BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 06-14-2009, 12:13 PM   #1 (permalink)
Thumbs Must Hurt
 
falcontrainer's Avatar
 
Join Date: Apr 2008
Location: Columbus, Ohio
Model: 9530
OS: *.*.*.109
PIN: N/A
Carrier: Verizon
Posts: 66
Post Thanks: 0
Thanked 0 Times in 0 Posts
Question Worth the fight?

Please Login to Remove!

It seems that my (newish) server admin wants to dis-allow personal bb's on our corporate BES. We have been allowing this now since we brought in the devices and the BES(4+ years).

He is arguing security risks of allowing the personal devices.

I disagree with that statement saying that they are connected to the BES and I can/will wipe the devices if something happens. To that we have a auto-lock policy in effect on the company owned devices, but it's an option for the personal devices (which we can change).

There is also the cost of having to buy a license per device but I mark the cost up to a service of our group.

What do you think?
__________________
Administer of a Domino backed BES 4.1.3.16 w/ 95 (and counting) Happy/Unsuspecting Users
Offline  
Old 06-14-2009, 12:17 PM   #2 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default

As long as the personal BlackBerries have appropriate IT policies assigned to them you should be o.k. security wise.

I don't support personal devices in my settings because I don't want to hear about users complaining about the password... Any device on my BES gets a very nice IT policy assigned to it
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter

Last edited by SteveO86 : 06-14-2009 at 12:19 PM.
Offline  
Old 06-14-2009, 12:20 PM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

We used to, but no longer allow personal devices on our BES mainly for unwillingness to support them (there are still a handful on there). Since I also manage all of our wireless accounts, if there is an issue of some sort with the device provisioning, I can contact the carrier to resolve. I cannot do that with a personally owned device - the end user has to do that and many time they don't know what to say to the carrier.

Also - you don't enforce a password on a personally owned device??? Wow, IMO you're asking for trouble and that's a huge security breach. Do you allow someone to bring their personal laptop into work and connect to the work network without restrictions? It's the same thing as not enforcing a password on a personal BB. Anyone that is connected to the BES should have the same IT Policy - like it or not. My 2 cents.

ALL of our devices have the same level of security - personally owned or not.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 06-14-2009, 12:59 PM   #4 (permalink)
Thumbs Must Hurt
 
falcontrainer's Avatar
 
Join Date: Apr 2008
Location: Columbus, Ohio
Model: 9530
OS: *.*.*.109
PIN: N/A
Carrier: Verizon
Posts: 66
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Juwaack68- I inherited a badly managed environment and have wanted to push out the policy to others but am still waiting on mgmt decisions since there are so many people (and there are many mgmt since the company wont buy bb's unless you meet certain requirements(which is a whole other conversation/argument)). It's a sticky situation and I am trying to not get burned by just rolling things out with out support.

Just getting frustrated with the extremely slow workings and waiting for a decision.

Plus I forgot to mention in my first post. If the end users are willing to pay the extra $15-$45 a month to add the BES connectivity on their phone I figured the license will be the least our group could do being a service group.
__________________
Administer of a Domino backed BES 4.1.3.16 w/ 95 (and counting) Happy/Unsuspecting Users
Offline  
Old 06-15-2009, 09:05 AM   #5 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2006
Location: Woodbridge, VA
Model: 9530
Carrier: VZW
Posts: 89
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

WOW! It sounds like you work for my customer...lol. About a third of our devices our personal. The other big problem I have is that they do not have one standard device. In fact, we have 5 different carriers and like 15 different models. It makes it extremely difficult to manage. I brought up the suggestion when I first got here about consolidating the devices, but got shot down. But to the other points, we do enforce the same IT policy on all handhelds, regardless of ownership.
__________________
Exchange 2007/BES 4.1.6
Offline  
Old 06-15-2009, 10:25 AM   #6 (permalink)
New Member
 
Join Date: Feb 2009
Location: WI
Model: 9000
PIN: N/A
Carrier: AT&T
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am with juwaack68 - if it connects to the network, it must have a password. We do allow personal phones, but all that are on our BES have an IT policy applied. The user knows that when they sign on, we have the ability to control their device and may wipe if deemed necessary.

If I were you, I would start with any new additions and require a policy, work on the existing users as time/administrative approval allows.
Offline  
Old 06-17-2009, 04:26 PM   #7 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

There is also the legal implication of when a user leaves. A corporate device, you just wipe. But try to wipe a personal device and you may run into a myriad of issues. And what happens if the user just calls you up one day and tells you he just sold his old device on eBay, and an you just Enterprise Activate the new one?
Offline  
Old 06-17-2009, 04:51 PM   #8 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Corporate only devices allow for easier overall management
Allowing personal devices allows for some added user pleasure

Regardless, all devices should be treated the same. You leave, device gets wiped. You don't like it ... back it up.
Offline  
Old 06-17-2009, 04:56 PM   #9 (permalink)
Thumbs Must Hurt
 
Join Date: Dec 2008
Model: 8130
PIN: N/A
Carrier: Telus
Posts: 53
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We don't allow personal devices on our BES. There are some exceptions tho (very few). The user is instructed to back up their device prior to connecting as once they leave the company IT WILL be wiped. It is also explained to them that a wipe may be required as part of the trouble shooting process.

We also have them sign an agreement so that we have a paper (pdf) trail.

Policies are applied to all devices regardless of their position in the company.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.