BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-18-2010, 09:00 AM   #1 (permalink)
Knows Where the Search Button Is
 
MI_BB_TECH's Avatar
 
Join Date: May 2005
Location: Michigan
Model: 8530
Carrier: Verizon
Posts: 27
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Personal Device support model?

Please Login to Remove!

Fellow Admins,

I've searched through the posts and all I can find are some posts from 2007 that "sort of" pertain to this but have all been closed.

Here is my predicament...

We currently have an environment with almost 2000 BES supported BlackBerrys. The way our IT budget and support model are constructed, we bill a flat rate to our customers monthly in each department for connecting their company owned (and in some rare cases) their personally owned BlackBerrys securely through our BES. In turn, my team's salaries along with the infrastructure to support the BES come out of these fees. In return they get 24X7 support for things like password changes, remote wipes, OTA activations, etc.

Like many organizations, we are now facing an onslaught of requests from employees wanting to connect their personally owned Droids, iPhones, etc. to Exchange via Active Sync because they "think" we should do it for FREE. They are also expecting the same level of support that the "paying" BB customers are receiving. We've already reviewed many "white papers" on smart-phone management and security issues and they've been a big help. We understand that if we're going to allow these devices into our environment, we need to have some no-nonsense, nuts and bolts IT policies, along with legally binding employee acceptable use policies.

Ok, so now to my questions.....

As I said white papers are nice but... I'd rather throw the questions out there to you guys and gals who work with this stuff every day where the "rubber meets the road".

1. Do you allow personal devices in your environment?
2. If so, how do you secure them? EAS policies, 3rd party apps?
3. If you charge for support, how do you base these charges?
4. if you have a legally binding acceptable use policy for personal devices, are you wiling to share the verbiage you use?

Any help at all would be appreciated as you guys have always been great in the past.

Thanks in advance!
Offline  
Old 10-18-2010, 09:38 AM   #2 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,647
Post Thanks: 264
Thanked 271 Times in 257 Posts
Default

I drew the line just last week.

Only Blackberry and iphone are supported. No one here has asked about winmobile in a year and we dont want to invest time in learning mobile 7 and Droids. if the user does not like the free BlackBerry that the carrier is offering, they can purchase what they want. If they purchase it and it gets lost, wet, broken or stolen, they have to buy the new one at cost.

We have an open system mostly but enforce a Password. Users are on their own for all apps. We dont push any apps yet.

I support BlackBerry fully, other devices I setup email and they are on their own with their issues. Can knot support what I do knot use or have in my possesion. I show them google.com and tell them to search.

Our only policy is, we can wipe it at anytime.
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 10-18-2010, 09:46 AM   #3 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,647
Post Thanks: 264
Thanked 271 Times in 257 Posts
Default

oops
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10

Last edited by knottyrope : 10-18-2010 at 09:47 AM.
Offline  
Old 10-18-2010, 10:04 AM   #4 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

We only allow Blackberry's and iPhones. No other devices are supported. The main reason is security. Both devices are managed with software, obviously with the BES for Blackberry's and a 3rd party option with iPhone's/iPad's.

Without management software that will allow us to remotely manage and wipe the device, there would be no way we would support iPhones/iPads. All other devices are not supported as we cannot ensure this remote wipe. I know that Exchange has that ability wtih EAS, but I cannot stress enough the management part for us. I know there are some work arounds with Android, but those are 3rd party vendor widgets that make them work with EAS. I'm not suporting obscure vendors with workarounds.

It sounds as if your place needs an official Electronic Policy agreement. This agreement outlines everything we expect our users to understand when using devices, be it a handheld or laptop/desktop etc... It's about a 10 page document, so I cannot put it here. If you want to contact me directly, I could share some of it with you.
__________________
I'm actually lost...
Offline  
Old 10-18-2010, 10:26 AM   #5 (permalink)
Knows Where the Search Button Is
 
MI_BB_TECH's Avatar
 
Join Date: May 2005
Location: Michigan
Model: 8530
Carrier: Verizon
Posts: 27
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by cyclmpc View Post
It sounds as if your place needs an official Electronic Policy agreement. This agreement outlines everything we expect our users to understand when using devices, be it a handheld or laptop/desktop etc... It's about a 10 page document, so I cannot put it here. If you want to contact me directly, I could share some of it with you.
Sorry, I should have been clear about that but didn't want to fill up a page. We do have an employee acceptable use policy for IT equipment but it is in serious need of updating as it does not fully address the security risks involved with the personal Smartphone issue.

I've seen a couple of company's documents... but the one that stuck with me was from a Health management company that was about as bad as any Cold-War Era coerced confession. I don't mean to be flippant as I take my network security seriously but the document I reference even stated that the company had the right to confiscate the device in the event that they thought it was being misused! I've opened talks with our legal department about this and am awaiting their input.

