BlackBerry LIVE Interviews Experts on Mobility and UEM

It was no surprise that the gradual shift to remote working would eventually expand the mobile attack surface: “Everyone was already on the move,” says Alex Willis, BlackBerry VP of Global Sales Engineering, in a recent video podcast. However, when COVID-19 struck and offices were closed in favor of home workers, IT teams were suddenly thrown into deep, dark, and very cold waters. And many teams report that they’re still swimming hard, trying to keep their heads above the waves.

A recent study by Pew Research shows why: nearly six in 10 employees (59%) whose jobs can be completed remotely continue to work from home. The pandemic has changed the way the world works.

With this shift to remote working has come an explosive growth in cloud-based accounts from a growing number of devices, adds BlackBerry senior director Baldeep Dogra. “We know they’re exposing more resources that need that connectivity, and that means more access points” that can be compromised.

“The end result is what we call ‘endpoint chaos,’ which has increased the mobile attack surface,” says Dogra.

Studying current endpoint security challenges often helps us find a way to overcome them. This is the focus of the first part of our BlackBerry LIVE mobile security video podcast, in which I discuss this topic with BlackBerry experts Willis and Dogra to learn more about the current mobility challenges faced by IT teams today. To learn more, watch the podcast or read the excerpt below.

Steve Kosky:

Thank you for joining this podcast. I have some high-level guests today, and we’re going to be talking about unified endpoint management and mobility issues. These problems have been around for a long time, they affect the entire company and their impact continues to increase.

For me, there have always been three IT pillars: processes, people and technology. But a fourth was added recently in a conversation that took place at our BlackBerry Security Summit between our CEO John Chen and one of the leaders of Ukraine’s cybersecurity forces. He calls this fourth pillar cooperation or collaboration.

Today we will talk about all four of these pillars and how they relate to workplace mobility. Now I ask my guests to introduce themselves, starting with you, Baldeep.

Baldeep Dogra:

Hi everyone, I’m Baldeep Dogra. I manage cybersecurity and UEM product marketing in our cybersecurity department at BlackBerry. I have been with BlackBerry for almost 18 years, primarily in management and leadership roles in technical sales and product marketing. Before BlackBerry, I was at Lotus, IBM and IXOS/OpenText, where I held positions in software consulting.

Steve Kosky:

I’m so glad to have you today. And Alex, would you introduce yourself?

Alex Willis:

I’m Alex Willis, I lead the SE (Sales Engineering) team for BlackBerry worldwide and I also lead the ISV partner program. In my SE role, we spend a lot of time in the market talking to our customers, understanding their needs and understanding the challenges they face across many industries across different segments. In that respect I think we are close to what is happening in the market. We stand between our customers and our product management.

My background is in consulting, so I spend a lot of time with clients, designing systems for them to align technology and services with an organization’s goals. I’ve been with BlackBerry for 21 years.

Steve Kosky:

Wow. That gives you an idea of ​​the depth of expertise we have here. And what a great perspective to share. Let’s set the stage a little; Alex, let’s start with you. Why is the mobile attack surface expanding right now?

Alex Willis:

It’s a big question. I think with the advancement of devices and mobile network speeds over the past few years, people are starting to do more with their devices. The other thing is that there is an obvious impact of the pandemic that people have had to work remotely, but I would say that the trend, remote working, started before the pandemic.

People want to be able to get their work done wherever they are. The pandemic has made the concept of remote work more pressing. Before the pandemic, one organization had an opportunity to step up and start making additional data and applications available. When the pandemic hit, they said, “We need this tomorrow or today.” They didn’t have a few months to deal with it.

I think a lot of us have talked about how the pandemic period was almost like a pilot or POC (proof-of-concept) for companies to really see what it’s like to work on different mobile devices devices, including many bring-your-own-devices. We always thought BYOD was limited to cell phones or iPads, but then it quickly spread to home computers and other devices. I think it was a good POC and the industry responded well.

We’ve worked with many customers during this early pandemic and helped them make this transition quickly. And there were a lot of considerations, not just the device itself, but also network access and data leaks and all those things.

So yes I would have expanded the mobile attack surface in terms of “why”, it’s just that the pandemic has made remote work happen super fast. But everyone was headed for remote work anyway.

Steve Kosky:

Yes, usually a proof of concept isn’t mandatory, and you don’t do it on production systems if you can avoid it. So, it’s a bit different, but I see your point. Baldeep, what are some of the things that companies have discovered in this “mandatory POC”?

Baldeep Dogra:

One thing I could look at is the growth and popularity of cloud based accounts. We know they’re providing more resources that need that connectivity that Alex just talked about, and that means more entry points.

Another thing to think about with a POC: when you log into your laptop or your desktop, think of the number of accounts that are likely already there. You could have an admin account, a super user account, or the user account; these add up. And these are all entry points that could be used as entry points for threats.

It also increases choice out there – and the need for multiple devices for many – and ends up creating what we call “endpoint chaos” that has increased the mobile attack surface.

Alex Willis:

It could also have been a small catalyst with cloud-based accounts. I think it’s a good point. So far, the proliferation of cloud accounts has not been geared towards the consumerization of IT. Business units signed up for cloud accounts and services, and then security and IT teams had to rein in and manage them. But now organizations themselves are officially adopting these cloud services.

People assume that if you’re using stuff in the cloud anyway, you’re getting away from that paradigm — where everything inside the firewall is good and everything outside is bad. It makes good sense for everyone involved that you have mobile access to accounts and services outside of the corporate network. But as we all know, it’s not that simple.

Security teams need to look closely at the landscape and conduct a risk assessment. So how do you mitigate that risk? What processes and policies can you put in place that won’t reduce adoption?

You want a return on investment, you want productivity, so you can’t make it too difficult for users to use technology or it wasn’t worth adopting in the first place.

Steve Kosky:

This really touches the first pillar, which is people. For many people in the workplace, the mobile platforms were secondary to their jobs. Their workstations were behind the firewall, (therefore) they were protected and formed the last bastion of the secured perimeter.

That went away. Now those backup devices – which they used when they couldn’t access their workstations – became frontline devices, and their “workstations” became their home computers, or any number of computers. So users are certainly affected. But you also mentioned security teams, which is interesting because I think mobility has traditionally been handled more on the IT side of the house than security.

Good conversation gentlemen, I think we’ll stop here. We’ll be posting these interviews in a series so you can watch the rest of the conversation. Watch out for episode 2 coming out next week. Thank you for joining us.

related reading