[CanisMinor]

About a year ago, I switched to a company with a pretty draconian IT policy. Previously, I was a huge Blackberry fan. Now, I find my phone little more than an annoying version of the Peak with phone capabilities.

This got me wondering:
- Is Blackberry's biggest strength also its biggest weakness?
- Is the reason it is perceived as "non-consumer" and "archaic" because many users have learned to hate their 'Berrys because of a draconian IT policy?

So, what is YOUR IT policy? Mine, on a 9000 is:
- No 3rd party apps
- Wifi disabled
- GPS disabled

In addition, no device switch on Blackberry Desktop Manager.

[mooda]

the IT policy on my dads bb is alot like yours
- 5 min pasword time out
- no 3rd party apps
- blackberry browser only(so no sites outside their company intranet
- no device switch over DM

gotta love IT departments

[T�nis]

I wonder why it specifies no wifi or gps? Also, I would be curious to learn how many character passwords IT departments are mandating.

Posted from my CrackBerry at wapforums.crackberry.com

[dajogejr]

Sorry, I'm going to play the other side of the coin/devil's advocate.
Have any of you taken the time to approach the chain of command on why you need third party apps, other browsers, GPS, etc?

By need, I mean business need. I'm going to assume these are company issued and are 100% paid for by the company.

If that's the case, you have two options. State your case/need for what you want.
If your management sees valor in your request, it'll be unlocked...or....get your own personal funded phone to do your personal bidding.

Sorry, I am an IT administrator and the less holes you open up for others to explore the easier it is to support and keep reliable and stable.

You can argue until you're blue in the face about that....but I won't budge.
The less unneeded exposure, the smaller the window for problems.

[dajogejr]

the IT policy on my dads bb is alot like yours
- 5 min pasword time out
- no 3rd party apps
- blackberry browser only(so no sites outside their company intranet
- no device switch over DM

gotta love IT departments

On your DAD's BB....
Even better. Think about that for just a few moments.

Want to know how many laptops I've had to fix because folks let their kids use their work laptops like their own personal home laptops?

Dozens upon dozens.

If it's too locked down for YOUR FATHER'S needs...tell him to get another phone for personal use...and your use as well.

[iN8ter]

Sorry, I'm going to play the other side of the coin/devil's advocate.
Have any of you taken the time to approach the chain of command on why you need third party apps, other browsers, GPS, etc?

By need, I mean business need. I'm going to assume these are company issued and are 100% paid for by the company.

If that's the case, you have two options. State your case/need for what you want.
If your management sees valor in your request, it'll be unlocked...or....get your own personal funded phone to do your personal bidding.

Sorry, I am an IT administrator and the less holes you open up for others to explore the easier it is to support and keep reliable and stable.

You can argue until you're blue in the face about that....but I won't budge.
The less unneeded exposure, the smaller the window for problems.

Exchange has some of the same policies for Windows Mobile phones built-in (Disable SD Card, Disable 3rd Party App Installs, Disable Desktop ActiveSync, Disable GPS/WiFi, etc.). Those are pretty basic policies, and they aren't draconian. Sending unencrypted emails over an unsecured WiFi connection is obviously bad, and broadcasting you GPS location can be risky for some people.

Most IT departments won't want to hear it. This talk about going up the chain of command is, in many cases, "hopeful" at best.

They have more important things to do, and since most people have a Personal phone alongside their work Blackberries you'll probably be only one of a few people to bring it up. In most cases companies are giving low-end blackberries to their Employees, anyways (when they actually provide the phone), so it's not like you can do much with the device...

The only time I'd allow an IT department to put any sort of draconian policies on my device is if they paid for it, and are paying the bill. In that case, it's basically a throw away device to me and I can care less what they put on it.

If it's something I'm paying for, or paid for... Then they don't have that right. I've always made work buy my work phones or pay a (factorable) portion of the bill, because they mandate certain password types and things like that. Thanks, but no thanks.

They've started allowing non-blackberries now, probably to save costs. Buying everyone a BB is expensive, and paying everyone's bill is expensive as well, especially when they have perfectly usable WM/iOS/Android devices with ActiveSync functionality in-built.

[iN8ter]

On your DAD's BB....
Even better. Think about that for just a few moments.

Want to know how many laptops I've had to fix because folks let their kids use their work laptops like their own personal home laptops?

Dozens upon dozens.

If it's too locked down for YOUR FATHER'S needs...tell him to get another phone for personal use...and your use as well.

