QNX in BlackBerry 10 will make BYOD a reality for IT

The QNX security advantage in BlackBerry 10

TODO alt text

In an exclusive interview with TechRadar Business Centre, Sebastien Marineau-Mes, Senior Vice President of BlackBerry OS explains why RIM's next generation OS BlackBerry 10, will be the answer to an IT managers' prayers, and reduce the security risks of a bring your own device policy to zero.

When BlackBerry 10 arrives next year it will be based on QNX, the same system that runs the core Internet routers, medical devices and nuclear power stations; that promises to make for a mobile OS that's more secure than most.

Sebastien Marineau-Mes Senior VP for BlackBerry OS
Sebastien Marineau-Mes Senior VP for BlackBerry OS

The most obvious example is the BlackBerry Balance feature which creates two separate partitions, one for personal use and a second for work information, both encrypted separately. You switch between them with a gesture.


The personal partition will be on every BlackBerry; the work partitions will be created if you use a BlackBerry to sign in to a work email account that's managed by BlackBerry Enterprise Server (BES). An administrator can set policies to control the work partition using BES, controlling what apps you can install from the separate enterprise AppWorld store, dictating the password strength or wiping the device remotely if you lose it or leave the company. But they can't control your personal partition, or delete files or track how you use your BlackBerry.

QNX is controlled by the OS and configured by IT


And it's all done by the operating system, rather than the apps. "Applications don't know what partition they're running in," explained Sebastien Marineau-Mes Senior Vice President of BlackBerry OS, and previously Vice President of Engineering at QNX before their acquisition by RIM. "so as an IT department I can choose which partition the application will run in. When it runs in the corporate partition it's secure, the data is firewalled and so on but we don't need application developers to make any changes. It's something that is controlled by the OS and configured by IT instead of the model you see on Android and iOS where they have enterprise applications that are running in these containers."

Keep work and play apart with multiple inboxes on mutiple networks
Keep work and play apart with multiple inboxes on mutiple networks

That gives your IT team the control without being intrusive or fragmenting the user experience; instead of separate mailboxes for personal and work messages everything appears in one unified inbox, from BBM and text messages to social network updates to alarms to email from your company and personal accounts. "We've been able to combine them and yet under the covers completely firewall them," claims Marineau-Mes. "The key things that you use, as an end user you really want it all to show up."

Stop work messages disturbing your home life

You can lock the work partition when you don't want to see work messages (overnight and at the weekend, say). But just because you can see both sets of emails at once doesn't mean they're stored in the same place. "When you're viewing email we actually run a different viewer that is in a specific partition. So when you're viewing personal email you have one viewer, when you're viewing corporate email you have a different viewer that's a different, firewalled process. There is some info that goes into the unified inbox like the title of the email and who it's from - that's the part that the unified inbox pulls in from both partitions - but everything else is run in completely different processes."

BlackBerry 10 will have the security a business wants without irritating users by being slow, being frustrating to use or running out of battery too quickly


That means work email can be managed and deleted without affecting your personal messages, and it offers an extra level of protection. "With HTML email you don't want to be vulnerable to certain types of attacks when you receive email because it's running in the same partition as your corporate data and they can somehow pull it out. You can only go so far in securing WebKit or any HTML engine. It's really a race with the vulnerabilities that are discovered and closed to so really the best solution is to just say it's completely firewalled. Even if you're able to find a flaw in the html engine and the viewer you can't compromise the other side of the firewall."