BlackBerry CIO on mobile security, BYOD and the modern CIO role
Research In Motion (RIM) CIO Robin Bienfait is not your typical CIO.
In her own words: "I probably would be more classified as a CTO. But at RIM, it takes somebody that's like a CTO to be the CIO. You've got all these people within RIM who are highly technical and they're going to challenge everything you do as a CIO."
Bienfait joined the BlackBerry team in December 2006 after serving as AT&T's SVP of Global Network Services and Chief Compliance Officer, where she was in charge of the company's business-continuity and disaster-recovery efforts during various natural disasters, including Hurricane Katrina and the 9/11 terrorist attacks. And she says business continuity is her strong suit.
CIO.com Senior Editor Al Sacco met with Bienfait this week in San Diego, the evening before she headlined the event's day-two keynote address, to discuss what she learned from her time at AT&T, as well as her thoughts on how RIM approaches BYOD internally, the importance of mobile security, how the modern CIO role is evolving and what the future holds for RIM.
Al Sacco: First of all, can you talk a little bit about your experience working on the 9/11 network recovery?
Robin Bienfait: Within AT&T, you had to be able to get into the area and pull cables. They wanted the stock exchange bell to ring on Monday morning. We typically would fly people in but, since they shut the airways down, we had to put everybody on trucks and all of our equipment on trucks. We literally built like a little "truck city" that was a replacement for the network infrastructure that was impacted.
We practiced [recovery efforts] every quarter. We would drive out to a city. We would fail the city over onto our tractor trailers. We were used to taking those 100, 150 trucks that were in my fleet and actually airlifting them. Because we didn't have the air, we had to get access via bridges and roads. We had everybody cooperating. We'd been doing [practice exercises] for 10 years. Every quarter.
Can you think of a specific lesson you took away from the situation?
A lot of people don't think about continuity when they design anything, whether it's writing software or building a service, even some of the operations that you have today. They just don't think about continuity of operations, continuity of their business or protecting their IP. So it's something you need to think about all the time. What if this doesn't work? What is my backup plan? You're never going to have every scenario covered, but [if you're prepared] when you do get an event that presents itself you at least know how to go about resolving it.
We're hearing about BYOD a lot nowadays, and at CIO.com, we're writing a lot about BYOD. RIM is in a unique situation in that it's making products for IT to help them manage and embrace the changes that come with BYOD. Mobile Fusion, BES 10 and BlackBerry Balance, for example. Does RIM support non-BlackBerry devices? Can RIM employees bring in, say, a new iPhone 5 and ask IT to support it?
We have to test all the services we offer, so there are employees [using non-BlackBerry devices]. I don't have anybody bringing personal devices to work. But we do have devices that we use to test and make sure that our capabilities do work.
So RIM employees cannot bring in their personal devices and ask RIM to support them?
Not a personal device, no.
That goes for BlackBerrys, too? Employees can't bring in personal BlackBerrys?
The only thing we've opened the door a little bit for is our PlayBook [tablet]. If an employee brings in a PlayBook, we'll enable BlackBerry Balance on that PlayBook. But that's more of a pilot for us.
"[RIM employees] don't need to bring somebody else's personal device to work. I want the full security solution. Being head of security for the business, I understand where the vulnerabilities are within the other platforms. It's just not a risk I'm willing to take yet."
When BlackBerry 10 launches, do you expect to allow employees to use their personal BlackBerrys?
Yes. I would like to see that happen. But when you work for a company that manufactures devices, everybody just has one. A lot of us have two or three.
It seems a little odd to me RIM is enabling companies to deal with, and even embrace, BYOD, which is basically saying, 'We know you can't resist this," but then RIM itself is resisting it.
Some of our financial-industry customers have around 100,000 employees. They may have a deployment of BlackBerrys for about 30,000 or them. Those are people within their business that are either trading, handling top-secret information, and they need that security, privacy and manageability [the BlackBerry offers]. The other 70,000 employees want to also be productive, but they may not need full access to the data suite that this other crowd needs. That's where they want to open up device diversity. We want to make sure we're helping them do that.
You don't see that same scenario within RIM? A need for some people to have more security and others to have more device freedom?
Right now, I can turn on BlackBerry Balance for employees with BlackBerrys, so they can have dual personas on one device. They don't need to bring somebody else's personal device to work.
So no iPhones or Android devices for RIM employees?
I want the full security solution. Being head of security for the business, I understand where the vulnerabilities are within the other platforms. It's just not a risk I'm willing to take yet.
Do you use a personal device that's not a BlackBerry? Have you ever used a non-BlackBerry smartphone or tablet?
No. When I was at AT&T, I tested several other devices. The one that would actually function, the one that would work in areas of difficulty [during emergencies] was a BlackBerry. When I was doing all the recovery after Hurricane Katrina, the only device that would get a signal was a BlackBerry. 9/11, the only device that would get a signal and actually handle the processing I needed, was a BlackBerry.
That was because cellular networks were overloaded, and your communications were going directly through RIM's infrastructure, correct?
