1. darko m's Avatar
    I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.

    I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?

    ...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?
    07-07-09 06:21 PM
  2. dictoresno's Avatar
    most big businesses, including government agencies, rely on blackberrys well known secure email and servers. so i dunno why they deem it unsecure.
    07-07-09 06:39 PM
  3. greydarrah's Avatar
    I read a post in this section earlier today about the army not allowing a pop3 email account to be added to a BB because of security reasons. I would guess this is a complex subject that can't be stated ina black and white fashion regarding BB as a device.
    07-07-09 06:48 PM
  4. darko m's Avatar
    I read a post in this section earlier today about the army not allowing a pop3 email account to be added to a BB because of security reasons. I would guess this is a complex subject that can't be stated ina black and white fashion regarding BB as a device.
    What does pop 3 mean?
    07-07-09 06:52 PM
  5. millet's Avatar
    I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.

    I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?

    ...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?
    I kinda know what she means - I work in the NHS and currently get my hospital email on BES no probs but cannot get the national NHSnet email on my BB as the BB doesn't have the activsync MS software required and something about security due to the time the device takes to lock? The only way I could get NHSnet email pushed to my BB would be to use 3rd party software that addresses the issues but also costs initially to buy and then annually to maintain - kinda sucks huh? She's right too, if I had a windows mobile based smartphone I could get the email no probs! Still not giving up my BB though!
    07-07-09 06:56 PM
  6. armedtank's Avatar
    I met this girl over the weekend who worked for a Big 4 accounting firm and noticed she has a new BlackBerry Curve 8900. I asked her if work paid for it and she said no, her firm doesn't allow BlackBerrys to be used with work due to "security concerns". She then went on to say/assume it was something to do with email security? I don't know what that even means? She said other devices like Windows OS devices are approved, and she's only seen a couple really high up people with BlackBerrys.

    I have a lot of friends that work for pretty well known companies that get free BlackBerrys first day on the job...so I'm wondering why they don't seem to have a problem with them?

    ...or are the "security concerns" a BS excuse and they really just don't want to pay for the service? But even then, I thought corporations get a huge discount?
    The security concerns for Blackberries on BIS are:

    • You are required to store your email credentials on a 3rd party BIS server not controlled by your company
    • A company cannot force you to use strong passwords on your device
    • In the event of theft, a company cannot remotely wipe a blackberry on BIS
    I have multiple large clients who are doing the same, they don't want to continue paying for a BES implementation. Windows mobile and even the iPhone support pin enforcement and remote wipe capabilities via Outlook policies and those solutions require no 3rd party tools or servers.
    07-07-09 07:22 PM
  7. millet's Avatar
    What does pop 3 mean?
    Just means the way that the email is sent and delivered to you. Stands for Post Office Protocol 3 and is one way of setting up a mail account for PCs / devices etc
    07-07-09 07:25 PM
  8. darko m's Avatar
    The security concerns for Blackberries on BIS are:

    • You are required to store your email credentials on a 3rd party BIS server not controlled by your company
    • A company cannot force you to use strong passwords on your device
    • In the event of theft, a company cannot remotely wipe a blackberry on BIS
    I have multiple large clients who are doing the same, they don't want to continue paying for a BES implementation. Windows mobile and even the iPhone support pin enforcement and remote wipe capabilities via Outlook policies and those solutions require no 3rd party tools or servers.
    So if the concerns are so significant why do so many companies have the BlackBerry service and force the devices on their staff? I mean BB's stock didn't pop the last few years for no reason. Obviously the consumer market took off but the business market appears to be booming as well.

    As for the 3rd party (BlackBerry) "controlling" the emails, or how they're stored... doesn't BlackBerry have something in contracts that shows they won't interfere with emails stores on their servers? Or something to that effect...
    07-07-09 08:03 PM
  9. armedtank's Avatar
    So if the concerns are so significant why do so many companies have the BlackBerry service and force the devices on their staff? I mean BB's stock didn't pop the last few years for no reason. Obviously the consumer market took off but the business market appears to be booming as well.
    Generally, a company that requires it's staff to carry a Blackberry will invest in a Blackberry Enterprise Server implementation (BES). BES allows for complete control of a BB device. The BES admin can see every bit of information that passes through the device. In addition, they have complete control over what can and cannot be installed on that device as well as the ability to remotely wipe a lost or stolen Blackberry. The BES servers are also hosted by the company, so they maintain complete control at all times. A typical implementation will be thousands of dollars and require a staffed BES administrator.

