BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 04-07-2009, 10:34 AM   #1 (permalink)
Thumbs Must Hurt
 
a_kayaker's Avatar
 
Join Date: Apr 2005
Model: 8800
Carrier: Cingular
Posts: 98
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Allow employees to purchase their own BlackBerries?

Please Login to Remove!

We are currently discussing the benefits and drawbacks of allowing employees to purchase their own BlackBerries. The BB's would be allowed to connect to our BES just like our current units do.

We currently implement strict security. Our units are password protected and have a timeout configured. They also lock when holstered and have 3rd party apps disabled. Our BlackBerries are used for phone, email and internet. We are just starting to branch out into installing 3rd party apps, Google maps etc.

I also want to ask what kind of support do you offer the clients? We offer the platinum BB support here. Complete with hand holding and caressing. We are taking steps to phase that kind of support out and move to a internally hosted collection of training videos. We would like for our clients to become more self sufficient when it comes to training and support.

So, what do you do and how do you do it. What are some of the benefits and what are some of the drawbacks? What kind of security do you implement? How do your clients get their personal devices on the BES. Is it a bad idea?

Paint me a picture of your environment.

Thanks!
__________________
Don't hit at all if it is honorably possible to avoid hitting; but never hit soft!

Theodore Roosevelt
Offline  
Old 04-07-2009, 10:49 AM   #2 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,796
Post Thanks: 283
Thanked 300 Times in 284 Posts
Default

Been talked about before.

Company vs User Owned Devices
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Old 04-07-2009, 11:43 AM   #3 (permalink)
Thumbs Must Hurt
 
a_kayaker's Avatar
 
Join Date: Apr 2005
Model: 8800
Carrier: Cingular
Posts: 98
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by knottyrope View Post
Been talked about before.

Company vs User Owned Devices

Very nice. Thank you very much!
__________________
Don't hit at all if it is honorably possible to avoid hitting; but never hit soft!

Theodore Roosevelt
Offline  
Old 04-07-2009, 01:19 PM   #4 (permalink)
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App5
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,035
Post Thanks: 54
Thanked 782 Times in 742 Posts
Default

Personally, I wouldn't put my own device on a company BES. Too many things can be locked out and nothing is personal on a device connected to BES.

Just my opinion.
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!
Offline  
Old 04-07-2009, 01:51 PM   #5 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

You will thread into murky legal territory.

How do you ensure that corporate info and data is completely wipped from the device without wipping out the user's personal device? After all, it's his device.

Best not go down that road.

The best compromise I would come up with would be that I'll buy the device and the user can pay for the service. That way, it's my device.
Offline  
Old 04-07-2009, 02:12 PM   #6 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by Dubdub View Post
and nothing is personal on a device connected to BES.
I really dislike blanket statements like this, especially when they're incorrect.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 04-07-2009, 02:23 PM   #7 (permalink)
Knows Where the Search Button Is
 
Join Date: Sep 2008
Location: Cayman Islands
Model: 8900
OS: 5.0.0.822
PIN: 20ED4C2C
Carrier: DIGICEL - KY
Posts: 30
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

well we allow it, under the assumption that you pay for the service, as our corporate accounts only gets used by VIPs...
__________________
El Josh
Offline  
Old 04-07-2009, 03:48 PM   #8 (permalink)
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App5
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,035
Post Thanks: 54
Thanked 782 Times in 742 Posts
Default

Quote:
Originally Posted by penguin3107 View Post
I really dislike blanket statements like this, especially when they're incorrect.
One must assume that there is nothing personal on a device connected to BES.

Every BES Admin that I have talked with has a different opinion on what can and cannot be seen. Some say only corporate stuff and phone logs. Others say IMs, SMS, all email, etc. etc. And others say something in between. So it is really tough to get a straight answer as to what is and what isn't visible if the company wants to see it. Very few can agree on what is and isn't viewable or trackable.

Therefore, that is why I say what I did. If you intend for the info, email SMS, IMs, etc. to be private, then keep them off of BES. That way you are safe.
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!

Last edited by Dubdub : 04-07-2009 at 03:49 PM.
Offline  
Old 04-07-2009, 03:53 PM   #9 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,796
Post Thanks: 283
Thanked 300 Times in 284 Posts
Default

this makes for a good read
BES - what is stored and logged?
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Old 04-07-2009, 03:59 PM   #10 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by Dubdub View Post
One must assume that there is nothing personal on a device connected to BES.
If one does assume that, then they are making an incorrect assumption.

