Press Release: Study over one year shows that securely managing non-BlackBerry devices using a ‘Walled Garden’ approach is 39% more expensive

According to a new research study from Strategy Analytics, the BlackBerry® Enterprise Solution not only provides the most secure mobile platform but also the lowest total cost of ownership (TCO) for mobile deployments.

The study, commissioned by Research In Motion (RIM) (NASDAQ: RIMM; TSX: RIM), considered typical industry best practices, using the UK government as an example. The entire mobile solution was examined, including device management and devices themselves for a 100 user smartphone deployment running at IL2*, the minimum security standard for all Government departments including schools, health departments and local government. It compared two recommended approaches to mobility: the BlackBerry Enterprise Solution and a ‘Walled Garden’ approach to mobility where any non-BlackBerry device is given VPN access to a secure limited zone on a network and is managed by third-party mobile device management software. After one year, the cost to securely manage non-BlackBerry devices using a Walled Garden architecture was found to be 39% more expensive than BlackBerry devices in a BlackBerry Enterprise Server (BES) deployment. The analysis further indicated that a Walled Garden approach would continue to cost more than the BlackBerry solution in subsequent years.

“This study highlights that the cost of setting up and managing devices using a ‘Walled Garden’ architecture is more expensive than using BlackBerry Enterprise Server with BlackBerry smartphones,” said Andrew Brown, Director of Enterprise Research at Strategy Analytics. “When looking to define a cost-efficient, long-term enterprise mobility strategy, we would caution all organisations across both the public and private sectors to look at the total cost of supporting multiple devices with multiple operating systems over several years.”

Strategy Analytics also assessed the security of the BlackBerry® 7, Apple iOS® 5, Symbian S60 and Windows Phone 7 (WP7) operating systems, using eleven key threats as a framework. The BlackBerry solution proved the most secure, scoring a low-threat level in ten of the eleven categories. The report also found that the end-to-end architecture of the BlackBerry solution, including encryption for data-at-rest and in transit, mitigates the maximum amount of risk and offers essential support for corporate IT policies.

“OEMs and device OS manufacturers need to ensure greater technical controls on their platforms to limit platform vulnerabilities and other operating systems have a long way to go before they can be considered viable options,” concluded Brown.

Scott Totzke, Senior Vice President, BlackBerry Security Group at RIM said, “As the only mobile solution to be approved by the UK government to protect material classified up to and including ‘Restricted’, the BlackBerry Enterprise Solution continues to set the standard for mobile security. This research study also further underlines that at a time when all types of organisations are looking to drive efficiencies, the BlackBerry solution remains the most cost-effective enterprise mobility option.”

For a copy of the full report, please visit:

Notes to editors  *Excerpts and tables from Strategy Analytics report follow below:

As with most businesses, Levels IL2, IL3 require adherence to so-called “CIA” standards, where Confidentiality (C) means that data cannot be eavesdropped or stolen, Integrity (I) means that data cannot be changed or corrupted, Availability (A) means that in the presence of certain kinds of attacks the system retains its ability to provide communications services.

IL2 is the security level which the UK Government believes that all service providers should be operating at and should be implemented across the public sector. IL3, with its requirement for enhanced data security (C, I) carries more stringent and potentially expensive requirements, necessary to maintain the confidentiality and integrity of data.

The optimal solution encompasses a layered security approach. A solution should incorporate:

· High level cryptographic standards such as AES 256 and/or Triple DES and can take account of securing data in transit and data at rest.

· Device Operating Systems must be secured using comprehensive device management, encompassing a comprehensive range of IT polices that can be enforced through a central, administrative console.

· Devices themselves need a high number of technical controls that do not require user intervention and can be administratively controlled; a reliance on procedural or manual controls opens the way for a higher degree of residual risk.