BlackBerry Balance separates work information from personal apps and data on BlackBerry 10 devices, and it affords administrators some granular management options.
Despite the cost savings and increased productivity that consumerization promises, devices used for both personal and business purposes bring with them a host of security risks. It's easy for confidential data to be shared, intercepted or made susceptible to cyberattacks as a result of users' Web browsing and social networking. BlackBerry Balance protects sensitive data while preserving employees' personal privacy, which allows organizations to address security concerns without limiting how workers use their devices on their own time.
The user balance
BlackBerry Balance provides users with an intuitive interface that requires little to no training to understand or use. The technology uses the existing infrastructure, giving workers access to both personal and business data when they need it.
BlackBerry Balance automatically separates apps and data into two different operating spaces: a workspace and a personal space. By default, devices use the personal space where users can share photos, watch videos, play games, participate in social networks and engage in other personal activities. In the workspace, employees can update their calendars, add content, view emails and perform other business-related tasks. They can easily switch between the two spaces from their home screens. Each space uses distinct wallpaper and icons to clearly identify one from the other.
Although the apps in each operating space run independently of each other, users can have them running simultaneously. Personal apps cannot access work apps, and work data cannot be copied to personal apps, so work apps and data always remain separate and secure. If a user tries to perform a prohibited task, such as copying work data into a personal email, the operating system will generate an alert indicating that the action is not permitted.
Additionally, different instances of the same app can run in each operating space. For example, a user might have a personal Twitter account and a business Twitter account. Each operating space can run its own Twitter app, completely separate from the app running in the other space. Even the BlackBerry World app store runs as separate instances in each space.
The BlackBerry Balance technology can run on a variety of BlackBerry devices, whether they're for personal use or are corporate-owned. First introduced in PlayBook 2.0, BlackBerry Balance is now integrated into the BlackBerry 10 operating system, and every BlackBerry 10 device is capable of using BlackBerry Balance. Users can activate Balance on their own devices, and administrators can enable it on company-owned devices. Note, however, that in both cases BlackBerry Device Service must also be enabled.
To guard against data leakage and malicious access, all data in the workspace is protected with Advanced Encryption Standard 256-bit encryption. A file system encryption key is generated during activation and stored in the key store. Users or administrators can also choose to encrypt the personal space. In this case as well, the key store protects the file system encryption key.
To manage devices enabled for BlackBerry Balance, administrators can use either BlackBerry Enterprise Server 5.x or BlackBerry Enterprise Service 10. Each service supports a set of IT policy rules that govern BlackBerry Balance usage, controlling configuration options such as whether personal apps can access work contacts, whether users can back up and restore work apps and data, and whether the personal space is encrypted. In essence, the policy rules define the line between work and personal data.
More on BlackBerry Balance
How dual-persona technology works
What's new in BB10, BES 10 and more
BlackBerry 10 upgrade strategies include iOS, Android
With BlackBerry Balance, administrators can easily protect various types of sensitive information on BlackBerry 10 devices. The data can include files downloaded from the corporate network, files generated by apps on the device, emails and their attachments, and productivity-related data, including calendar entries, contact information, memos and tasks. To protect the apps and data pushed to the smartphones from the BlackBerry servers, administrators classify them as restricted. Once that classification is made, the data cannot be accessed from the personal apps and cannot be reclassified as personal data.
The policy rules also control user behavior that can threaten the data. For example, Balance can prevent users from copying work data and pasting it into personal applications or transferring that data to those apps in other ways. Plus, policy rules can control browsing the Internet from the workspace or deleting work data on the device.
Administrators also have the ability to remotely wipe sensitive data from a BlackBerry device. If an employee leaves the company, for example, an administrator can erase all the work-related data without touching any personal information. If the device is lost or stolen, then admins can wipe all data to protect sensitive work data, as well as personal information.