Long gone are the days when it seemed everyone you knew in D.C. had a BlackBerry device. But after a successful pivot to focusing primarily on enterprise mobility management and security, the Canadian company is rededicating itself as a trusted partner to the U.S. federal government with the launch of a new subsidiary — BlackBerry Government Solutions.
The subsidiary launched last week in downtown D.C. independent of the greater BlackBerry company (minus the shared name) with its own governance structure, and systems and data hosted separately from its parent company. The office is chartered to provide a suite of cloud-based, government-authorized compliant endpoint security solutions to the federal government, particularly as adoption of Internet of Things and 5G technologies grows.
“We really represent end-to-end technology of how you secure usage in this whole IoT world,” CEO John Chen said in remarks during the ribbon-cutting of the office space.
BlackBerry no longer sells devices, but other manufacturers, like TCL, sell BlackBerry-branded phones. The company is now focused on providing secure communications and enterprise endpoint management services to businesses and agencies on a variety of devices, including iOS, Android and Windows. But for the most part, that’s a line of business BlackBerry has left behind when working with federal customers.
The new Government Solutions team — currently nine employees led by Bob Day, president of the subsidiary and former Coast Guard CIO — and office are built around two core missions: to accelerate Federal Risk and Authorization Management Program (FedRAMP) authorizations of its products to sell to government and deepen relationships with federal agencies, particularly those that need services that can handle classified information.
“As government moves more and more projects into cloud-based, a network has no boundaries,” Chen told reporters after the ceremony. “So the people that touch those, and the products that touch those, really need to be in a more trusted architecture. FedRAMP was designed for that reason.”
BlackBerry has two FedRAMP-authorized cloud services — AtHoc Services for Government, a crisis communication platform with more than 2 million licenses sold to agencies, and CylancePROTECT, an artificial intelligence-based antivirus product it recently acquired in the purchase of California-based Cylance that was previously authorized. But it’s looking to expand its government portfolio. Day said BlackBerry is working to receive FedRAMP authorization for its Unified Endpoint Management (UEM) platform, which will be sold to agencies under the name BlackBerry Government Mobility Suite.
“It is the baseline by which we will add all the other products to,” Day said, adding that the new subsidiary plans will be FedRAMP Ready in the next month and then completely FedRAMP authorized by the end of calendar 2019, with Immigration and Customs Enforcement as its sponsoring agency.
In addition to the continued pursuit of authorizing more services for government use on top of the baseline UEM platform, the new team will have its hands full with continuous monitoring and maintenance of those services to keep them authorized. “Once you’ve achieved it, retaining it” is a major challenge, Day said, “because it’s a constantly changing environment and there are new controls being added every day.”
“FedRAMP is not for the faint of heart,” he said. “It is a significant investment by BlackBerry to take this product through.”
Expanding classified work
Through the new subsidiary, BlackBerry plans also to expand its opportunities for classified work. Every employee will be a U.S. citizen with a security clearance. Day called the new office “the catalyst of where we’ll move for getting cleared employees,” because while it’s not a requirement of FedRAMP, it will allow the group to work hand-in-hand with certain classified agencies that demand its services.
Chen, during his remarks, highlighted this facet of the subsidiary, emphasizing how trusted “this Canadian company is in this town, in times like this, especially” — no doubt a reference to the Trump administration’s banning of Huawei and Kaspersky products in the U.S. government supply chain because of their relations to governments in China and Russia, respectively.
But Day said this decision also stems from experiences BlackBerry has had when its leaders didn’t get the opportunity to work directly with agency customers in secured environments, even though its services were being used, because they weren’t cleared. Instead, BlackBerry was several layers removed in the process.
“[R]ight now we service many of those [classified agencies] with BlackBerry products, which are being serviced by third-party providers, many of them very good, many trusted partners with us,” Day said. “But we’d like to be in that game ourselves directly. Cause many times we’ll have that trusted partner on the inside and a BlackBerry employee on the other side of the door because the BlackBerry employee can’t go in. If we can have those people with those clearances to do that kind of work, I think it will enhance our overall benefit to our customer on the federal side.”
Chen agreed that “since we are the base technology provider, it is best to be able to be in the room and sitting around the table because they eventually rely on the technical capability of what we offer, rather than offering through another third party.”
Investing in FedRAMP compliance, along with hiring the cleared technical talent to work on the services, Chen said, is “a big investment — not only the time and money, but the patience.”
And ultimately, it will be a multi-year timeframe, just to get current products authorized, Day said. “It’s a lift each time to take these products and add them in. But we’re getting pretty good at it, getting through FedRAMP.”
But the end goal, even if years away, he said, is clear: “Our objective is to have an offering that starts with mobile device management but then adds all these other applications in that you can literally turn on … It’s truly cloud-based software-as-a-service that we will have eventually the full suite of BlackBerry products in this single FedRAMP environment that you can turn on and then secure with Cylance.”
Correction, March 19 — This story has been corrected to reflect BlackBerry’s exit of device sales; and that Cylance is a California-based company.