That containerization approach is used by the major MDM competitors, and BlackBerry brought it to iOS and Android only last week in its BES10.2 update. Now, with the BES10 update announced last week, that secure workspace is available for iOS and Android Jelly Bean versions 4.3 and higher.
Plus, the secure workspace is managed via a BlackBerry network operations center (NOC, pronounced "knock"), long a key reason for BlackBerry's unmatched device and data security. Using a NOC means you don't have to worry about setting up, configuring, and managing VPNs or worrying whether apps use them. Before connecting to your corporate systems, all communication goes through a NOC, which BlackBerry manages both directly in its data centers and in carriers' operations centers. It's a managed network that doesn't exist in the world of other MDM platforms, which secure the server side and the client side but not so much the connection between. BES10 brings the NOC's security to Android and iOS for both workspaces and OS-level communications such as their notification services.
The secure workspace approach is less obtrusive than the BlackBerry 10-only Balance technology, which creates two workspaces that users switch between: one unmanaged personal one, and one managed business one. But Balance gives you more control. And for organizations that find that even Balance gives users too much freedom from auditing and management, BlackBerry now offers the option of the regulated workspace, which basically is the inverse of the regular secure workspace: The entire BlackBerry smartphone is managed except for a container that users can run a few personal apps in.
Neither Balance nor regulated workspaces are available for iOS or Android, and that brings us to why Obama can't use an iPhone even if it were managed by BES10 with Balance or a secure workspace connecting to the federal servers via a NOC.
In addition to the security mechanisms in BlackBerry OS itself for managing, auditing, and securing data, apps, and device hardware such as cameras, a BlackBerry has several layers of hardware security in its components. This allows it to have a hardware-based sigature that can't be spoofed as well as hardware-level encryption, says Jeff Holleran, senior director for enterprise product management at BlackBerry. An analogy is the Trusted Platform Module (TPM) used in newer PCs and required by Microsoft to enable encryption on Windows 8 devices. But Holleran suggested that the embedded hardware signature in a BlackBerry when coupled with the security measures in the BlackBerry OS, its network, and in its management server creates a stack of authentication.
What all this means is that even though BES10 could protect the data and the apps in Obama's iPhone, it couldn't provide the same level of asurance that it is Obama's phone because it can't communicate with the hardware. Even if iPhones or Android devices had such hardware-based signature and related security mechanisms, BES10 couldn't access them unless Apple or the Android maker opened them up, which would introduce a possible vector of attack. Holleran says creating such a multilayered defense is difficult, and BlackBerry's been doing it for years. He contrasts that with Samsung's woes in getting its similar Knox hardware-plus-software approach to work on its devices.
The Secret Service is betting that Samsung can make Knox work for at least a few devices, and if it does then maybe Obama could trade in his BlackBerry for a Samsung Galaxy S4 -- if he wants one. (The president and his family are avid Apple users, with Macs, iPads, and so on.) But that bet is no sure thing. If Apple could deliver something similar to BlackBerry's hardware-level security, it hasn't chosen to do so.
So, expect Obama to be using his BlackBerry until his term ends in January 2017. And perhaps we can expect companies that need sub-Obama-level security to put BlackBerry back on the list of providers to deliver it -- whether on BlackBerry, Android, or iOS -- now that the company has brought its various pieces into a more rational, unified package that better showcases its historic strengths in today's modern mobile world.
This article, "The real reason Obama can't swap his BlackBerry for an iPhone," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.