1
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
THE SECRET
INGREDIENT
IN MOBILE ROI
Why Security is Paramount in EMM
Whitepaper
Whitepaper
Brochure
2
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
The Secret Ingredient
in Mobile ROI:
Why Security is
Paramount in EMM
If you’re in IT, whatever your role or seniority level, you know that security matters
in Enterprise Mobility Management (EMM). And you don’t need another reminder:
they spring up every time you catch up on industry news. Another breach.
Another hack. Another brand struggling to minimize the damage. You hope it never
happens on your watch. But hope isn’t enough, so you work hard to make sure.
And yet those nagging questions keep re-surfacing: Have we done everything we can?
Where’s the weak link in our chain? What’s the worst that could happen – and will it?
Meanwhile, your organization is full of stakeholders whose agendas are
focused on business enablement, productive user experiences, ROI and
TCO. They tend to think of mobile security as a barrier. But with the right
EMM solution in place, security can actually facilitate these very goals.
Let’s look more closely at what three key stakeholder groups need
from mobile security, whether they realize it today or not.
3
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
1. What mobile security should
enable for business decision-makers
When it comes to mobility, business
decision-makers (the senior executives,
VPs of marketing and sales and so on)
are focused on how to make the most of
it. How to allow more workers to perform
higher-value tasks from anywhere, at any
time. How to keep workflows moving.
How to provide more immediate results
for customers to drive more business.
How much do they care about security?
It depends – they know that breaches
can impact the brand, which can in turn
impact their ability to sell or market.
But on the other hand, they don’t
want security getting in the way.
Today, these leaders are focused
on apps. They’re happy to say yes to offthe-shelf apps from key vendors, especially
when those apps are mobile extensions
of familiar desktop experiences, like
LiveLink, Microsoft® Office or SAP.
But increasingly, they’re looking to create
customized apps that allow their teams to
carry out the highly specialized jobs that
drive business value. Sometimes these
are simple tools: an app that allows a field
service rep to request new parts or submit
an issue resolution report.
Sometimes, they’re complex tools: an app
that uses machine-to-machine integration
to notify a sales rep when stock is low,
CRM integration to tell him about the
customer, and GPS data to tell him the
best time to turn up.
Either way, how these apps are built
matters. They need to run on multiple
device types, without costing a fortune
in development expenses. The data they
move is, more often than not, sensitive
in one way or another. Why is security
paramount here? Because without
a secure underpinning, these apps can
never see the light of day. That’s especially
true for regulated industries, but still the
case for a standard sales organization
that doesn’t want to incur the damage
that comes from a leak of customer data.
The stakes are simply too high. You need
an EMM platform that makes it easy to
create, manage and secure each and
every tool your teams require.
Business leaders are also looking for
better mobile collaboration solutions.
All too often, users dodge the enterpriseapproved solution IT has in place, in favor
of informal consumer options like the
Skype app they have on their smartphone.
That’s simply not acceptable from a
security standpoint. Business leaders get
this – they don’t want their trade secrets
compromised by consumer-grade tools.
What their enterprise needs is a
solution that gets the thumbs up
from users, and ticks the boxes
from a security perspective too.
Smart business decision-makers are also
hunting for tools and solutions that simplify
and streamline processes. Employees
burn a lot of time with simple tasks like
logging in to the network via VPN. They
waste precious minutes shifting files from
one device to another and consolidating
notes and conversations that are
happening in various tools and apps.
All of this has a negative impact on
productivity for mobile workers. Business
leaders want to securely enable a shift
to highly productive mobility. That’s
been the promise for some time, and
they want it to become the reality.
4
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
2. Leveraging security to
create value for end users
Like the business decision-makers they
report to, users across most organizations
care that mobility lets them do what they
need to do, wherever, whenever. But
they have another agenda: they don’t
want to carry two of each device – one
smartphone for work and another for
their personal lives. They want a great,
unified experience on a powerful device.
What does security mean to them?
For one thing, it means personal privacy.
