Bob Egan, an analyst at Sepharim Group, advised IT managers worried about the future of BlackBerry to begin weighing alternatives. "That is not to say that enterprises should run overnight away from BlackBerry, but it does suggest that they need to proceed with far more caution and a consistent review of the [competitive] environment than...in the past," he said.
If they haven't already, organizations should definitely negotiate with Blackberry for end-to-end service level agreements, which could be used if BlackBerry service or security gets disrupted, he said. Also, he said the terms of the agreement must represent the views of any BlackBerry customer's business leaders and its IT, risk, procurement, compliance and auditing organizations.
For those IT managers who feel they "have no choice but to deploy and use BlackBerry," Egan said they are probably more constrained by the procurement rules of the organization than by actual security needs. While FIPS 140-2 certifications are widely required before government and financial organizations can make smartphone or server acquisitions, it isn't always clear what level of certification is required. There are four levels, with Level 4 the highest and most secure.
BlackBerry has posted listings on its website of security approvals its products have received, including a FIPS 140-2 validation certificate for BlackBerry OS version 10. But none of the site's validations indicate what level of FIPS 140-2 BlackBerry has achieved. A BlackBerry spokeswoman said that BlackBerry has attained end-to-end FIPS 140-2 certifications for all BlackBerry 10 products.
Some organizations won't need the highest level of FIPS 140-2 certification, Egan noted. What BlackBerry hasn't made clear is whether its end-to-end FIPS 140-2 certification is up to Level 4 for all components of a system. Customers need to evaluate whether they need the highest level of security and also request that BlackBerry provide a certification that indicates the security level under FIPS 140-2, he said.
"There is no question that BlackBerry has a strong technical security method and history -- probably the best in mobile," Egan added. Other companies are meeting certain levels of FIPS 140-2, such as Apple with FIPS 140-2 Level 1 for its cryptographic module in iOS 6, with the same modules used in iOS 7. Samsung's Knox approach also promises some FIPS 140-2 certification, while MobileIron, Mocanna and Appearian also have some FIPS 140-2 certified modules, he said.
"For any IT manager, it's imperative to evaluate mobile security solutions against two factors: technical risk and business risk," Egan added.
This article, Jokes aside, some IT managers say there's no option other than BlackBerry for security, was originally published at Computerworld.com.
Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His email address is mhamblen@computerworld.com.
See more by Matt Hamblen on Computerworld.com.