An Ottawa-based company has developed a new software token for BlackBerry devices that allows companies to add an extra layer of security to protect their corporate network.
CryptoCard Inc. plans to release the application in the next two to three weeks with the next version of its CryptoCard software. The token allows people to use their BlackBerry to generate a random one-time password, eliminating the need to carry a separate device for two-factor authentication.
“Our market sector is anyone that has concerns about identity theft, password management and secure passwords,” said Jason Hart, CEO of CyptoCard. “Initially the market for the BlackBerry token is going to be financial services or large organizations that have large BlackBerry users.”
The increasing number of remote workers these days means that people are sharing more than just e-mails over their mobile devices, leaving another potential hole in the corporate network.
“A lot of people are starting to use their mobile devices, BlackBerries included, to store a fair bit of company sensitive data,” said Joe Greene, vice-president of IT security research, IDC Canada. “You can receive reports on your BlackBerry. You might have access to corporate resources that would include potentially sensitive data on your customers or trading partners. You’re going to want to ensure that device is absolutely secure if lost or stolen and it becomes virtually impossible for anyone to get access from that device.”
While CryptoCard is calling the software token the first BlackBerry device that can work in a heterogeneous environment, Resarch in Motion already has S/MIME authentication built into its devices.
“Any company that’s using the built-in tools for BlackBerry already has a pretty good level of authentication and control,” said Gary Campagnon, president of ASP Flex Technologies Inc. and president of the BlackBerry user group in Calgary. “There will be a use for it. In today’s market, a lot of companies haven’t deployed the type of application that gives customers access from the BlackBerry to the backend systems.”
Likewise, Craig Read, director of technology, M-Trilogix, a Toronto-based mobile solutions provider and member of the Toronto Wireless User Group, said BlackBerries themselves are already pretty secure and don’t require an extra level of security in most cases.
“The infrastructure itself is quite secure so the chances of somebody getting onto your internal BlackBerry server network and sniffing information and e-mails is not high. It’s a remote possibility,” said Read.
Security company RSA, which was recently acquired by storage vendor EMC, also has an application that runs on the BlackBerry and other mobile devices. Campagnon said if a customer already has Cryptocard’s security infrastructure in place, then this upcoming release is a plug-in for it.
“It’s going to be a pretty tough sell to get somebody to switch from a RSA infrastructure to this simply because of BlackBerry,” he said.
Fusepoint Managed Services, which provides BlackBerry among other services to its clients, issues its customers a RSA token to access its customer portal called Web Care. Company president George Kerns said while Cryptocard’s token for BlackBerries would be useful, many computer systems already have other authentication capabilities in addition to what comes standard with a BlackBerry.
“Most of the several million users of BlackBerries are just using them to get to their e-mail,” he said. “It’s an extension of the e-mail system when they’re on the go. You want to make sure that only the person that should be getting to that e-mail is getting to that e-mail.”