They don’t want their content unduly
exposed to the business. And they don’t
want to be responsible for a security issue
– that would have long-lasting career
impact. But, like their business leaders,
they don’t want security getting in their
way. For many employees, at the end of the
day, security is IT’s problem. Another key
point about users: they’re not all the same,
by any stretch of the imagination. Even in
non-regulated industries, there’s a real
difference in security requirements from
the CFO to an intern, though both may
have their devices managed by the
same MDM/EMM platform.
Whatever their seniority level, users
are notoriously cavalier about security.
In many cases, they view IT as a barrier
to get around. Strong mobile policies and
training are a start, but research shows
that some deliberately flout the rules –
particularly if they believe they’re doing
their best for the business. Like those who
save a sensitive file to a public cloud-based
storage site because a presentation is
too big to email to a colleague who needs
it right now. This is the domain of what’s
called ‘rogue IT’ or ‘shadow IT’, an offshoot
of consumerization, where users help
themselves to the tools and apps they feel
they need for work and don’t bother to ask
permission or even let IT know about it.
This is the year that shadow IT will
truly rear its ugly head for organizations
that don’t get a handle on it soon.
While some users willfully go rogue, others
are simply ignorant or naive. Like those
who accidentally paste work content into a
personal social media app. Either way, you
need an EMM solution that helps you stay
protected even when users aren’t on-side.
To prevent the deliberate workarounds, you
need to enable access to productivity and
collaboration apps with the features users
are looking for. That means you need a way
to distribute those apps to the right users,
manage them throughout their lifecycle,
and retire them when they’re no longer
useful. You need to make sure those apps
are secure, because they’re very likely to
store and transmit sensitive data. You need
ways to get a grip on rogue IT practices.
And you need to do this regardless of the
device platform, because chances are,
your users are running iOS, Android™,
Samsung KNOX, Windows® Phone and
BlackBerry devices. Meanwhile, for those
users who make innocent mistakes, you
need built in Data Leak Prevention (DLP),
to isolate work content and prevent it from
being shifted into personal channels.
What about the user experience question –
the idea that to keep users happy, you
have to stay out of their way? You can’t
control the user experience their device
delivers, but you can control how your
MDM or EMM solution impacts it.
To meet security requirements, will your
containerization technology force them
to enter a passcode for everything they
do? Provide them with an email app that
strips out many of the features they relied
on in the native email experience?
Force them to run multiple calendars?
Because if so, security is starting to
step on productivity’s toes in a very
tangible way. And that’s a problem.
What about privacy? If you’re managing
your users’ BYO devices, do they know
what IT can and can’t see or do? If they
leave, will you have to wipe their personal
photos and documents? Whether they’re
expected to bring their own device, or use a
corporate-owned device for their personal
lives, your teams need to know that what’s
theirs is theirs (within reason, of course,
and as outlined in your mobile policy
guide). Otherwise they’re back to carrying
multiple devices. How can you convince
them their privacy is intact? You need a
solution that separates work and personal
clearly, and as seamlessly as possible.
USER COMPLIANCE IS A PROBLEM
IN GOVERNMENT AGENCIES, TOO
A recent survey suggests that almost
1 in 2 federal workers in the US is not
practicing several essential security
practices designed to protect data.
The ‘2014 Mobilometer Tracker’ also
suggests that government agencies
remain vulnerable to hacking through
lost or stolen devices, and that the
risk of data breaches as a result of lax
security practices is likely to grow as
the number of employees dependent
on mobile devices rises.1
5
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
3. What security can
enable for operations
The procurement team is tasked with
making sure the business gets what
it needs at the right price. In some
ways, they have visibility into the
various demands of EMM. Working
with IT, they see the importance of
manageability and security; working with
lines of business, they understand the
importance of business enablement.
But their focus, by definition, is on costeffectiveness and value for money.
Operational efficiency. Total cost of
ownership. Return on investment.
Vendor trustworthiness. Integration with
existing systems and new ones soon to be
required. Post-implementation support.
Regulatory compliance capabilities.
Clear demarcation of who’s paying for
what, in the case of BYOD scenarios.