If kids are messing up work laptops it's cause the IT department failed. Microsoft has as much policies for computers as blackberry has for phones. A work laptop should be locked down and users should not be given more priviledges than they need. They certainly should not have the Administrator password. I reckon to say that account should be disabled...

[Altarocks]

Sorry, I'm going to play the other side of the coin/devil's advocate.
Have any of you taken the time to approach the chain of command on why you need third party apps, other browsers, GPS, etc?

By need, I mean business need. I'm going to assume these are company issued and are 100% paid for by the company.

If that's the case, you have two options. State your case/need for what you want.
If your management sees valor in your request, it'll be unlocked...or....get your own personal funded phone to do your personal bidding.

Sorry, I am an IT administrator and the less holes you open up for others to explore the easier it is to support and keep reliable and stable.

You can argue until you're blue in the face about that....but I won't budge.
The less unneeded exposure, the smaller the window for problems.

And the third side of that coin is that smart companies understand that giving personal freedom is a perk that employees value. I work for a mid-size company that has almost no IT restrictions for many managers. I'm free to install leaks, third party software, etc. I appreciate this freedom and extension of trust and repay it through increased motivation.

I know IT folks look at everything through binary-filtered lenses, but smart companies are in the business of managing people, not machines. When policies are set to go the extra mile for employees, that is an investment that is repayed through increased productivity. I love my company, and the autonomy they grant me is a major contributor.

[dajogejr]

Alta....quick question.
If you brick your phone or mess it up due to a leak, user installed app, etc., who fixes the phone? Do they leave it up to you...or is your IT dept. going to have to save your hide?

n8,
It's not that IT failed. Tell your CEO or other superior they can't have admin rights to install their own software.

Once they break something and I have to spend hours fixing/ repairing/reinstalling...then I go with a locked down account...and they understand.
But you can tell them till you're blue in the face the risks....once they experience a few hours of critical down time...then they get it.

[T�nis]

To IT people:

You're probably mandating content protection (encryption) for company BlackBerries. Of course, that makes sense. For my own informtion, I'm just wondering, based upon your knowledge and experience, how likely it is that someone could extract data directly from a password protected device's hardware if content protection is NOT enabled? I mean, is it easy to do, or does it take an NSA forensics lab to get to the data (directly from the hardware) if it's not encrypted?

Posted from my CrackBerry at wapforums.crackberry.com

[Altarocks]

dajogejr,

I guess that's a bridge that's yet to be crossed since I haven't done so in 16 years with this company. No doubt you can't allow just anyone the access to create problems. And large companies would certainly have a much tougher time determining who is qualified for different levels of access.

But from my perspective, a phone or even a laptop is an inexpensive item as compared to labor and productivity. If I am able to work more efficiently, or willing to work longer or harder, most hardware is inexpensive in comparison.

[Thud Hardsmack]

If kids are messing up work laptops it's cause the IT department failed. Microsoft has as much policies for computers as blackberry has for phones. A work laptop should be locked down and users should not be given more priviledges than they need. They certainly should not have the Administrator password. I reckon to say that account should be disabled...

This. I've been in our company's warehouse and thought I'd just use one of their teminals instead of hiking back to the front office, and got absolutely nowhere. Only one program is allowed to run (VNC) and nothing in the start menu. Can't even right click. On commenting to my boss about it he chuckled and recounted a tale of one of the forklift drivers doing something they shouldn't have been doing and nearly erasing the warehouse database. If IT wants or is told to protect the company's equipment, there's not much that an employee can do if the company's stance is prevention first; while our company advocates innovation it almost takes a court order if any one lower manager thinks there's potential for any "tomfoolery", as my boss calls it, that could occur with any new process or rules/policy.

Posted from my CrackBerry at wapforums.crackberry.com

[CASH]

Sorry, I'm going to play the other side of the coin/devil's advocate.
Have any of you taken the time to approach the chain of command on why you need third party apps, other browsers, GPS, etc?

By need, I mean business need. I'm going to assume these are company issued and are 100% paid for by the company.

If that's the case, you have two options. State your case/need for what you want.
If your management sees valor in your request, it'll be unlocked...or....get your own personal funded phone to do your personal bidding.

Sorry, I am an IT administrator and the less holes you open up for others to explore the easier it is to support and keep reliable and stable.

You can argue until you're blue in the face about that....but I won't budge.
The less unneeded exposure, the smaller the window for problems.

+1
I agree.
Ditto.
Is that 10 characters?