Quote:
Originally Posted by Dubdub View Post
Every BES Admin that I have talked with has a different opinion on what can and cannot be seen. Some say only corporate stuff and phone logs. Others say IMs, SMS, all email, etc. etc. And others say something in between. So it is really tough to get a straight answer as to what is and what isn't visible if the company wants to see it. Very few can agree on what is and isn't viewable or trackable.
The perhaps you shouldn't make any statements at all, since you are merely perpetuating misinformation.
This isn't an opinion-based issue. It's a simple matter of some BES admins who know what they're talking about, and other BES admins who don't.
The ones who say "nothing is private when your device is on a BES" or "BES admins can see everything on your device" are the ones who simply don't know what they're talking about.

From the BES side, there's things that can be logged, and there's things that can't.
If you're going to make blanket statements about privacy, then that's the one you should be making.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 04-07-2009, 05:30 PM   #11 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

I have to agree with Penguin here. The problem is that people ask very broad questions, to which the answers are very subjective.

For example, what version of BES is being referred to? There are substantial changes between functionality between a 3.x and a 4.1.x BES.

Secondly, what is the BES config? There are certain things that CAN'T be logged. So... many BES Admins will block them. As such, they can say (correctly) that everything on THEIR BES is logged. This does not mean that a BES is capable of logging everything on a BB if the admin wants it to.

There are known limitations with logging of BlackBerry components, for example BlackBerry Messenger How do I log BB Messenger conversations?. Then we can make things more complicated - when someone says "Can BES log IM?" do you mean the half-baked solution in the link posted above? Or are people referring to their corporate IM application (for me, my SameTime server logs chats. Nothing to do with "BES" per se, I have yet to find an option in my BES to log SameTime. So yes I log SameTime chats held via BES, but I don't log them via BES. The end result is the same for the user, I log your chats, but the method is technically very different, it is native sametime logging and not BES logging). Or are people referring to IM meaning GoogleTalk, or AIM or something else?

Basically, when someone asks "can my BES Admin see this?" the only real answer is "send me a copy of your BES config and I will let you know" - apart from that, it is guestimation using the information available.


However, as the OP did not ASK about BES logging or what it is capable of, this thread is skewering off direction.
So I would refer the OP back to the original link posted by Knotty, and throw my 2p in:

I prefer NOT to allow personal devices. This is because personally, I find that users who have had an "unrestricted" BB who suddenly get EA'd and inherit my policies are not happy. This leads to endless circular conversations along the lines of:

User "My BB won't do half the stuff it used to"
Me "No, well, your BB is restricted by IT Policy now"
User "But it is MY BB"
Me "And it is on a corporate BES with a corporate security policy"
User "Can you change the policy?"
Me "No"
User "But it is MY blackberry. I want to be able to use Google Mail"
Me "No"
etc

It is also a pain to remove corporate IT policy from device, and/or clear corporate data when the user leaves, or not to have control over the account the device is on (BES data plan necessary, users will just turn this off and wonder why the BB "stopped working") etc.

I have a gazillion reasons to disallow personal devices. Almost all of them come down to expected levels of support, unrealistic user expectations of what the IT policy means in reality, and an unrealistic meeting of corporate and personal ideas of security.

I am lucky that I work for a company who believe that if a user needs a BB, we will spend the money and get one. Owned by company. Managed by company. Controlled by company. It really is a LOT easier.
I appreciate that not all BES Admins have this luxury.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year

Last edited by Jadey : 04-07-2009 at 05:34 PM.
Offline  
Old 04-09-2009, 11:44 AM   #12 (permalink)
New Member
 
Join Date: May 2008
Model: 8700
PIN: N/A
Carrier: AT&T
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We dont allow personal bbs to be used.. if it's not my device i have no legal right to wipe it if someone decides to walk away.
Offline  
Old 04-09-2009, 11:52 AM   #13 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by aglenn View Post
if it's not my device i have no legal right to wipe it if someone decides to walk away.
Actually, that's not true at all.
Your company owns the data on that device, and you have every right to protect your company assets.
This is one reason why the 'Erase Data & Disable Handheld' feature exists.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 04-09-2009, 12:04 PM   #14 (permalink)
BlackBerry Master
 
djm2's Avatar
 
Join Date: Jul 2007
Model: 9780
PIN: N/A
Carrier: T-Mobile
Posts: 4,637
Post Thanks: 29
Thanked 12 Times in 12 Posts
Default

Quote:
Originally Posted by Jadey View Post
I have to agree with Penguin here. The problem is that people ask very broad questions, to which the answers are very subjective.

