The BlackBerry architecture consists of 3 main components: the device, the backend software (usually the BlackBerry Enterprise Server, or BES) and the Network Operations Center, or NOC. These three pieces work together to provide the most secure mobile communications system available.
RIM BlackBerry is an Integrated Solution
Because Research In Motion (RIM) make all three pieces of the solution, they are able to test end to end security in a way that just is not possible with various hardware manufacturers, settings, and device software. RIM knows what the moving pieces are in its ecosystem and are able to build in security at each step of the process.
BES Initiated Security
The key to BlackBerry's security is the BES-initiated connection to the NOC. Once a new BES comes on line, it initiates a connection on a specified port to the NOC and then leaves that line of communication open to send and receive mail. When an email comes to the NOC, the NOC knows which BES that email is heading to and sends the email down to the correct server on the existing connection. This architecture is one of the keys both to the push email that made BlackBerry famous and to the security that experts in this area understand.
With competing devices, there is NOC for the server to call. Therefore, the server can only wait to be contacted from the internet when a new message arrives. That means a port must accept inbound communication from the internet, which greatly increases the security risk.
RIM’s competitors such as Microsoft and Apple have made much of the NOC and argued that it is unnecessary and that their lack of a comparable feature is an asset, not a drawback, of their architecture. While it is true that the NOC adds a central point of failure (issues at the NOC have been responsible for most of the famed “BlackBerry outages”), the truth is that this extra feature adds a great deal of extra security to the BlackBerry solution in a way that most users have never had explained to them.
BlackBerry Device Security
In addition to the inherent safety in the BES-NOC relationship, RIM takes security a few steps further. Devices can be password protected, allowing a user to control who can view information on his device. More importantly, though, is the managment allowed to an organization's Information Technology (IT) department through the BES.
If a device is lost or stolen, the BES Administrator can remotely wipe the device from the server console. Other devices approximate this functionality, but with non-BlackBerry smartphones the user is prompted to see if he wants to wipe the device. This is not useful if the device truly has fallen in to the wrong hands. By being able to remotely wipe the device, the BES Administrator has the ability to protect the data on the device.
For more details on BlackBerry security, see this article on RIM's site.
