[Supa_Fly1]

I disagree, and several MDM platforms alert to rooted and jailbroken devices, including Meraki's free <100 user platform.

Posted via CB10

Meraki, you're kidding me right? I loved your precious posts on this page thus far but Meraki?

Posted via CB10

[beowulf101]

You have a problem with Cisco's most successful acquisition of all time? And that their MDM has functions BlackBerry doesn't for remote desktop etc? Use it in combination with other services and you have a good product for NETWORK security as well as endpoint control.

Passporter - you're clearly nowhere near, no disrespect.

Posted via CB10

[The_Passporter]

You have a problem with Cisco's most successful acquisition of all time? And that their MDM has functions BlackBerry doesn't for remote desktop etc? Use it in combination with other services and you have a good product for NETWORK security as well as endpoint control.

Passporter - you're clearly nowhere near, no disrespect.

Posted via CB10

Finally an answer that is clear. No disrespect taken. We are all at different levels here and Thank you for taking the time to point that out again. I now have an answer that I and others like myself can work with. We are all here to ask and learn and will continue to do so.
I appreciate your answer even if you are a little condescending in your responses. Some people may be very advanced in some areas and some more in others, I'm glad that what you've learned and skills you've acquired makes you feel so advanced but believe me it's a small part of life.
Anyway I will take that info and do some research now on the internet and see if theses few features equate to a more secure environment since that is the question at hand.
Cheers! Budah

Posted via CB10

[Superdupont 2_0]

I believe for the vast majority of companies, who aren't using any MDM solution and who have a serious shadow IT problem, it doesn't matter if they use BES or another MDM solution...they just have to start with something and it will improve the security significantly.

I personally stick with BlackBerry, because BB10 devices have significantly less vulnerabilities than Android device and they are significantly cheaper (and even more secure) than Apple, while BES is among the MDM solutions which are successfully used by governments and regulated industry in real life.

In other words: I safes me a significant amount of time, because I can worry more about other things.

I had a short glance at the Meraki website and find it fascinating, probably a good idea for small/medium sized enterprise (though I see also big enterprises going into cloud solutions), but it's disappointing that there is no support for BB10.

It will be indeed interesting to see if/how BlackBerry will integrate WatchDox in BES and/or BES Cloud (?).

Posted via CB10

[beowulf101]

@Superdupont - absolutely.

At no point have I knocked BlackBerry - they just aren't a fit sometimes, depending on what is already in place and what the scope of the project may be, but the same goes for Checkpoint, MobileIron, Palo Alto, Cisco and anyone else who sells a security solution or architecture. Some will fit and some won't, and some businesses have enormous investments with other vendors that it wouldn't make sense to leave behind when a small addition would make the necessary changes.

I was at the IT Directors Forum, and when the group IT managers of major global banks are speaking favourably of the Meraki demo they're watching I take note. BlackBerry was not there as a vendor, and missing one of the biggest IT meets in the UK seems... wrong.

Posted via CB10

[Dunt Dunt Dunt]

@Superdupont - absolutely.

At no point have I knocked BlackBerry - they just aren't a fit sometimes, depending on what is already in place and what the scope of the project may be, but the same goes for Checkpoint, MobileIron, Palo Alto, Cisco and anyone else who sells a security solution or architecture. Some will fit and some won't, and some businesses have enormous investments with other vendors that it wouldn't make sense to leave behind when a small addition would make the necessary changes.

I was at the IT Directors Forum, and when the group IT managers of major global banks are speaking favourably of the Meraki demo they're watching I take note. BlackBerry was not there as a vendor, and missing one of the biggest IT meets in the UK seems... wrong.

Posted via CB10

You know I'm not sure BlackBerry knows how to compete in this market.... as they didn't have to in the past. They sold hardware and people used their solution to manage it. So in a way they really have to learn all over the ropes of being a Software and Services company... without relying on hardware to sell their products

And too when Thor laid off a large number of the US Sales force in 2013... many of these were involved in working with IT Departments. Don't know how far those layoff went or what BlackBerry's sales department looks like today?

But it does seem like missing an opportunity like that is a huge mistake.

[The_Passporter]

You have a problem with Cisco's most successful acquisition of all time? And that their MDM has functions BlackBerry doesn't for remote desktop etc? Use it in combination with other services and you have a good product for NETWORK security as well as endpoint control.

Passporter - you're clearly nowhere near, no disrespect.

Posted via CB10

If I may be so bold as to ask, can an Android device on your secured network have the ability to download an app from a store other than GPS and install it? This does not require Rooting so you would not get a notification for that but would you get a notification then for the app?

