BlackBerry teams with Samsung and IBM to offer governments a secure tablet

BlackBerry is returning to the tablet market — this time with the help of Samsung Electronics, IBM and Secusmart, the German encryption specialist BlackBerry bought last year.

This is not the PlayBook 2 that BlackBerry was rumored to be working on last year, but the SecuTablet, developed by Secusmart and IBM for a German government department.

The SecuTablet is a Samsung Galaxy Tab S 10.5 LTE 16GB bundled with some software from IBM and SecuSmart’s special MicroSD card, which combines a number of cryptographic chips to protect data in motion and at rest.

Samsung’s Knox secure boot technology ensures that the OS on the tablet has not been tampered with, while IBM’s contribution to the security chain is to “wrap” certain apps in an additional layer of code that intercepts and encrypts key data flows using the Secusmart hardware.

Secusmart managing director Hans-Christoph Quelle hopes that before year-end the German federal IT security agency, BSI, will grant the Knox-Secusmart combination a security rating corresponding to Nato Restricted.

“The project was started long before BlackBerry acquired Secusmart,” said Quelle, now a senior vice president at BlackBerry.

The deal raised questions at the highest level within BlackBerry, IBM and the government department about whether to continue, he said, particularly with IBM’s recent announcement of an alliance with Apple to deliver enterprise apps.

The tablet project survived the acquisition, not least because, with its smartphone market share shrinking, BlackBerry is keen to sell its security services across as many platforms as possible. BlackBerry announced plans last November to extend support for its management software to Samsung devices, and at Mobile World Congress in Barcelona last month it said it would release versions of Secusmart’s Secusuite voice and data encryption system, and its own WorkLife by BlackBerry management tool, for Samsung Knox devices.

Organizations deploying the SecuTablet will be able to set policies controlling what apps can run on the devices, and whether those apps must be wrapped, said IBM Germany spokesman Stefan Hefter.

The wrapping process — in which an app is downloaded from a public app store, bundled with additional libraries that encrypt its network traffic and intercept Android “intents” for actions such as cutting or pasting data, then uploaded to a private app store — ensures that corporate data can be protected at rest, in motion and in use, he said.

For instance, it can prevent data from a secure email being copied and pasted into the Facebook app running on the same device — yet allow it to be pasted into a secure collaboration environment, or any other app forming part of the same “federation”, he said.

Secusmart will sell the device in Germany, while IBM will sell it elsewhere. Although initially developed for government use, Quelle hopes IBM’s enterprise customers will also be interested.

Naturally, this level of security doesn’t come cheap: An unmodified Samsung Galaxy Tab S 10.5 retails for around $500, but the SecuTablet will cost around €2,250 (US$2,380) including the Secusmart MicroSD encryption card, the necessary app-wrapping and management software, and a year’s maintenance contract, he said.

Peter Sayer covers general technology breaking news for IDG News Service, with a special interest in open source software and related European intellectual property legislation. Send comments and news tips to Peter at peter_sayer@idg.com.