[defdef]

I need to hear from someone in IT who manages a bank and has blackberry. How do you justify the security risk? What do your auditors think about it?

My CRM's want blackberry's but from what I have heard, the IT auditors don't approve. What are the security risks? (obviously physical security is a concern).

If your bank uses blackberries, how do you justify the security end of it? Do you instruct no one to send you sensitive info via email? How secure can a blackberry be?

Please respond if you are in IT in the banking field and have used blackberries, or are considering their use. Also, how much remote access do you allow your users?

[rjw3000]

What risks other than physical security do you mean? Since government agencies use them, and I work in a company in the financial/banking sector that has many users with Blackberries, I am curious what the auditors don't approve of.

We have email that gets sent secure to customers if it has sensitive info. It is device/email client independent.

[birddog]

The IT policy that you put on the blackberry can be very secure.. for example: force users to have strong passwords and force them to change them every 30 days, no third party applications, wipe the device after X number of invalid attempts, no Bluetooth, web access only through a proxy to restrict websites... In other words, you can make it very secure.