Posted via CB10

[The_Passporter]

FYI I am not an IT professional. That said:

I have been busy doing some research and have come across some pertinent information regarding the end of the line for network security. This would be the user and the phone. As some have stated the phone is not the most important part but from what I have read all parts can be equally as important for a secured and layered ecosystem of security.
When it comes to IT strategies, layering security makes sense for the Android environment. If you look at the mobile security stack in layers (starting from the bottom up) as network/carrier layer, hardware layer, operating system layer, and application layer, the chances of exploits increase as you climb up the ladder. Enterprises also have less control the lower we go in the stack which brings me to the phones hardware and software in the hands of the users.

iOS
iOS device users can install apps that have not been vetted by Apple, after jailbreaking their devices. Apparently there are ways and tools to do a silent kind of iOS jailbreak app that manages to hide the jailbroken status of the device, which would allow attackers to take advantage of a device. Attackers can then target iOS and Android devices through similar means, including SMS or through Wi-Fi hotspots
iOS devices can also be targeted through websites. The attack requires a user to visit a web page on their iPhone or iPad. If that user installs a hostile configuration profile, then the enterprise is at risk for intercepted traffic, fake app installation, sophisticated phishing, and APTs,�.

Android
The Android ecosystem has two main security risks, according to mobile security experts:

�The Google Play Store (apps are not vetted as well as iTunes store)
�The fragmentation of devices and OS versions

The Android platform does have some serious factors to consider and that would be as you may have guessed it, fragmentation. There are multiple versions of Android in the market, even on current devices. Manufacturers often make their own changes and patches to Android, so they could be behind Google's latest version of the current update release. To make matters worse, carriers and manufacturers may not update their devices' Android version when Google does, or they take months or even years to do so.
Android is possible to be secured yes but it is definitely more complicated and workload heavy. The IT specialist can try and apply all the security restrictions he or she wants but by limiting the functionality of the phone they risk pushing the end user into unsafe practices like non compliance cloud services.

Conclusion
In the end I find that if I were an IT professional ( there are IT professionals like there are window installers. Sometime you get a new window and it ends up leaking) I would choose to combine BlackBerry's hardware and phones software with BES10 for the easiest most secure solution since BlackBerry devices have not yet been exploited by rooting or jailbreaks. With no hardware or software vulnerabilities there is less risk involved. As one person commented that it just make it easier to manage due to less complication and we all know that with too much complications in (which can be ongoing) there is greater chance for error. After all it only takes one employee to decide he can do what he wants to cause a leak in your window
Sticking with what Mr. Chen says. And hope this is a decent answer for OP.





Posted via CB10

[beowulf101]

Even the most basic MDM can detect a jailbroken or rooted device, shut down OS elements, push and install apps, remove them etc and deny use of app stores / and installations. Renders these ideas dead. Like this thread.

Posted via CB10

[The_Passporter]

Even the most basic MDM can detect a jailbroken or rooted device, shut down OS elements, push and install apps, remove them etc and deny use of app stores / and installations. Renders these ideas dead. Like this thread.

Posted via CB10

Yes I read that in your post before but apparently there are tools to prevent detection as I stated in case you missed that. At least for iOS unless I misinterpreted that but I don't think I did.

Posted via CB10

[ZeroBarrier]

Even the most basic MDM can detect a jailbroken or rooted device, shut down OS elements, push and install apps, remove them etc and deny use of app stores / and installations. Renders these ideas dead. Like this thread.

Posted via CB10

As long as the physical device is hackable or otherwise open, there will always be work-around's to any policy an MDM can enforce; and there are ways to hide root and jailbreak.

Posted via CB10

[beowulf101]

This is so futile it's gone past ridiculous. You guys carry on being fans of phones, I'll go be someone that actually does it for a living. Thread dumped in frustration.

Posted via CB10

[The_Passporter]

To clarify what I meant to say, It is a silent kind of iOS jailbreak app that manages to hide the jailbroken status of the device,

Posted via CB10

[ZeroBarrier]

To clarify what I meant to say, It is a silent kind of iOS jailbreak app that manages to hide the jailbroken status of the device,

Posted via CB10

Don't bother, he firmly believes his MDM can detect and control everything on someone else's device, even when that device is open and hackable.

Security is only as strong as the weakest link, and in this case the weakest link will always be the open and hackable devices. There's no arguing this as it is a fact.

Posted via CB10

[Malazm]

FYI I am not an IT professional. That said:

I have been busy doing some research and have come across some pertinent information regarding the end of the line for network security.
Conclusion
In the end I find that if I were an IT professional ( there are IT professionals like there are window installers. Sometime you get a new window and it ends up leaking) I would choose to combine BlackBerry's hardware and phones software with BES10 for the easiest most secure solution since BlackBerry devices have not yet been exploited by rooting or jailbreaks. With no hardware or software vulnerabilities there is less risk involved. As one person commented that it just make it easier to manage due to less complication and we all know that with too much complications in (which can be ongoing) there is greater chance for error. After all it only takes one employee to decide he can do what he wants to cause a leak in your window
Sticking with what Mr. Chen says. And hope this is a decent answer for OP.


Posted via CB10

Yep, thanks.

