RIM would still have to do a lot of work to harden Android to their standards: security is a large selling point for the BlackBerry wrt enterprise/gov't. Switch to bare Android, they lose their security edge and the enterprise happily continues to dump them. Harden Android, they'll be even later to market, likely break compatibility, and their customers will be gone by the time they're out.
Forgive the ignorance, but what really needs to be hardened? RIM'd be rolling their own Enterprise mail apps, etc, and Android's built on a pretty secure Linux foundation. Maybe add full disk encryption (eww w/ flash mem)? Restrict app purchases to those approved by RIM?
The most obvious bit is RIM hasn't ever allowed self-signed code on the BlackBerry. It's not obvious from the user end (as they support sideloading just like Android), but you have to request a cert from them and dial home every time you sign (even for dev builds).
Also, when you say "secure Linux foundation", realize that the vast majority of Android phones get rooted[0], which would allow for circumventing their security and enterprise controls (ex: disabling the camera, kill switches, restricting apps, monitoring usage, etc.). Part of RIM's appeal has been their relative immunity to rooting; they'd have to be able to prove their variant of Android is notably more secure than AOSP (else there's no advantage)
[0] by which I mean models that can be rooted, not individual phones that have been rooted
I'm not sure against what kind of problems are you looking for security against? If it's just to make sure employees phones are safe against external attacks, why not simply tell your employees to not root their phones and use Android's full-disk encryption? If it's defense from malicious employees from accessing your VPN, then the solution seems out of the scope of your phone software - and banning non-blackberries (as many companies do) wouldn't solve the problem.
Saying "don't root it" only works (weakly) to make sure your employees aren't doing things they shouldn't. If Alice leaves her phone behind at lunch, Eve can root it and install a bug to forward all her secret company mail to EveCo's servers, and Alice won't know when she grabs it from the cafe the next day. If her phone's known to be sufficiently hardened, AliceCo has less to be concerned about when it's lost.
That's RIM's only solid current advantage, enterprise customers that can trust their security. Anything that would give the appearance they can't offer this security anymore would totally destroy them.
Android's full disk encryption is supposed to solve that problem. You can't root her device and make it look the same (so she doesn't notice), because that would require breaking the encryption.
If there is a lot of work to do, then that's a good thing - it offers a place where RIM's engineers can provide value to the android platform that you can't get anywhere else.
It might take time, but considering that BB10 isn't arriving anytime soon. To contrast, Sony announced their first Android phone in Nov '09, and shipped it in April '10.
Had RIM seen the writing on the wall could they have had a RIM Android phone around the same time BB10 is supposed to release?