[iN8ter]

This. I've been in our company's warehouse and thought I'd just use one of their teminals instead of hiking back to the front office, and got absolutely nowhere. Only one program is allowed to run (VNC) and nothing in the start menu. Can't even right click. On commenting to my boss about it he chuckled and recounted a tale of one of the forklift drivers doing something they shouldn't have been doing and nearly erasing the warehouse database. If IT wants or is told to protect the company's equipment, there's not much that an employee can do if the company's stance is prevention first; while our company advocates innovation it almost takes a court order if any one lower manager thinks there's potential for any "tomfoolery", as my boss calls it, that could occur with any new process or rules/policy.

Posted from my CrackBerry at wapforums.crackberry.com

Yep, you can even go into a Carrier store and see that they have all of the laptops and netbooks on display locked down. On any decent corporate network the user profiles aren't even stored physically on the computer (only cached) and Nothign can be installed. No system changes can be made.

I question the skill of any IT person who feels the need to come in here and use his terrible IT work as an excuse for draconian corporate policies. Perhaps if businesses hired better technicians and administrators, there would be less need for them...

All BES does is extend the control IT departments have over company computers to company cell phones. But I don't think a business has the right to enforce such policies on a device unless the policies are cached similar to how it is on a computer (you log into the VPN, it downloads your profile and the restrictions kick in) or they bought and paid for the device. For personal devices, the only right they have is to deny access to the network from that device, AFAIC.

[CanisMinor]

Have any of you taken the time to approach the chain of command on why you need third party apps, other browsers, GPS, etc?

By need, I mean business need. I'm going to assume these are company issued and are 100% paid for by the company.

If that's the case, you have two options. State your case/need for what you want.
If your management sees valor in your request, it'll be unlocked...or....get your own personal funded phone to do your personal bidding.

Sorry, I am an IT administrator and the less holes you open up for others to explore the easier it is to support and keep reliable and stable.

You can argue until you're blue in the face about that....but I won't budge.
The less unneeded exposure, the smaller the window for problems.

Unfortunately, you've completely missed the point of the post. I'm not moralizing on the rights and obligations of a company. I'm simply curious as to what degree other companies lock down their blackberries, and whether or not that is negatively affecting the blackberry brand with consumers.

My previous company had a very liberal policy. Other than blocking real security risks, for example the Facebook Contacts Link function, they pretty much allowed users free reign.

Since you've decided to moralize, a total lock-down such as you endorse is simply short-sightedness, laziness and a lack of business understanding on the behalf of you and your IT department. No company should be buying it's employees $400 smartphones with unlimited data plans, if they are going to restrict the functionality to the level of a 6 year old Nokia. If you company is doing that, I'd hope you as the IT manager would put together a nice little powerpoint telling them how much money they can save by switching to $50 Nokia's with Good Technology push mail.

Anyway, back to the topic: What do folks think highly restrictive IT policies does to the brand?

[_StephenBB81]

And the third side of that coin is that smart companies understand that giving personal freedom is a perk that employees value. I work for a mid-size company that has almost no IT restrictions for many managers. I'm free to install leaks, third party software, etc. I appreciate this freedom and extension of trust and repay it through increased motivation.

I know IT folks look at everything through binary-filtered lenses, but smart companies are in the business of managing people, not machines. When policies are set to go the extra mile for employees, that is an investment that is repayed through increased productivity. I love my company, and the autonomy they grant me is a major contributor.

IF the content of your work blackberry were to get into the hands of your competition what would it mean to your company?


I am not permitted to install 3rd Party apps
We have a data limit restriction on our devices.
We must wirelessly sync to our Domino server, even if it does completely destroy your address book ( when this was implemented I lost 600 contacts, and 100 groups)
disabled GPS
We are not to open attachments,

[Altarocks]

Since the bulk of the data I carry or access on my BB is limited to emails, I doubt our competition would find very little of interest. I keep sensitive data on network drives, but those are not accessible via our BBs.

But it's all relative to the businesses we are in. We are in the construction industry. Not a lot of trade secrets to worry about here. Might be different for an R&D company. I'm not saying there isn't a place for IT controls. Rather, my point is that such controls should fit the business.

[_StephenBB81]

Since the bulk of the data I carry or access on my BB is limited to emails, I doubt our competition would find very little of interest. I keep sensitive data on network drives, but those are not accessible via our BBs.

But it's all relative to the businesses we are in. We are in the construction industry. Not a lot of trade secrets to worry about here. Might be different for an R&D company. I'm not saying there isn't a place for IT controls. Rather, my point is that such controls should fit the business.

very much agreed they should fit the business.