I believe BlackBerry is the most secure and as the previous post says "a chain is as strong as it's weakest link". Why change from BES if the infrastructure is already in place. All I can think of is that IT professionals will hoodwink all of us for personal interest.

Posted via CB10

[beowulf101]

Yes, of course. I'll hoodwink you and give you insecure devices. Because I WANT my network to be weak. I want hacked and rooted devices on my network. As a professional I WANT threats entering my network and delivering data theft and doing there dirty work. Specifically I want it to happen through phones. I want to lose my job, company reputation, and be sued for negligent and apathetic practices in my job.

Said no IT Director. Not ever.

You guys have no idea what you're talking about, and 'I believe' doesn't cut it. Security does not rest just at device level, which is a tiny part of a much bigger picture, for ANY phone. You're clearly ignorant of how it all hangs together through an estate - that's fine. Carry on being fans and consumers, but stop embarrassing yourselves and learn what you're talking about - then you'd be doing BlackBerry a favour with your strange brand of belief and fanaticism over BlackBerry have almost no market share and struggling to make traction. Someone tells you part of why and you just say "BlackBerry is most secure!" and "I trust Chen!" without any knowledge of how devices access network, are posture checked and allowed access to resources.

BlackBerry will have a bigger presence again, but they don't need phones to enter the market where they want that presence - and it's not a market that sells phones either, just cloud and software.

Let that part sink in and look at future lack of releases on the roadmap as the tap turns off on hardware.

I've done my best. BlackBerry have lost marketshare in BES itself, and that's the reclaim market - not in phones. BES is one of many solutions, and as BlackBerry move more in its future direction, the more you guys get left behind with services you will never use because you think the world is what you hold in your hand. Without any doubt, fans are the worst people to get through to.

I really hope someone hacks my network for my own personal gain today.

I'd like to say it's been fun, but actually we've all clearly wasted our time on this discussion.

Posted via CB10

[ZeroBarrier]

Yes, of course. I'll hoodwink you and give you insecure devices. Snip...

I'll just leave this here:

http://el.blackberry.com/endtoend-advantage/

I'm also done with this thread, there's nothing further to add; and it's laughable to see an "IT professional" try to paint iPhone and Android as a secure solution.

Posted via CB10

[beowulf101]

It's laughable that despite global evidence of migration to other platforms you think your handset driven opinion over network security means more than that of thousands of businesses worldwide. Opinion vs facts and evidence and REAL world IT? You don't win, and frankly you're opinion is unqualified by its sheer lack of understanding of what even BlackBerry itself is doing as a network security vendor and service supplier.



Posted via CB10

[powereds]

Don't bother, he firmly believes his MDM can detect and control everything on someone else's device, even when that device is open and hackable.

Security is only as strong as the weakest link, and in this case the weakest link will always be the open and hackable devices. There's no arguing this as it is a fact.

Posted via CB10

Let beowulf test a jailbroken ios device let him discover that it's not detected in his mdm system.

"I am the the Way; I am the Truth, and Life. No one can come to the Father except through Me." - John 14:6

[beowulf101]

And your marketing link? It's for a multi device solution encompassing Android and iPhone. Just like so many other solutions and hybrid deployments.

Final facepalm of the day.

Posted via CB10

[powereds]

And why would the POTUS use BlackBerry?

"I am the the Way; I am the Truth, and Life. No one can come to the Father except through Me." - John 14:6

[Superdupont 2_0]

Guys, you have to wake up and accept that most companies don't even have budget for any network solution.


Example:
Let's assume you finally got a budget and have to chose between:

a) The most secure solution on the market for managing your server and desktop pcs. It can also manage phones "good enough", but it's not compatible with BlackBerry.

b) BlackBerry solutions. However, to manage your servers and pcs you will have take a "good enough"- solution, because there is not enough money left .


Most sane people will go for option a).

In real life you have a budget which forces you to make a compromise, especially when you can't start from scratch and have to deal with the equipment which has been already bought.

I personally find BlackBerry solutions really not expensive, but I can picture a situation when BlackBerry just doesn't fit.

Another questions for Windows users:
How many of you have Windows Enterprise at home? Anyone?
Or was the cheap Windows Premium good enough?



Posted via CB10

[beowulf101]

There you go Powereds. Jailbroken or rooted, it WILL be detected and policy enforced on the device.

[powereds]

There you go Powereds. Jailbroken or rooted, it WILL be detected and policy enforced on the device.

Thanks beowulf but is the device jailbroken? From the screen shot, I think the ios device is not jailbroken, right?

What I want to see is a rooted/jailbroken ios device detected/reported on your mdm system.

I think that would rest the case if you can do and show that to the people here.

"I am the the Way; I am the Truth, and Life. No one can come to the Father except through Me." - John 14:6

[powereds]

Care to shed some light also why the POTUS is using BlackBerry for secure communication? Anyone?

"I am the the Way; I am the Truth, and Life. No one can come to the Father except through Me." - John 14:6