These are among the items at the top
of the list for those looking out for the
operations side of the mobility equation.
When it comes to EMM solutions,
there’s a lot of data to sift through.
A typical RFP today contains literally
hundreds of questions, from the vendor’s
accessibility practices to granular
specifics on mobile IT policy controls.
Multiply that times 3 or 4 vendors on a
shortlist and it’s easy to see why EMM
decisions often take months to make.
Whether you’re accountable to
shareholders or constituents, doing the
most you can for the least amount of
money simply makes sense. To meet
your security requirements, will your
EMM choice result in additional hidden
costs? Will security require unforeseen
training costs for IT and your help desks?
BlackBerry offers the most cost
effective cross-platform EMM
solution on the market, according
to the Strategy Analytics EMM Total
Cost of Ownership (TCO) report.
The report compares BlackBerry
solutions against 5 other Enterprise
Mobility Management (EMM)
vendors: AirWatch (VMware), Citrix,
Fiberlink (IBM), Good Technology,
and MobileIron, for both commercial
and regulated levels of security.
Will the security you need force your
staff to learn new steps and processes
on the devices they already use?
Will existing or new enterprise security
services (such as identity and access
management tools) integrate easily
and seamlessly with the EMM solution?
Will your security requirements
unexpectedly force you to engage outside
support, post-implementation, or will
the vendor be there to help, in all relevant
locations? Will your migration expose you
to security risks you didn’t account for?
You need a solution that will help you tick all
the boxes you need to, and help you prove
you’ve done so, especially if you operate
in a regulated industry like finance or
healthcare, or within a government agency.
6
BlackBerry security:
The right foundation for
business enablement
BlackBerry is the epitome of secure
mobility. We believe security matters in
and of itself. But we understand, too, that
having the right security in place is the
only way businesses and governments
can truly enable collaboration and
productivity. And that users can never
have the kind of mobile experiences
they want if IT can’t first be sure those
experiences are safeguarded.
While security isn’t often seen as a
value driver, the right mobile security
can save enterprises from expensive
downtime issues and enable new
applications, tools and services that
drive productivity and boost revenue.
If you’re part of the team deciding on
an EMM solution and you’re reflecting
on how important security really is (or
isn’t), here are a few things you should
know about BlackBerry and BES12.
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
What the right security does
for business leaders
With business leaders pushing for the
kind of true mobility that goes well beyond
email, calendar and contacts, developing
and managing apps is a key focus.
BlackBerry® enterprise solutions provide
everything you need to move your
mobile business forward. BlackBerry
integrates comprehensive Enterprise
Mobility Management (EMM) with
advanced, secure services that propel
end users to new levels of productivity,
safeguard your corporate data and
expand the perimeter of your mobile
office to the Internet of Things.
The BlackBerry platform makes building
really useful apps easy and cost-effective.
How? By supporting open standards
and open-source app development
frameworks, so you’re never locked into just
one method to make apps. Increasingly,
enterprises will deploy a combination
of native, web-based and hybrid apps,
and BlackBerry supports all three.
Our helpful developer community and
user-friendly development platform
provide the support, tools and APIs to help
you easily build apps that are integrated
into the core features and experience
of BlackBerry® 10. And to build crossplatform apps, support for standards like
HTML5 means you can write an application
one time and make only minimal code
changes for each platform (iOS, Android,
Windows® Phone and BlackBerry).
Once you’ve built them (or chosen them,
in the case of third-party apps), set them
free. If they’re required, push them
right to the device. If they’re optional,
publish them to your own corporate app
storefront, where users can choose,
knowing they’re making a safe pick.
With ‘Secure Work Space Applications
for iOS and Android’ catalog, supported
Apple App Store and Google Play™ apps
can now become trusted enterprise
applications, running within a workonly container (Secure Work Space).
Apps offering SharePoint® access,
SAP support, Lync® integration and
more – all secured on the device and
via BlackBerry secure connectivity.
