The BlackBerry 10 OS is set for launch on January 30, but it has already received FIPS 140-2 Certification.  This is the first time that a BlackBerry product has been FIPS certified before launch.  This news is an added boost for Research in Motion (RIM), maker of the BlackBerry brand, whose stock was previously reported to have dropped by more than 90 percent since its peak in 2008.     But for the ordinary smartphone user, the big question must have been, “So what?”

Photo from BlackBerry

For some of us, device security simply means running an updated anti-virus/spyware program and having the ability to place PIN and security codes on our devices.  Things like FIPS certification must all be tech-security mumbo jumbo.  Consumers choose smartphones based on features (4G, video calling, etc.) and platforms as a Business Insider survey and Mintel consumer study each shows; I seriously doubt that the ordinary consumer would go to the Apple Store and ask the salespeople if the iPhone is “FIPS certified” before they even think of buying it. As evidenced by the long lines on the iPhone 5’s launch day, FIPS is not really a main consideration when buying a smartphone. Apple has been trying to get its cryptopgraphic modules (embedded component or product or application, or a complete product in and of itself) FIPS-certified, but apart from the Mac OS X 10.6 and 10.7.0 meeting the lowest level of security, Apple modules are still in the FIPS 140-2 modules in process list or “Review Pending” state. Shawn Geddis, Security Consulting Engineer from Apple Enterprise Division says in an email that this is “merely an initial stepping stone to the module validation and does not reflect any validation of the module.”  So if the consumers don’t bother with FIPS, why is this news such a big deal?…but it does matter to government and businesses in particular

Industries, federal agencies, and the public rely on cryptography to protect electronic information and communications.  Each product has a cryptographic module to provide this security. To validate that products provide this security assurance, the National Institute of Standards and Technology (NIST) tests the products’ cryptographic modules. To be Federal Information Processing Standard (FIPS)-certified means that your product has been reviewed for FIPS 140-2 compliance and that it has been validated to at least the lowest level of security, which is level 1 (there are 4 levels). The FIPS standard is reviewed every five years and FIPS 140-2 is already its third rendition (FIPS 140-3 is still under draft).

Using products with FIPS 140-2 certification is particularly important for federal government and enterprises.  Business VoIP calls made by high-ranking executives or sensitive government information stored in smartphones, for instance, can lead to security risks with devastating consequences. Because of this, FIPS 140-2 is required for IT products sold to federal government and organizations that do business with government. Says leading experts on information security in a Corsec webinar on Top 10 Myths about FIPS 140-2 Validation, the law only requires level 1. However, products can show market distinction by achieving higher certification. Thus, it’s more practical for companies to create products that their clients need. If a company has a customer that requires products with level 2 certification, then it’s up to the company to come up with a product that passes level 2.

Too late for RIM?

Just recently, BlackBerry was dealt a huge blow after government agencies ditched their BlackBerries for iPhones.  Among those that are switching or have switched to iPhones are the U.S. Immigration and Customs Enforcement agency (ICE); Federal Air Marshall Service; the US General Services Administration; the Coast Guard; the National Oceanic and Atmospheric Administration; and the Bureau of Alcohol, Tobacco, Firearms and Explosives.  President Obama himself, said to be a BlackBerry lover, was notably featured struggling with his iPhone during a campaign stop. Even businesses that exclusively used BlackBerries are now making the switch to BYOD. Major reasons for the change include the long delay of the BlackBerry 10 release.  The Department of Homeland Security concluded that BlackBerry has fallen too far behind to provide for a “more capable and dynamic mobile technology.” To justify their iPhone purchases, the agency explains that “iPhone services will allow employees to leverage reliable, mobile technology on a secure and manageable platform.” Charter Equity Research analyst Ed Snyder opines that BlackBerry still has “excellent security … but if your handsets are a brick that no one wants to use it’s going to drag down your business.”

For RIM to get FIPS 140-2 Certification on BB10 re-establishes BlackBerry’s reputation as a secure platform for businesses and government agencies.  But at this point, does it even matter? Or has BlackBerry been too long to get into the game?

The good news is that BlackBerry stocks went up to $11.98 a share, bringing the total increase of BlackBerry shares to 70% in the past three months as the launch of BB10 draws nearer.  It still looks like an uphill battle with competitors like HTC, Apple, Samsung, and Nokia stepping up their games, but as someone who welcomes more quality choices in the smartphone arena, I’m hoping that this will be the start of a RIM-vival.