As a customer service guy I want my customers happy but as an IT guy these people have no idea the risk they're putting themselves and the company's data in. I get a lot of "So what's the big deal... its just my email and calendar"? When I point out that the last thing we need is for them to lose their shiny new Smartphone and have some clown pick it up and have an open line to our email system, they just shrug their shoulders and go "So"?

Me personally... I'd love to limit it to BB's, i Phone's, and certain Droids. We've tested controlling these with a policy for a forced password and a remote wipe and it worked pretty well. I just don't have the confidence in the control we have with EAS as opposed to the kind we have on the BES.

We've also priced some of the 3rd party apps out there like Zenprise. Its a great product but $$$$$

Thanks for the input! Please keep it coming!
Offline  
Old 10-18-2010, 01:11 PM   #6 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default

You can never make everyone happy, especially the general public that do not understand IT security. I have learned not to waste my time with trying to win over those people. As long as your IT team understands and has a good relationship with the head of management in general, this should not be an issue. You have to draw the line somewhere. If your users do not like it, they can work elsewhere. I do not mean to sound like a hardliner, but the public has to assume that you are in IT for your IT experience, whether you can properly communicate it in a method that makes their non-IT heads understand it or not.

Let me give you an example that really hammered home the need for basic p/w on our devices. Over the course of time, people will lose their BB. It's going to happen. No two ways about it. Way back in the day, most of our users were very against the need for a p/w. All sorts of excuses were given, from it takes too long, to it reduces my efficiency, to I have too many p/w to remember, etcxxx8230;all ridiculous. A person lost their device. Within an hour of losing the device, people around our national company as well as other users on the personxxx8217;s contacts began receiving emails of a sexual nature as well as generally insulting emails. None of the emails were of an overly explicit nature, but it was enough to have corporate respond to HR with the content of the messages. As the next hour went, the emails began to ramp up their rhetoric and sexual nature. At that point, the device was xxx8220;killedxxx8221;. The person that lost their device had to send out emails of apology and take care of their personal accounts as they had left account #xxx8217;s and personal PINxxx8217;s there. Our company tried to sell that off as a xxx8220;once in blue moonxxx8221; issue. Within two weeks, a corporate person lost theirs and it happened all over again. Policy drawn up, policy enforced.

I actually do not think that reference to having equipment confiscated as being Cold War-like. We have similar verbiage to the hardware people use, to the sites they surf, to the work they do on the software we provide. The big deal is you have to secure things to the lowest common denominator. Just because you have use of the equipment, does not mean you have the right to abuse it.

Just my 2 cents. Good luck in finding your balance. It definitely is a hard thing to do and something you have to continuously review to make sure you have the right balance for your environment.
__________________
I'm actually lost...
Offline  
Old 10-18-2010, 11:32 PM   #7 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

I'm going through this effort right now and have spent the last 6 months testing and standing up another middleware solution that is pretty "good". The main intent is to provide a wider device selection (presently strictly BB shop 5,000+ devices) with iPhone / iPad getting much of the requests.

I should note we have ActiveSync disabled. It does not provide the level of management / policy we require. It's great for a cheap way to access to email but it's not really a management solution. EAS also is very limited in what devices support which policies so we just washed out hands of it. Maybe someday Microsoft will wake up. The biggest issue is all the other players (Apple, Google, Palm, WP7 etc) do not have the API support to provide even a decent set of policy controls. Android only does basic controls last seen in BES 3.5 days almost 8 years ago!!

Anyways .. Personal Liable / BYOT / BYOD .. however you want to market it. It's a challenge. I spoke at WES this year about it many times and judging the attendance at each session there is no easy solution to this. I would engage your security, compliance, legal and HR groups as this is not persay a technical thing to solve. You want to ensure proper policy is in place to protect the company from multiple issues.

Some things we have worked through:

- The whole support structure. What do you support or not.
- Cost / Subsidy - Do you offer one
- Security policy - I'm mindful of the users property but also need to protect company data due to internal policy as well regulatory obligations
- One not many think about - non salary employee usage. Our HR dept outright want no non-exempt employee using a smartphone period.
- Carrier discount impact - we have line commitments to get our discounts so the more that move to PL .. it impacts our CL pricing
- lack of standards for any mobile app development (I'm in the middle of 10 projects now to make a "mobile" version of an internal website / app.

The support side alone brings many concerns:

- Training for support staff of different device models / OS
- Lost / Stolen devices - users are on their dime, our hands our tied to assist. Most are in shell shock hearing replacement costs for the beloved iPhone they dropped
- ditto employees bill shock when they travel / international data rates "can't you help with this?"
- A employee investigation may require confiscation of their mobile device for discovery

Presently we require anyone asking for access with a PL device to sign and accept our policy outlining all.

We enforce a strong password, 15 min timeout to lock, remote wipe if lost / stolen (users are advised to backup regularly)
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.