And with a range of new services for
enterprises, BlackBerry can make mobile
collaboration smooth and seamless. With
BBM™ Protected, there’s no need to
convince employees to use an “enterpriseapproved” IM app. Let them use BBM
– just as they do today, but with an added
layer of security that makes it safe for
even regulated industries. And with
BBM™ Meetings, they can turn a
BBM™ chat into a conference call, with
a mobile-first user experience that saves
valuable time for users on the move.
No fumbling with passcodes and PINs.
7
“The containerization of BlackBerry
devices, called BlackBerry Balance,
is the best example of the separation
of corporate data from personal
data while retaining a strong
user experience.”
- Gartner Magic Quadrant
Report on MDM3
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
What the right security
does for users
With BES12, you can give users
the experience they want.
Whether they’re on iOS, Android,
Samsung KNOX, Windows Phone
or BlackBerry devices, work data is
password protected and secured through
a single, secure connectivity model.2
Employees on BlackBerry 10 devices
get what Gartner has called the best
example of the separation of corporate
and personal data while retaining a
strong user experience.
You don’t want users shifting work
information into personal channels
like webmail or social apps. With true
separation of enterprise and personal
data, they can’t: Data Leak Prevention
is built right in, automatically. Yet
moving back and forth between the
two spaces is as seamless as a click.
And, users can maximize productivity with
BlackBerry® Blend, which allows them to
access personal and work data from their
BlackBerry smartphone on any device.
For those users on iOS and Android, choose
Gold level EMM licenses and create a
Secure Work Space on their devices.4 Work
and personal are separate here too, so they
can’t move your corporate content where
it shouldn’t go. In the work container, users
have an app that handles their email,
calendar and contacts, closely preserving
the native experience they’re familiar with.
Now that you’ve got two distinct worlds
on a single device, you can think more
about enablement. Instead of hearing
about the employee who posted customer
data to a public, cloud file-sharing service,
use BES12 to ensure they’ve got access
to an app you trust, right on their device.
BES12 is the easiest way to distribute the
apps that employees want and need.
Meanwhile, users are free to make the most
of their devices for the non-work side of life.
They have a space they can literally call
their own. IT has no need to get personal –
because it’s like having two smartphones in
one. When an employee leaves, the device
can be wiped of all corporate content
without (in BYOD scenarios) touching
things like family photos, personal emails,
music tracks, games and social apps.
And what about this shadow IT problem,
where users help themselves to tools
and apps they feel they need for work,
without letting IT know? Along with the
security risks it opens up, it usually means
they’ve got a boatload of passwords to
manage. With Enterprise Identity by
BlackBerry®, they have one login for
all their cloud-based apps. IT regains
control and can manage exactly who
uses what cloud apps, and how.
8
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
Cross-platform secure connectivity
Now, business leaders can push for higher productivity, tighter
collaboration, and uninterrupted workflows through mobility –
and not have to worry that they’re exposing the company to risks.
Hardware-Specific Solution
Point Solution
Point Solutions
Multiple components to
manage and multiple
potential points of failure
Wireless
Network
Cloud SSO Server
MDM Server
Email Gateway
SSO Server
VPN Server
Integrated security
with BlackBerry:
Complete Control.
One Partner.
Wireless
Network
BlackBerry
Infrastructure
End-to-End Solution
BES12
on-premise
BES12
Cloud
9
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
What the right security
can do for operations
With both on-premise and cloud versions of
BES12, BlackBerry offers industry-leading
security for organizations of all sizes and
all levels of IT expertise. WIth industryleading encryption, containerization, appwrapping and BlackBerry’s secure global
infrastructure, BES12 locks down critical
data both on device and in transit for
worry-free productivity.
BlackBerry understands environments
that operate with the highest security
requirements, where highly granular device,
content and apps controls are a must,
for many or all users.
If you’re working on an RFP to put out to
potential vendors, you should know that
BlackBerry 10 devices, BES12 and the
Gold level EMM option together deliver
the ultimate device management solution
to enable compliance for government,
financial services, regulated and other
high-security environments.4
Even if your industry isn’t regulated,
chances are you’ve got users who need
the ultimate security – like your C-Suite
and senior executives. Know that with
BlackBerry you can mix and match licenses
to create the perfect combination, with
security standards appropriate to every
user in your organization.
