Is BlackBerry email secure?
- I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.
I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?
...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?07-07-09 06:21 PMLike 0 - most big businesses, including government agencies, rely on blackberrys well known secure email and servers. so i dunno why they deem it unsecure.07-07-09 06:39 PMLike 0
- I read a post in this section earlier today about the army not allowing a pop3 email account to be added to a BB because of security reasons. I would guess this is a complex subject that can't be stated ina black and white fashion regarding BB as a device.07-07-09 06:48 PMLike 0
-
- I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.
I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?
...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?07-07-09 06:56 PMLike 0 - I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.
I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?
...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?
- You are required to store your email credentials on a 3rd party BIS server not controlled by your company
- A company cannot force you to use strong passwords on your device
- In the event of theft, a company cannot remotely wipe a blackberry on BIS
07-07-09 07:22 PMLike 0 - The security concerns for Blackberries on BIS are:
- You are required to store your email credentials on a 3rd party BIS server not controlled by your company
- A company cannot force you to use strong passwords on your device
- In the event of theft, a company cannot remotely wipe a blackberry on BIS
As for the 3rd party (BlackBerry) "controlling" the emails, or how they're stored... doesn't BlackBerry have something in contracts that shows they won't interfere with emails stores on their servers? Or something to that effect...07-07-09 08:03 PMLike 0 - So if the concerns are so significant why do so many companies have the BlackBerry service and force the devices on their staff? I mean BB's stock didn't pop the last few years for no reason. Obviously the consumer market took off but the business market appears to be booming as well.
Don't get me wrong, a Blackberry on BIS is still an incredibly secure device, RIM is the best in the business when it comes to email security, but if we are talking about confidential or mission critical data you are not going to store it on a 3rd party server without a specific contract between your company and that provider as well as a Service Level Agreement guaranteeing acceptable uptime and access to your data, neither of which you will get with a Blackberry on BIS.07-07-09 08:51 PMLike 0 - random thought here, but couldn't a security concern for her be that her device has a camera on it? If I understood correctly, the OP said that she assumed that it was the email on the phone...07-07-09 08:59 PMLike 0
- I know people that work at 3 of the big 4 accounting firms, all of whom were encouraged to get blackberries before they even started. I don't know if they paid for the devices, but the service was 100% reimbursed every month.07-08-09 02:22 AMLike 0
- Sith_ApprenticeMod Team EmeritusCompanies cannot justify the cost of a BES but deploy FAR less secure methods for important data. Look at all the security ratings the BES has. BlackBerry - BlackBerry Security Approvals and Certifications It doesnt get more secure than this. And those do not include just BES, many of those are device side. I point to
Originally Posted by BlackBerry.comCommon Criteria Evaluation Scheme
The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 25 countries, including Australia, Canada, France, Germany, the United Kingdom and the United States of America. The following BlackBerry products have obtained a Common Criteria EAL 2+ certification:
* BlackBerry Device Software v4.5
* BlackBerry Device Software v4.2.2
* BlackBerry Device Software v4.2.1
* BlackBerry Device Software v4.2
* BlackBerry Device Software v4.1
* BlackBerry Enterprise Server v4.1.4
* BlackBerry Enterprise Server v4.1.3
The BlackBerry Enterprise Solution is the first wireless platform to earn Common Criteria EAL 4+ certification. The following BlackBerry products have obtained EAL 4+ certification:
* BlackBerry Enterprise Server v5.007-08-09 06:01 AMLike 0 - I think thats kinda funny.
There are some reasons I have heard for large companies opting away from blackberries, but never has security been one of them.07-08-09 06:14 AMLike 0 - worked for a Big 4 accounting firm
for starters blackberry's are known as the most secure mobile smartphone out there..
It doesnt get more secure than this.The following BlackBerry products have obtained a Common Criteria EAL 2+ certification
From wikipedia and as someone involved in security and assurance evaluations dating back to the days of the Orange book, I agree.
Now, this is a secure phone: Sect�ra Edge (about $3k with a two year contract)07-08-09 06:34 AMLike 0 - Generally, a company that requires it's staff to carry a Blackberry will invest in a Blackberry Enterprise Server implementation (BES). BES allows for complete control of a BB device. The BES admin can see every bit of information that passes through the device. In addition, they have complete control over what can and cannot be installed on that device as well as the ability to remotely wipe a lost or stolen Blackberry. The BES servers are also hosted by the company, so they maintain complete control at all times. A typical implementation will be thousands of dollars and require a staffed BES administrator.
I'm sure they do, but a company still has no control over what happens on a 3rd party Blackberry server.
Don't get me wrong, a Blackberry on BIS is still an incredibly secure device, RIM is the best in the business when it comes to email security, but if we are talking about confidential or mission critical data you are not going to store it on a 3rd party server without a specific contract between your company and that provider as well as a Service Level Agreement guaranteeing acceptable uptime and access to your data, neither of which you will get with a Blackberry on BIS.
When you say the servers are hosted by the company, do you mean hosted by BlackBerry or hosted by the company that purchased the services?07-08-09 10:12 AMLike 0 -
...or is the BlackBerry service simply deemed too expensive to some companies when compared to other email services?07-08-09 10:17 AMLike 0 - 07-08-09 12:05 PMLike 0
-
A BES server is ususally but not always hosted by the company that purchases the software. You can buy a hosted BES service where the servers are hosted by a 3rd party but your BES administrator still has full control of the devices.07-08-09 12:59 PMLike 0 - Yep, every piece of information that passes through a BB on BES is available to the administrator. Calls, Messages, SMS, BBM, Browing history, the whole nine.07-08-09 06:07 PMLike 0
- This may be default behavior, but it is an unsecure practice. The administrator should only have access to administrative resources, private data should be exactly that and controlled by each users' private key. Access to these keys, should be availiable for auditing/forensic purposes, but only with executive authority and the technical means to enforce it (which are beyond the scope of this post)07-09-09 11:20 AMLike 0
- Security is such a buzz word now that most companies don't know a thing about it.
One of the biggest issues (as stated earlier in this thread) is giving your password to a 3rd party (for BIS).
However, it is amusing when companies state this as a 'security concern', but will allow WinMo and iPhones to use ActiveSync to get their email. If one of those devices is stolen and the radio is turned off, there is no way to wipe those devices remotely. I also bet some of these companies are still using IMAP and SMTP that is NOT over SSL ...
If people really want their confidential and proprietary emails to be secured, try a little thing called S/MIME. (And yes, I know you can't encrypt/decrypt email using BIS, but maybe some things you just shouldn't be able to access on your phone.)07-09-09 12:46 PMLike 0 - Security is such a buzz word now that most companies don't know a thing about it.
One of the biggest issues (as stated earlier in this thread) is giving your password to a 3rd party (for BIS).
However, it is amusing when companies state this as a 'security concern', but will allow WinMo and iPhones to use ActiveSync to get their email. If one of those devices is stolen and the radio is turned off, there is no way to wipe those devices remotely. I also bet some of these companies are still using IMAP and SMTP that is NOT over SSL ...
If people really want their confidential and proprietary emails to be secured, try a little thing called S/MIME. (And yes, I know you can't encrypt/decrypt email using BIS, but maybe some things you just shouldn't be able to access on your phone.)07-09-09 01:58 PMLike 0 - While I agree with your overall statement, it is incorrect to state that you cannot remote wipe an ActiveSync connected device. That ability is available to an admin via the exchange management console and also to end users via OWA in our implementation. I'm pretty sure it's standard fare.07-09-09 02:06 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Is BlackBerry email secure?
LINK TO POST COPIED TO CLIPBOARD