But saying giving the employees freedom as a blanket statement was an error, some of the information that comes into my inbox via my blackberry could be very harmful to the corporate image if it was released publicly, as a result we have strict IT restrictions, heck even my laptop is so locked down really it is a glorified email tool and call report tool.
do I like it? Not at all, But some of the choices I can see why we do them.

[dkingsf]

We have password requirements, minimum of 5 chars. Our IT BES admin understands what a pain it can be putting in a password on a mobile device. But we do have the 10 attempts and wipe enabled so for anyone to hack a password, even though only 5 chars, in 10 attempts or less would be a rare occurrance. Also have encryption requirement, but because of the issues it has caused with Calendar, we can request that it be removed, and it usually is. No data limits, but web browsing with the BB browser is monitored (so better not be surfing porn, lol). Of course, Opera mini or Bolt via wifi get around that.

I use my personal Storm2 on the company BES and really don't have issues with their IT policy. It's not as restrictive as some companys and insures that sensitive information doesn't fall into the wrong hands.

We are allowed to install any third party apps we want, as long as we pay for them (if free ones, not a problem). The only thing I store on my SD card is personal stuff, music, movies, docs etc. and I have everything backed up to my pc so if somebody wants them, no problem.

[CanuckBB]

I question the skill of any IT person who feels the need to come in here and use his terrible IT work as an excuse for draconian corporate policies. Perhaps if businesses hired better technicians and administrators, there would be less need for them...

I'm getting sick and tired of those stupid assertions on IT professionals. Our job to to advise management of the tools available to secure the company's network and data and implement the policies management deems appropriate. We don't slap on policies just for kicks.

All BES does is extend the control IT departments have over company computers to company cell phones. But I don't think a business has the right to enforce such policies on a device unless the policies are cached similar to how it is on a computer (you log into the VPN, it downloads your profile and the restrictions kick in) or they bought and paid for the device. For personal devices, the only right they have is to deny access to the network from that device, AFAIC.

Wrong. You want to enable a device on the network, it will be subject to the network's security policies. If you don't like it, don't enable your personal device on the network.

For the record, I've always argued against personal devices on my networks. If the company feels that your job warrants having access to email immediately 24/7, they should give you the tools to do so.

[qbnkelt]

If your employer hands you a work Blackberry, it is simply that, a work Blackberry. It is not a perk, it is a tool. A perk is an corner office.
These "Draconian" IT policies are there for a reason. Be it national security (don't go off on the Sectera, fact is sensitive but unclassified information can go through Blackberry) or corporate information the intent of the IT policies is to protect teh agency, not give you the ability to listen to music on your way home or talk to your Facebook friends. Any necessary "apps" need to be approved and handed down through management. And really, I have yet to see an "app" that is required in our agency.
Absolutely no personal devices on the network. I will argue against Blackberry Balance until I get fired or overruled. If your work requires you to be connected, they should give you the means to be connected. And they should pay the bill.

For us -
5 minute lockdown
password protected - characters, letters and numbers
no unapproved apps
no downloads
no camera
no DM
no WiFi
no GPS
five tries and you're locked
remote swipe

that's what I can think of right now. and before you get one, you get "the discussion" where you learn all the rights you don't have when it comes to the device...as in "you will be monitored"....because the device is not yours.

Oh, pretty much same restrictions on the desktop.

don't like it? get another job. I give out a Blackberry because it is a tool, not a right.

[mooda]

On your DAD's BB....
Even better. Think about that for just a few moments.

Want to know how many laptops I've had to fix because folks let their kids use their work laptops like their own personal home laptops?

Dozens upon dozens.

If it's too locked down for YOUR FATHER'S needs...tell him to get another phone for personal use...and your use as well.

ya on my dads blackberry. He calls me when he has issues cause his IT department is useless. The IT policy on my blackberry is much more relaxed as i voluntarily put it on our bes at work Its my personal berry that i pay for. As for you and your issues i know the frustration i'm in the same line of work however, take your own advice think fer just a few moments before u start to type otherwise u end up looking dumb

[CanuckBB]

ya on my dads blackberry. He calls me when he has issues cause his IT department is useless. The IT policy on my blackberry is much more relaxed as i voluntarily put it on our bes at work Its my personal berry that i pay for. As for you and your issues i know the frustration i'm in the same line of work however, take your own advice think fer just a few moments before u start to type otherwise u end up looking dumb

First of all, using 'text' abbreviations from a supposed professional makes you look dumb. And get off your high horse and the "the other IT dept is useless". I've been doing this likely since before you were born. My wife comes home with stories of their network and set up. It may sound strange, but since I'm not privy to all the internal details, I can't comment on the retional and efficacies.