Already have BlackBerry users on staff? IT
has likely been managing their devices for
some time. If so, your administrators are
probably used to BlackBerry® Enterprise
Server software, and will find the transition
to BES12 for managing all devices
simple and straightforward, especially
in comparison to learning a new MDM
solution from scratch.
For users: a self-service portal allows for
simple security management. Through
the easy-to-use, browser-based app, your
users (whether they’re on iOS, Android,
Samsung KNOX, Windows Phone or
BlackBerry devices) can view and manage
all their devices, see device details, and
set activation passwords. If a device goes
missing, users can change the password
or delete data remotely, without waiting for
IT help. That means fewer support calls to
IT, lower TCO, and in some cases, better
security (because users can take action
the second they realize there’s an issue).
Another cost-saver: The BlackBerry
security model delivers fast, integrated
cross-platform app deployment and fully
encrypted behind-the-firewall content
access without the need for third-party
VPNs or add-on security.
Speaking of VPNs – operations-minded
business leaders have known for ages
that the physical tokens employees carry
to get secure, remote network access
are outmoded technology. They’re costly
and lead to wasted productivity for both
end users (losing the fobs, forgetting
passwords) and for IT admins, who have to
sort it out each time. VPN Authentication
by BlackBerry® allows employees to gain
secure VPN access using the smartphones
they’re already carrying. It saves both
time and money.
Support is a key component of the EMM
equation. Implementing BES12 is easier
than ever, but having a strategic support
partner is still essential to help you in
delivering on your mobility objectives.
BlackBerry® Technical Support offers a
unique blend of technical expertise, rapid
issue resolution and proactive, relationshipbased support to help you realize the full
potential of your BES12 cross-platform
infrastructure. Included with all BES12
Annual Licenses, Advantage Support
plays a role in the ongoing success of your
enterprise mobility management crossplatform solution. Optional Services help
further your objectives with tools, oversight,
redundancy and more.
10
The Secret Ingredient in Mobile ROI: Why Security is Paramount in EMM
To find out more and to sign up for a free 30-day
BES12 trial6, head to blackberry.com/bes12
1
ource:
S
http://www.informationweek.com/government/mobile-and-wireless/federal-workers-lax-on-mobile-security/d/d-id/1113805
2 Single outbound port/VPN-less secure connectivity is available for BlackBerry OS devices when managed through BES5 and
for BlackBerry 10 devices when managed through BES12. For iOS and Android devices secure connectivity is enabled with the
Secure Work Space for iOS and Android containerization option.
3 Available at: http://ca.blackberry.com/campaigns/gartner-magic-quadrant-mdm.html
4 Gold level EMM provides the management and control feature set for BlackBerry 10 devices previously known as EMM
Regulated, and also covers the containerization option for iOS and Android management known as Secure Work Space for iOS
and Android. Gold level EMM is available with BES10 v10.1 and later.
6 30-day Free Trial Offer: Limited time offer; subject to change. Limit 1 per customer. Trial starts upon activation and is limited to 50
Gold BlackBerry subscriptions and 50 Secure Work Space for iOS and Android subscriptions. Gold BlackBerry subscriptions can
be interchangeably used for Silver level activation of BlackBerry 10, iOS, Android, Samsung KNOX and Windows Phone devices.
Following trial, customer must purchase subscriptions to continue use of product. Not available in all countries. Subscriptions
can be purchased direct or from authorized resellers. When a system is upgraded to production, the trial subscriptions will
no longer be available. This Offer is void where prohibited and is subject to modification, extension or early termination at
BlackBerry’s sole discretion.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. iOS is used under license by Apple Inc. Apple Inc
does not sponsor, authorize or endorse this brochure. Android is a trademark of Google Inc. which does not sponsor, authorize or endorse this brochure.
© 2015 BlackBerry. All rights reserved. BlackBerry®, BBM® and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/
or used in the U.S. and countries around the world. All other trademarks are the property of their respective owners.