View Single Post
Old 08-18-2010, 07:34 PM   #4 (permalink)
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts

Originally Posted by NJBlackBerry View Post
It can (and must) be done right.
Absolutely. The next question is: What policy's will you enforce or apply to these handhelds? Active sync is great, but it is not robust enough to mimic BES. Not without a third party software. Are you enforcing password rules?

One thing we found works better with Active sync, is to set the password attempts to 6 instead of 10. Apple has written there software that after 5 attempts, it disables the device for 1 minute, then 5, then 15, then 30, then 1 hour, then wipes it, if you leave the password attempts at 10. So by decreasing it to 6 now you will have the device wiped in 60 minutes not 2 hours.

Enforce encryption on the device. I know that the device is encrypted, but the data transmission must be as well.

Also WHY OH WHY would you EVER put more than one Exchange account on a device?

Your policy's must be comprehensive donxxx8217;t leave any room for error. Your users must know that the device will be bricked at any point for any reason. So they are required to do backups on their own devices. Release your company of the financial liability that comes from having iTunes loaded on a company PC.

Also if your company is considering allowing personally owned devices to connect to company resources check your computer usage policy. See what can or should be allowed on a personal phone with company info. Determine whether or not your company is going to pay for the personxxx8217;s data package. Most carriers up charge to have enterprise email.

When looking at VPN or Citrix, know the cost. Do you have enough licenses to cover all of the new connections?

Know how to use the iPhone configuration utility. It is a free download. The problem with the native utility is that to put it on a phone, the phone has to be physically connected to the PC with the policy.

You may also want to consider a product for email like GOOD. It will sandbox the application and when you wipe email off, it doesnxxx8217;t touch personal info. It will also do a check for a compromised device and allow you to use the iPhone config tool to put a policy on that will configure things like VPN or recommend apps for download.

Also we all need to find a way to check for hacked (jailbroken), etc. devices.

Beware of vendors hawking really cool apps that connect to the web or require you to put a hole in your firewall to work. It seems that the vendors havenxxx8217;t figured it out either.

Remember we are all in this changing environment together and we too must adapt or get left behind.

P.S. I get my new torch tomorrow for testing..
Your profession is not what brings home your paycheck. It is what you were put on earth to do.

Last edited by b52junebug : 08-18-2010 at 07:37 PM.
Offline   Reply With Quote