Secusmart, the BlackBerry subsidiary that secures the German Chancellor Angela Merkel's smartphone, will roll out a version of its SecuSuite security software compatible with Samsung Electronics' Knox platform later this year.
That means that organizations looking for smartphones offering government-grade security will be able to buy the Samsung Galaxy S7 or, soon, the S8 rather than the now-discontinued BlackBerry OS smartphones like the one Merkel uses.
In addition to encrypting communications and data stored on the device, the new SecuSuite also secures voice calls using the SNS standard set by Germany's Federal Office for Information Security (BSI). Organizational app traffic is passed through an IPsec VPN, while data from personal apps can go straight to the internet. Encrypted voice calls go through a different gateway, not the VPN.
When it goes on sale, likely around July, an S7 running SecuSuite for Samsung Knox will cost around €1900, said BlackBerry Secusmart managing director Christoph Erdmann. That's the same price as the existing BlackBerry 10 version, and includes the phone, a microSD smartcard to secure the encryption keys, and the first year of service.
Secusmart is demonstrating the new system on its stand at the Cebit trade show in Hanover, Germany this week.
This is not Secusmart's first collaboration with Samsung: Two years ago at Cebit, in conjunction with IBM, the companies unveiled an ultrasecure (and ultra-expensive) version of the Galaxy Tab S 10.5 tablet, called the Secutablet. It cost $2,300.
Users of SecuSuite for Samsung Knox will see the icons of applications managed by their employer tagged with a small padlock. When these applications are launched, they will ask for a PIN to authorize use of the encryption keys in the microSD card. Without these, neither the app nor its associated data can be accessed.
Other applications, including popular messaging platforms such as Twitter, Facebook, and WhatsApp, can be installed in accordance with the employer's security policies: Some organizations, like the German government, will allow only limited whitelists, while others may allow full access to the Google Play Store.
The controls are imposed by the organization's MDM (mobile device management) and MAM (mobile applications management) servers, typically BES 12 and EASE respectively.
Even if a user inadvertently downloads and installs one of the malicious apps that occasionally sneaks into the Google Play Store, data in the work-related apps is still securely protected, said Erdmann.
"Every good OS has to have a way to stop processes reading other processes' memory," he said, adding that the Android OS is one of the ones that does.
"On a non-manipulated OS, one app trying to read from the memory of another app would simply crash the OS. It's a segmentation violation," he said.
Sign up for Computerworld eNewsletters.