Yes. And even though we were boosting the network up, still the signal that was really traveling through was via BlackBerry. We've actually seen the same thing [recently] in Haiti and with the earthquakes overseas, in Japan. Same phenomenon.
Moving on to the modern CIO role, can you talk a bit about the major IT trends you think all CIOs should be watching right now?
The biggest thing is making sure your IT team really understands what is running the business. Really understanding the business versus just making sure machines are up and running. Being more of a business partner. Some IT folks have a lot of great ideas and innovations and thoughts about how to improve the business workflow. Getting them engaged at the business level can [benefit the entire business.]
How can CIOs do this?
You have to really understand how to change your business processes. You really have to have somebody who understands your business processes. I find that it's the IT department, who sees all those things come together, that can help with that. Sometimes they're not engaged to reinvent the business.
As a CIO, what keeps you up at night? What do you worry about?
Cybersecurity. And I keep marching up the bar to make sure that we manage cybersecurity. [I worry about] the guys who are coming after you all the time. (Laughs) With hackers you want to make sure that they're not in your business, that they don't have access to your customers, that you're doing things to improve your products to make sure that you aren't vulnerable and that you keep your eye on the ball.
What are the most significant challenges facing modern CIOs? Also cybersecurity?
I think so. A lot of it is that CIOs are not aware of what they've lost. I've sat in rooms with a lot of CIOs, and there are few that will actually admit they've had a breach and they're struggling with how to handle it. Not a lot of people will communicate that they've had a security breach. So there's not really open sharing in that space. I wish there would be, some kind of forum where you can come in and say, "Hey, we're seeing this kind of an event, and we need to do something about it."
Some CIOs or technology leaders will say, "We've never had a breach." Then you really know that they don't have the tools in place that would even see if somebody intruded into their space. Awareness and being able to do something about it [are key]. Awareness is the big one. Awareness is hard.
There is a lot of negative media attention around RIM right now. Does it get to you?
It bothers my husband. (Laughs) He comes home, and he'll say, "I got another phone call from somebody overseas." His family is from Holland. They wanted to know, is Robin okay? I say, I'm fine. I'm happy. I love what I'm doing. Even when I was at AT&T, we were going through some tough times before we got sold by Bell South. Sometimes I think you find your most talented people when times are tough, because it's those people that are dedicated to the business and the business of serving our customers who really shine. That to me is energizing. It's very hard for some people. Some people run from it. Actually, this is a time that brings out my true colors, too.
" I'm happy. I love what I'm doing...Sometimes I think you find your most talented people when times are tough, because it's those people that are dedicated to the business and the business of serving our customers who really shine& this is a time that brings out my true colors. "
Can you talk a bit about your relationship with RIM CEO Thorsten Heins?
I like my CEO. I liked the former two CEOs (Mike Lazaridis and Jim Balsillie) too. I like all CEOs. (Laughs) I find that most CEOs either love or hate their CIOs. The CIO either did something great today or the CIO spent too much money. There's no middle ground for the poor CIO. They've done something really great, or the CEO is mad at them because they locked him down or didn't let him do so and so. There's a nice tension between the CIO and CEO.
The thing I like about Thorsten, specifically, is that we worked a little bit together in the past, when he was at Siemens and I was AT&T, he was selling optical networks to me. I have a real respect for his capabilities. He's done a very nice job of focusing our business on the right priorities for us. Not letting us get distracted by trying to be everything to everyone, which is something we really need right now.
How often do you communicate your CEO?
Daily. Sometimes he doesn't like it. (Laughs) But he doesn't have a choice. It keeps me very busy.
I've spoken with quite a few CIOs during the past years, and to be honest, I haven't spoken with too many high-profile female CIOs. What does it mean to be a woman in job role that's largely dominated by men?
I think it's an asset to be a woman, because I do bring a different perspective, and maybe I think about things a little bit differently. But I wasnt brought to the table to add that diversity element. It just so happens we get it for free. I'm from a family of seven, and I was taught at a very early that if you're going to eat, you have to be at the table. I haven't missed a lot of meals. (Laughs) I can be a little assertive on occasion.
" I think it's an asset to be a woman, because I do bring a different perspective, and maybe I think about things a little bit differently. But I wasnt brought to the table to add that diversity element. "
Will RIM be able to keep its edge over competitors when it comes to enterprise mobile security in the future?
I believe RIM will keep its edge. Security is part of your DNA. When you bake it into everything you do, and the way you handle processes, the way you communicate, you design with security in mind first. Security is not an add-on for us. It's in our products and in our processes. That's our heritage. That's our legacy, and we will continue raising the bar.
What else do you want to tell my CIO.com readers? What should CIOs be thinking about that I didn't ask?
I've heard people talk about how the CIO job is going away. I think the CIO job is changing. The role is changing. But I don't believe it's going away. I think the CIO is going to be somebody who needs to be helping to drive the business, find new channels for revenue and figure out ways not just to reach your employees but to reach your business's end users.