry find another use case for the concept.
The VPN feature will be available in December for an extra fee
per BES-managed user; pricing depends on the service bundle you get.
Pre-federate and manage user IDs with cloud services
VPN
Authentication by BlackBerry isn't the only new BES12 optional service
that leverages the knowledge in BES12 of who's a user. Enterprise
Identity by BlackBerry does, too.
Using SAML connections,
Enterprise Identity can pre-federate your user identities, such as those
in Active Directory, to cloud services that your company might provide
employee access to, from Salesforce.com to Box.
Lots of companies
offer such identity connectors, but the appeal of doing it in BES is
that you already manage BES, so you reduce the number of tools to keep
up to date. Remove a user from BES because she left the company, her
credentials at Salesforce are revoked at the same time. Ditto with
updates such as to password — you can use Enterprise Identity to enforce
not only password standards but also bring single sign-on to those
outside services.
Enterprise Identity also will be available in
December for an extra fee per BES-managed user; pricing depends on the
service bundle you get.
One phone, two lines: A good idea that probably won't work
Finally,
BlackBerry previewed something called WorkLife, which is a set of apps
that you can operate in business or personal mode. Specifically, you can
tell it when a call, text, or data connection is personal or
business-related, and BlackBerry will allocate the costs between your
personal account and your business account.
Although there's a lot of misunderstanding of a recent California court ruling
that said employers must pay their fair share for required usage of
employees' personal phones, many companies want to separate the personal
and business expenses accurately for accounting reasons, without the
high cost and hassle of reviewing expense reports. And many employees
want to stop subsidizing their employers' telecom costs.
In
the case of phone calls and texts, that means you can have separate
numbers on the same device. That's a big deal for users who don't want
to carry multiple devices but also want to be accessible without giving
up personal numbers to business colleagues. Enterprises likewise should
want to encourage customers to use employees' business numbers, so if an
employee leaves the customer can still reach the company easily.
I
love the concept, but it's a service that the carriers will deploy —
which likely means it won't work well. Already, BlackBerry admits that
service works only if the business and personal account are with the
same carrier — an uncommon occurrence in a BYOD environment. And it
hasn't fully worked out how this feature will work in iOS.
You can
bet that carriers will charge a premium for this service if they make
it available, or otherwise make it unappealing, such as by requiring
everyone at a company simply use them. That's what they do whenever they
get the chance.
This carrier centrism unfortunately won't change.
BlackBerry has a long history with the carriers — it needed their
support to set up those network operation centers, after all — and that
tight relationship is a key reason BlackBerry meets the most stringent
security requirements.
Nor is BlackBerry in Apple's position,
where it can force carriers to treat everyone fairly. Apple forced
carriers to let Apple control iOS updates, which is why we all get those
updates at the same time no matter our carrier or device model. Apple
also forced carriers to provide pay-as-you-go service for cellular
iPads, which is why you don’t need a contract for those tablets.
BlackBerry 
BlackBerry 
Hello, my name is Mohd Azahar. I'm a self-employed Pivrate from the India.
No comments:
Post a Comment