BlackBerry Becomes Security Token Device


Source: Reuters

RSA is offering new two-factor authentication for the BlackBerry that aims to provide secure access to enterprise wireless networks as well as network applications.

The SecureID Token, which generates an authentication token on the smartphone via the BlackBerry Mobile Virtual Private Network, is the latest technology from RSA’s relationship with Research In Motion (NASDAQ: RIMM). RSA is the security division of storage titan EMC (NYSE: EMC).

The technology uses the BlackBerry as a two-factor authenticator, much like the traditional key fob security token in play today. Users access their BlackBerry and launch the RSA application that then prompts users for a PIN code.

The software generates a one-time passcode that users copy and paste to log in to corporate VPNs, enterprise wireless networks or network applications.

“We’re using the BlackBerry as an authentication container, a form factor, to help companies strengthen mobile access to networks and improve network management administration,” Rachael Stockton, principal product marketing manager, in RSA’s Identity and Access Assurance Group, told

The goal, Stockton said, is to give enterprises greater mobile device security around network connectivity. Such security can prove valuable if a device goes missing or is lost — a situation every enterprise faces as mobile device adoption expands.

The White House faced such a BlackBerry security situation a few weeks back when devices belonging to a presidential delegation went missing.

While the White House hasn’t commented on whether the retrieved devices were compromised, security experts say the incident is a compelling reason to assess security given the increasing reliance on online communications and mobile collaboration.

“It is a mystery to me why the security marketplace for mobile devices hasn’t exploded yet,” Jeff Kagan, a telecom analyst, told

“Most [enterprises] don’t have a clue that mobile devices need protection, and even if they do, they don’t know where to turn,” he said.

Virtually all organizations rely primarily on username and passwords for authenticating users, as well as accessing systems, networks, data and applications, according to a new report from research firm Aberdeen Group. But half are also using at least one stronger, nonpassword method of authentication.

Aberdeen’s research on strong user authentication indicates enterprise have a strong interest in diversity and choice with respect to authentication methods and form factors. That’s leading to greater two-factor authentication adoption.

“For enterprises who have selected one-time passwords as their authentication method, many users will find it very convenient to leverage the RIM devices they already use as the form factor, as opposed to carrying a separate hardware token,” Derek E. Brink, VP and research director for IT security at Aberdeen, told

Brink believes the biggest risks in mobile computing are the loss of a device, unprotected data and the risk of unauthorized access using the device. Research indicates more enterprises are putting more attention on mobile security, given mobile devices are now endpoint computing platforms, he said.

“What I hear from end-user organizations is that they’re acknowledging the fact that these devices are here to stay and that they have to be embraced, supported and taken under active management. That means that they’re starting to address the security issues as well,” Brink said.

The new authentication technology will also ease stress for IT security when it comes to mobile devices. The ‘over the air’ method of token provisioning simplifies security and results in fewer support tech calls.

Tech teams can customize the token software for improved centralized control, such as masking a user’s PIN and password for better security policy compliance.

If a device is lost or misplaced the software also provides an automatic restoration feature. After a BlackBerry is ‘wiped’ clean to avoid data theft, the authentication function is automatically re-deployed, which reduces manual processes.

“This lets enterprises leverage mobile devices to improve enterprise security and makes using authentication token technology easy for the mobile user as well,” said Stockton.

News Around the Web