BlackBerry bets on IoT security for future value
BlackBerry continues its move away from devices and messaging as it looks to increase its activities in the Internet of Things sector. Yesterday the Canadian firm announced its Center for High Assurance Computing Excellence (CHACE) initiative, expanding its R&D efforts in security solutions. It said it was building on its long history in high assurance techniques, which included having its Mobile Device Management platform certified for use on US Department of Defense classified networks.
“There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue,” said David Kleidermacher, Chief Security Officer at BlackBerry, referring to the fail-then-patch approach to managing security risk. “Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws.”
Kleidermacher added that CHACE would extend BlackBerry’s expertise in vulnerability prevention and enable the application of high assurance security research to real-world products and services: “The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight.”
BlackBerry revealed that a number of organisations have already jumped off Kleidermacher’s hamster wheel and expressed support for CHACE. It said that it would also collaborate with the healthcare community, amongst others, to address security and privacy concerns for next-generation wireless medical devices and applications.
“Next-generation mHealth systems and IoT devices, such as the artificial pancreas for people with diabetes, can dramatically improve quality of life,” said David Klonoff, President of the US Diabetes Technology Society. “However, these wireless devices are inhibited from realising their full potential by an insufficient assurance of security and privacy afforded by current commercial development practices.”
Security for IoT
BlackBerry also announced that its Certicom subsidiary has launched a new managed public key infrastructure (PKI) certificate service for connected devices. It said this cost-effective service will help manufacturers and service providers secure their IoT networks and ecosystems, ensuring that the devices they connect are known and trusted.
Earlier this month, Certicom began issuing certificates for the UK government’s smart meter initiative, to support 104 million smart meters and home energy management devices that conform to ZigBee Smart Energy specifications. The certificates include Elliptic Curve Cryptography to protect customer data.
“Certicom’s application security framework implements strong device identity and supports role- and policy-based access control,” said Ryan Maley, Director of Strategic Marketing for the ZigBee Alliance, “allowing alliance members to provide customers with an enterprise-grade secure sensor network.”
The Certicom managed PKI certificate service is available to device manufacturers and service providers, whether on the BlackBerry IoT Platform or as part of another connected device ecosystem or private network.
“Strong cryptography and entity authentication are the foundation of IoT security,” said Jim Alfred, VP BlackBerry Technology Solutions, Certicom. “When you manage remote devices, you need to know that you can trust the devices and that your communications network is secured.”
BlackBerry further said it would acquire US and Israeli data security company WatchDox for an undisclosed sum. The firm’s technology will be used to enhance BlackBerry’s mobile security and give enterprises greater control over their files after data leaves their corporate networks. It will be offered as a value-added service for BlackBerry’s Enterprise Mobility Management portfolio.
“BlackBerry is constantly expanding the potential of data security,” said John Chen, BlackBerry CEO. “This acquisition represents another key step forward as we transition BlackBerry into the premier platform for secure mobile communications software and applications, supporting all devices and operating systems.”