For example, what version of BES is being referred to? There are substantial changes between functionality between a 3.x and a 4.1.x BES.

Secondly, what is the BES config? There are certain things that CAN'T be logged. So... many BES Admins will block them. As such, they can say (correctly) that everything on THEIR BES is logged. This does not mean that a BES is capable of logging everything on a BB if the admin wants it to.

There are known limitations with logging of BlackBerry components, for example BlackBerry Messenger How do I log BB Messenger conversations?. Then we can make things more complicated - when someone says "Can BES log IM?" do you mean the half-baked solution in the link posted above? Or are people referring to their corporate IM application (for me, my SameTime server logs chats. Nothing to do with "BES" per se, I have yet to find an option in my BES to log SameTime. So yes I log SameTime chats held via BES, but I don't log them via BES. The end result is the same for the user, I log your chats, but the method is technically very different, it is native sametime logging and not BES logging). Or are people referring to IM meaning GoogleTalk, or AIM or something else?

Basically, when someone asks "can my BES Admin see this?" the only real answer is "send me a copy of your BES config and I will let you know" - apart from that, it is guestimation using the information available.


However, as the OP did not ASK about BES logging or what it is capable of, this thread is skewering off direction.
So I would refer the OP back to the original link posted by Knotty, and throw my 2p in:

I prefer NOT to allow personal devices. This is because personally, I find that users who have had an "unrestricted" BB who suddenly get EA'd and inherit my policies are not happy. This leads to endless circular conversations along the lines of:

User "My BB won't do half the stuff it used to"
Me "No, well, your BB is restricted by IT Policy now"
User "But it is MY BB"
Me "And it is on a corporate BES with a corporate security policy"
User "Can you change the policy?"
Me "No"
User "But it is MY blackberry. I want to be able to use Google Mail"
Me "No"
etc

It is also a pain to remove corporate IT policy from device, and/or clear corporate data when the user leaves, or not to have control over the account the device is on (BES data plan necessary, users will just turn this off and wonder why the BB "stopped working") etc.

I have a gazillion reasons to disallow personal devices. Almost all of them come down to expected levels of support, unrealistic user expectations of what the IT policy means in reality, and an unrealistic meeting of corporate and personal ideas of security.

I am lucky that I work for a company who believe that if a user needs a BB, we will spend the money and get one. Owned by company. Managed by company. Controlled by company. It really is a LOT easier.
I appreciate that not all BES Admins have this luxury.
Thank you. This is perhaps the best explanation that I have seen on this subject.
Offline  
Old 04-10-2009, 09:35 AM   #15 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by djm2 View Post
Thank you. This is perhaps the best explanation that I have seen on this subject.
Here here.. I can sympathize with this last entry.. We have a shop of personally owned devices. Some of which the company pays the service for, but charges back the taxes. This is because we are non-profit company. But the device was paid for by the employee.

Because of this, it has also prompted people to object to the simplist of password policy. We just require the minimum 4 length pw, time out set to 20 min.. etc..

The complaint is that it is too hard to put in a 4 letter pw everytime they have to access data. WAAAAA.. it makes me very angry to think that we have information on these devices that makes our company vulnerable, and the users cant stand to be inconvienced by a 4 letter pw. I mean give me a break. The other thing that has happened is that if you have to do any work on the devices, do you dictate what version of the software they run? Do you update everyone, or let them update themselves? Oh and if you do have to wipe the device and reactivate, you will have some user who is devistated because you cant restore text messages, because their device was messed up.

I have worked in several environments, and I would love to be back in a company owned BB environ, not this every man for himself deal. That way we have the ability to lock down information and ensure the security of our company data. We have had too many breachs already and we are just getting our feet wet.
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 04-14-2009, 12:48 PM   #16 (permalink)
CrackBerry Addict
 
Join Date: Jul 2005
Location: Solon, OH, USA
Model: 9000
OS: 4.6.0.167
PIN: 20878533
Carrier: ATT
Posts: 708
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

The support costs for user-owned equipment is generally higher than that of corporate owned gear, mainly due to handware, software, and other differences in standardizations (or lack there of).

