By Jennifer LeClaire / CIO Today. Updated March 26, 2014.
BlackBerry may be down but it's not out -- and if you want cryptography certification it's the only game in town. BlackBerry just announced that Secure Work Space for iOS and Android, a multi-platform containerization solution managed through BlackBerry Enterprise Service 10 (BES10), is officially Federal Information Processing Standard (FIPS) 140-2 certified.
This is no small feat. FIPS validation is widely considered a critical benchmark in government security circles. It assures federal workers that encryption technologies have passed demanding testing so it can be used to secure and encrypt sensitive information. Specifically, the certification allows security-minded organizations, including government bodies in the U.S. and Canada, to deploy Secure Work Space to separate personal data from sensitive corporate content.
"Organizations, in both the public and private sectors, must take the necessary steps to protect sensitive data and ensure that their mobile solutions offer the highest level of security," said Ben Hoffman, a mobility analyst at IDC. "FIPS 140-2 certification indicates that BlackBerry is meeting the strict security requirements that many enterprise customers require."
What this Means
The FIPS certification demonstrates BlackBerry's security capabilities for the transfer of sensitive data on third-party devices. With Secure Work Space, for example, BES10 protocols for data-at-rest and data-in-transit cover iOS and Android smartphones and tablets.
That means data is protected while crossing networks as well as within the walls of the enterprise. According to the Waterloo, Ontario-based telecommunications provider, administrators can configure, secure, wipe and interact within the Secure Work Space on a device. For their part, workers can still use the device for personal activities. It's a strong fit for the flexibility needs of a "bring your own device" workforce.
We asked Michael Disabato, managing vice president of network and telecom at industry research firm Gartner, for his take on the certification. He told us that since BlackBerry has long been considered the most secure mobile platform on the planet, if the company did not get the certification that would have been bigger news.
"The fact that BlackBerry has the certification means they can sell into high-security environments in governments around the world -- those that still trust FIPs to be independent" of the U.S. National Security Agency, Disabato said. "Right now, iOS is not FIPS 140-2 certified, nor is Android. The containers on some of the vendors, like Good for Enterprise are. If you have the regulatory need to prove that you've got that level of security then it's good for BlackBerry."
The National Institute of Standards and Technology issues FIPS 140-2 to coordinate the requirements and standards for certifying cryptographic modules. The standard was developed through the Cryptographic Module Validation Program. The CMVP certifies products that U.S. government agencies and regulated industries use to collect, store, transfer, share and disseminate sensitive information.
Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2. The certification is accepted and supported by the Communications Security Establishment Canada for government use and by the U.S. government.
AES 256-bit encryption, a secure, internationally recognized standard for data protection, covers BlackBerry products and services. Beyond FIPS certification, the company's products have also passed security testing from the likes of NATO and the U.S. Department of Defense.