BlackBerry’s app sandbox for BES-connected iPhone and Android devices just went live this summer, and as a follow-up to Talk Mobile Security week, we thought it would be worth getting our hands on the solution and trying it out.
For those unfamiliar, Secure Work Spaces provides a container so that iOS and Android users can securely access corporate calendar, contacts, notes, tasks, intranet browser, documents, and e-mail. It manages to access this content behind the firewall without having to set up a VPN. Much like Balance on a BB10 device, you can’t copy enterprise data out of that container and into personal accounts. IT administrators can remotely manage this space through the same BES console that’s used to handle BlackBerry devices - this includes deploying other apps that have been tweaked with the secure wrapper.
Android and iOS versions of the Secure Work Space are a little different, namely in that the Android version offers quite a few more functions. On both versions, you install apps directly from Google Play or App Store respectively, punch in server address, username, and password information sent from your administrator, and you're just about good to go. Once everything’s installed and set up, Android users map their home button to Secure Work Spaces, which takes them to a new launcher. From there, they can switch back to the personal side either through a stickied toggle in the notification tray, or through one of two home screen widgets. You’ll find all the important apps you need, and if your administrator has pushed any more out, you’ll get a notification to snag those as well.
One of the core apps you pick up on the personal side will show which apps are required as a part of your company's device policy, as well as other details about you can and can't do on your phone. You'll also be able to get shorcuts to secure mail, messages, and calls on the personal side. Work Space notifications can show up in Android even when the space is closed, which is pretty important for time-sensitive messages. You can get to work content even faster with a dedicated home screen and related widgets. Administrators can lock out plug-ins from being installed in the Work Space browser, which may be a necessity for the security-conscious.
IT administrators can access all of the usual stuff from the web console. They can reset passwords, lock devices, register new ones, roll out apps, and tweak policies. Multiple devices show up as separate tabs for each user, along with visible alerts for any policy breaches. In terms of the end-user, there are a few hiccups. For one, the prominently-featured Messaging app indeed lets you send out text messages, but any incoming messages go to the personal side. This makes two-way texting exclusively through Secure Work Spaces pretty much impossible. You’ll occasionally have your tasks interrupted with error messages that you can’t connect to the server. The secure media app has a heck of a time recognizing audio files (despite playing video and images just fine). There are some neat tricks, though. Android blocks you from taking screenshots, for example. On iOS, it will detect if your device is jailbroken and and can block activation.
That's about it. If you need more information about Secure Work Spaces, hit up BlackBerry's data sheet. Any BES admins using Secure Work Spaces yet? Are there a lot of Android and iOS users at your work who should be BES-managed?
Big ups to our buddy Craig Johnston for hooking us up with a BES testing area.