Security Technical Overview
Securing tablets in your organization's
environment for work use
Your organization can permit a BlackBerry PlayBook tablet user to connect a BlackBerry PlayBook tablet to a
BlackBerry smartphone that is associated with a BlackBerry Enterprise Server and use the tablet for work
purposes. Security features on the tablet can control how the tablet helps protect your organization's data and
applications. The security features provide the following benefits:
•
Control access to your organization's data on the tablet
•
Help prevent your organization's data from being compromised
•
Provide one experience for users, regardless of whether they access work data or personal data
•
Make your organization's data on the tablet inaccessible when the connection to the smartphone closes
These security features are not available when the user connects the tablet to a smartphone that is activated on
the BlackBerry Internet Service. If the user connects the tablet to a smartphone that is activated on a BlackBerry
Internet Service, the tablet specifies that all data and applications on the tablet are for personal use.
How a tablet distinguishes between work data and personal
data
Work data consists of all email messages, calendar entries, and attachments that a BlackBerry Enterprise Server
and a BlackBerry smartphone send between each other and any data that is associated with work applications (for
example, metadata). If a BlackBerry PlayBook tablet user connects a BlackBerry PlayBook tablet to a smartphone
that is activated on a BlackBerry Enterprise Server, the tablet permits the user to view and interact with work
data. A media card must be inserted in the smartphone to permit the user to interact with work data (for example,
open attachments on the tablet or save updates to files).
To help protect work data, the tablet automatically creates a work file system in the BlackBerry Tablet OS that
isolates work data and work applications from personal data and personal applications. The tablet encrypts the
work file system using XTS-AES-256 encryption.
The tablet is designed to prevent the user from seeing or accessing the work file system directly on the tablet by
clicking on an icon for the work file system. The tablet is designed to allow the user to access work data and work
applications when the user connects the tablet to the smartphone using the BlackBerry Bridge. When the user
connects the tablet to the smartphone, the tablet displays the BlackBerry Bridge panel. The user can use the
BlackBerry Bridge to access work applications.
18
Securing tablets in your organization's environment for work use
5