We do support a few user-owned devices. Not all of them are reimbused for service changes (from the carrier) but some are. All get the same IT Policy. The device gets wiped when they leave. They don't get treated any different than employees with company-owned devices, and I still reserve the privilege to remove any programs I need to (including BIS service books, if need be) in order to maintain the healthy functionality of the device. In some cases (if HR and corporate agree) we will provide their Address Book or other personal information on CD/DVD so they can import it at their next job. But that's someone else's call. Just like integrating a personal device with our BES is someone else's call.
__________________
--
Domino 7.0.4FP1 | BES 4.1.6 MR-7 | 42 handhelds
Offline  
Old 04-14-2009, 01:20 PM   #17 (permalink)
Talking BlackBerry Encyclopedia
 
wunderbar's Avatar
 
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

we used to allow it, but no more.

My personal opinion is that the user should get to pick their device, but while they work for the company it is a company owned device. If they decide to leave the company they should have the option of buying the device from the company if they want to continue to use it, but the device is wiped clean before that transaction is complete. We don't do that here, but it's an endgame I'm working towards.
__________________
Blackberry Admin
BES 5.0.2 MR4
Exchange 2010 SP1 RU2
Blackberry 9630
WES 2008 Alumni
Offline  
Old 08-10-2009, 11:49 PM   #18 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Jun 2005
Location: Orlando, Florida
Model: 8330
Carrier: Sprint
Posts: 207
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by penguin3107 View Post
Actually, that's not true at all.
Your company owns the data on that device, and you have every right to protect your company assets.
This is one reason why the 'Erase Data & Disable Handheld' feature exists.
I'm no BES admin but two thoughts:

1. If the end user owns the device and has personal data on it that you wipe, aren't you in some legal issue as the admin/employer if you have not permitted the backup of the personal data?

2. The discussion about privacy is a mute point for me as an end user. If I am using a corporate device, for all practical purposes, I should assume my employer can see everything. Even if they can't, it is their device and I should be prepared for that. Isn't that the way we all view desktop email? And even if it is my device, be cautious. I don't want to lose a job because of something stupid and I doubt anyone else does. So while technically there may be details and an employer can't see on my device, I would err on the side of caution!!
Offline  
Old 08-11-2009, 09:56 AM   #19 (permalink)
Thumbs Must Hurt
 
michaelalanjones's Avatar
 
Join Date: Dec 2008
Location: Louisville, KY
Model: 9000
OS: 5.0.0.411
PIN: T of Ale, Please!
Carrier: AT&T
Posts: 106
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is precisely why I did not go on my company's BES. I bought my Bold, and I pay the monthly bill. The company that I work for is like the military, and they are extremely big-brother-ish. If given the chance, they would log all my activities on my Bold, I know it.

If I was one of a_kayaker's employees, I would tell him, that is fine, but I want a contract that says what will and will not be logged. If it is acceptable, I would sign it, and then get the BlackBerry, and if not, I would not get the BlackBerry on their BES.

That's only fair. If the company doesn't want to state on paper what will be logged, they what are they hiding? If they don't plan to log user data, they should put that in the contract. If they fire someone later for a private email where Suzie tells Bob that "Cindy is a bee-yotch", I would produce that contract, and say, "Oh, I am sorry, we have to go to court."
Offline  
Old 08-11-2009, 02:29 PM   #20 (permalink)
rsk
Thumbs Must Hurt
 
Join Date: Jan 2007
Model: 9630
Carrier: Sprint
Posts: 134
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by michaelalanjones View Post
This is precisely why I did not go on my company's BES. I bought my Bold, and I pay the monthly bill. The company that I work for is like the military, and they are extremely big-brother-ish. If given the chance, they would log all my activities on my Bold, I know it.

If I was one of a_kayaker's employees, I would tell him, that is fine, but I want a contract that says what will and will not be logged. If it is acceptable, I would sign it, and then get the BlackBerry, and if not, I would not get the BlackBerry on their BES.

That's only fair. If the company doesn't want to state on paper what will be logged, they what are they hiding? If they don't plan to log user data, they should put that in the contract. If they fire someone later for a private email where Suzie tells Bob that "Cindy is a bee-yotch", I would produce that contract, and say, "Oh, I am sorry, we have to go to court."
bwhaaa haaa haaa, good luck with that, using company infrustructure to send personal messages is pretty stupid to begin with, but demanding a contract is just about the funniest thing I have ever heard. Most places have blanket policies in place that state they reserve the right to monitor any or all electronic communications. why would you have any expectation of privacy using company provided hardware or infrustructure ? if your job requires you to carry a BB for any reason then you carry one, or they find someone else to do your job who will carry one and not be such a pompous ass about it.

it's business, it's not about being fair.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.