BlackBerry Forums Support Community               

View Poll Results: Do you use Content Protection in your Organisation?
YES, we enforce via Policy for ALL devices 3 15.79%
YES, we enforce via Policy for SOME devices 1 5.26%
It is up to the users to decide for their own devices 8 42.11%
NO, we discourage usage 7 36.84%
Voters: 19. You may not vote on this poll

Closed Thread
 
LinkBack Thread Tools
Old 09-04-2007, 05:07 AM   #1 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Question Content Protection

Please Login to Remove!

Just trying to gather some info on Content Protection and the split between device speed/easy admin to data security.
My manger has asked me whether "anybody bothers with it" and so I am asking you lovely people!

Do you use content protection in your enterprise?
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 09-04-2007, 07:42 AM   #2 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We bother with it here; and specifically recommend people don't enable it. Content Protection is great; IFF you NEED it. Generally I've seen if the data is that sensitive it isn't allowed to be on a BB.
Offline  
Old 09-04-2007, 07:58 AM   #3 (permalink)
CrackBerry Addict
 
wibbly's Avatar
 
Join Date: Apr 2005
Location: UK
Model: 9700
Carrier: T-Mobile UK
Posts: 857
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Isn't content protection about keeping the content encrypted on the (flash) storage?

If you have the device's password, you see it decrypted anyway. If you don't have the password, the device will ultimately be wiped. So isn't content protection really about protecting against someone opening the device and physically probing the memeory chips to get at the data in them?

So we're into mitigating govt or industrial espionage level risks, right?
Offline  
Old 09-04-2007, 10:22 AM   #4 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Negatives:
- When wiping the device, data decryption process can take up to 2 hours before the actual wipe process completes; this is compared to about 1-2 minutes without Content Protection enabled
- Slow device responsiveness for standard day-to-day tasks on the device, especially legacy (non-64MB) devices
- Caller ID (from Address Book) does not work for legacy OS's and devices (there is a non-default option (device-based or policy-based) you can change to not encrypt the Address Book

In all honesty, if you have legacy devices still deployed, don't implement it. If security wipes are part of standard troubleshooting, don't implement it. It really just boils down to those two issues versus 'peace of mind' for the Information Security personnel. I think the device usability experience should win that argument, although some will disagree.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-04-2007, 10:58 AM   #5 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2006
Model: 8800c
Carrier: Cingular
Posts: 112
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Also, Content Protection disables a BES Admin's ability to remotely reset a forgotten password on a device from the server console, a real bummer for a forgetful remote user.
Offline  
Old 09-04-2007, 12:29 PM   #6 (permalink)
Thumbs Must Hurt
 
Join Date: Jul 2007
Model: 8830
PIN: N/A
Carrier: Verizon Wireless
Posts: 61
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We enforce it on all devices. If you're in the banking/financial services industry it's a requirement to meet compliance regulations.
Offline  
Old 09-04-2007, 12:33 PM   #7 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by tduffy View Post
We enforce it on all devices. If you're in the banking/financial services industry it's a requirement to meet compliance regulations.
I'm assuming you also encrypt your laptop hard drives? Thumb drives? Optical media?
Offline  
Old 09-04-2007, 12:54 PM   #8 (permalink)
Thumbs Must Hurt
 
Join Date: Jul 2007
Model: 8830
PIN: N/A
Carrier: Verizon Wireless
Posts: 61
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by hdawg View Post
I'm assuming you also encrypt your laptop hard drives? Thumb drives? Optical media?
We use a product similar to PGP desktop to accomplish full disk encryption of laptops. All optical media is required to be encrypted and only a select few people have cd/dvd burners installed to restrict who has the ability to create a disk. all "thumb drive" type removable storage is not allowed and is enforced by using software that restricts what kind of devices are allowed to work when plugged into usb ports on the workstations. But to fully answer your question, ANY and ALL data that is put on any type of device that is going to be taken out of the organization is required to be encrypted regardless of what the device is and the rule is enforced with no exceptions at any time wether you are the CEO or the janitor you follow this rule.

Last edited by tduffy : 09-04-2007 at 12:59 PM.
Offline  
Old 09-04-2007, 01:08 PM   #9 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Good to hear no exceptions; you can hold some of my money
Offline  
Old 09-04-2007, 01:23 PM   #10 (permalink)
CrackBerry Addict
 
ladydi's Avatar
 
Join Date: Jun 2005
Location: Washington
Model: 8800
Carrier: T-mobile
Posts: 848
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We have talked about using it, but due to the drawbacks such as not being able to remotely reset the password and the long wipe times, I have been reluctant. I justify that with the fact that our users are not supposed to have confidential information in their mailbox.

We are starting to use hardware encrypted harddrives in laptops.

tduffy, that is awesome that your company is willing to enforce such high security standards - even for the CEO. That has been such a losing battle around here.
__________________
~Di~
Windows 2003
Exchange 2003
BES 4.1
Offline  
Old 09-04-2007, 02:59 PM   #11 (permalink)
Thumbs Must Hurt
 
Join Date: Jul 2007
Model: 8830
PIN: N/A
Carrier: Verizon Wireless
Posts: 61
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ladydi View Post
We have talked about using it, but due to the drawbacks such as not being able to remotely reset the password and the long wipe times, I have been reluctant. I justify that with the fact that our users are not supposed to have confidential information in their mailbox.

We are starting to use hardware encrypted harddrives in laptops.

tduffy, that is awesome that your company is willing to enforce such high security standards - even for the CEO. That has been such a losing battle around here.
In the past they were hard battles for us also but they no longer are. When a higher up thinks they need to be an exception to our security standards I'll simply tell them that If I were to make an exception for them that the exception would be documented and that documentation like all documentation will be seen by the FDIC during the next audit and I will be sending the auditors their way for an explanation as to why they thought they didn't need to follow the same rules everyone else has to. That shuts them up really quick. Security isn't easy especially for the end users, but once they understand there there is a more secure way to accomplish what they are doing even though they might have to go a little out of their way to do it, the sun will still rise, the world will still turn and they will get what they need done.
Offline  
Old 09-05-2007, 04:06 AM   #12 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Quote:
Originally Posted by ladydi View Post
We have talked about using it, but due to the drawbacks such as not being able to remotely reset the password and the long wipe times, I have been reluctant. I justify that with the fact that our users are not supposed to have confidential information in their mailbox.

We are starting to use hardware encrypted harddrives in laptops.

tduffy, that is awesome that your company is willing to enforce such high security standards - even for the CEO. That has been such a losing battle around here.
Exactly the same situation here. We put a policy on all BlackBerries (nothing too strict) forcing passwords and time-locks, disabling 3rd party mail and apps etc. We still had to allow bluetooth thanks to Execs and their car kits. However, two people have demanded to be removed from the policy, and they are the CEO and Chairman!
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.