Despite its continuing downward spiral, many IT professionals continue to acknowledge that RIM’s BlackBerry platform — or more accurately its BlackBerry Enterprise Server (BES) — remains the most secure mobile platform on the market. That’s a fact RIM hypes every chance it gets. Usually RIM points out that BES supports over 500 security and management policies. That’s roughly ten times the number of discrete management options that Apple has built into iOS.
While that number sounds impressive, the real difference between BlackBerry management and iOS management isn’t really about the number of policies. In many ways, it isn’t even about what IT can or can’t manage. The real difference is a cultural divide in the way mobile devices and mobile management is perceived.
That’s the conclusion that I came to after some recent conversations with longtime BES administrators.
If you look at most mobile device management solutions on the market, they’re actually fairly user-friendly. Even non-techies can look at the simple interface that Apple Configurator or Lion Server’s Profile Manager offer and figure out what features the various checkboxes enable or disable. The same is true of most third-party mobile management packages that support iOS management.
On the other hand, if you skim through RIM’s exhaustive guide to BES policies (PDF link), it becomes very clear that your need a technical background to have any hope of making sense of it.
If you have a technical background, you’ll realize that all of RIM’s policies and the way they’re applied is very similar to setting complex firewall rules (some actually are firewall rules) or advanced group policy controls in Active Directory. You can achieve a secure environment by creating a single base policy that restricts absolutely everything and then create additional policies that enable specific features for certain individuals or groups. That gives you a lot of security, but it also creates a huge amount of complexity.
As with group policies for managing Windows PCs, every rule introduces a range of possible outcomes depending on various other rules. Rules set for the same user or device based on different group memberships can conflict. Depending on the situation, that can limit a user more than intended or give them unintended capabilities. Like Active Directory administration, BlackBerry management requires a very specialized skill set.
By contrast, iOS management is much simpler and predictable. Is it as secure? If your rely solely on mobile device management capabilities, probably not. That said, if you step back and consider mobile application and information management options in addition to device management, you can probably develop security capabilities that are adequate. More importantly, even without a lot of training, experience, and reference material, you’ll be able to accurately predict the way management rules and policies will impact each device.
That’s a different mindset and culture. Ultimately it’s a more democratized vision of IT and mobile technology.