    As for the 3rd party (BlackBerry) "controlling" the emails, or how they're stored... doesn't BlackBerry have something in contracts that shows they won't interfere with emails stores on their servers? Or something to that effect...
    I'm sure they do, but a company still has no control over what happens on a 3rd party Blackberry server.

    Don't get me wrong, a Blackberry on BIS is still an incredibly secure device, RIM is the best in the business when it comes to email security, but if we are talking about confidential or mission critical data you are not going to store it on a 3rd party server without a specific contract between your company and that provider as well as a Service Level Agreement guaranteeing acceptable uptime and access to your data, neither of which you will get with a Blackberry on BIS.
    07-07-09 08:51 PM
  10. PMurray633's Avatar
    random thought here, but couldn't a security concern for her be that her device has a camera on it? If I understood correctly, the OP said that she assumed that it was the email on the phone...
    07-07-09 08:59 PM
  11. jamestbrewer's Avatar
    I know people that work at 3 of the big 4 accounting firms, all of whom were encouraged to get blackberries before they even started. I don't know if they paid for the devices, but the service was 100% reimbursed every month.
    07-08-09 02:22 AM
  12. noaim's Avatar
    for starters blackberry's are known as the most secure mobile smartphone out there..
    07-08-09 04:24 AM
  13. Sith_Apprentice's Avatar
    Companies cannot justify the cost of a BES but deploy FAR less secure methods for important data. Look at all the security ratings the BES has. BlackBerry - BlackBerry Security Approvals and Certifications It doesnt get more secure than this. And those do not include just BES, many of those are device side. I point to

    Common Criteria Evaluation Scheme

    The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 25 countries, including Australia, Canada, France, Germany, the United Kingdom and the United States of America. The following BlackBerry products have obtained a Common Criteria EAL 2+ certification:

    * BlackBerry Device Software v4.5
    * BlackBerry Device Software v4.2.2
    * BlackBerry Device Software v4.2.1
    * BlackBerry Device Software v4.2
    * BlackBerry Device Software v4.1
    * BlackBerry Enterprise Server v4.1.4
    * BlackBerry Enterprise Server v4.1.3

    The BlackBerry Enterprise Solution is the first wireless platform to earn Common Criteria EAL 4+ certification. The following BlackBerry products have obtained EAL 4+ certification:

    * BlackBerry Enterprise Server v5.0
    07-08-09 06:01 AM
  14. SolarPlexus's Avatar
    I think thats kinda funny.
    There are some reasons I have heard for large companies opting away from blackberries, but never has security been one of them.
    07-08-09 06:14 AM
  15. zzycatch's Avatar
    worked for a Big 4 accounting firm
    That should be a tip right there. The big four are about as corrupt and inept as them come. All their experts, are experts in sales first, technology second... and they wen't with the provider that offered the right exec the biggest bribe.

    for starters blackberry's are known as the most secure mobile smartphone out there..
    Among people who don't know security, that is true.

    It doesnt get more secure than this.
    The following BlackBerry products have obtained a Common Criteria EAL 2+ certification
    "EAL2 is therefore applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. Such a situation may arise when securing legacy systems."
    From wikipedia and as someone involved in security and assurance evaluations dating back to the days of the Orange book, I agree.

    Now, this is a secure phone: Sect�ra Edge (about $3k with a two year contract)
    07-08-09 06:34 AM
  16. cavingjan's Avatar
    It is also usually redundant effort/costs to set up both BES and ActiveSync. Both are effective but usually companies opt for one or the other.
    07-08-09 06:59 AM
  17. darko m's Avatar
    Generally, a company that requires it's staff to carry a Blackberry will invest in a Blackberry Enterprise Server implementation (BES). BES allows for complete control of a BB device. The BES admin can see every bit of information that passes through the device. In addition, they have complete control over what can and cannot be installed on that device as well as the ability to remotely wipe a lost or stolen Blackberry. The BES servers are also hosted by the company, so they maintain complete control at all times. A typical implementation will be thousands of dollars and require a staffed BES administrator.



    I'm sure they do, but a company still has no control over what happens on a 3rd party Blackberry server.

    Don't get me wrong, a Blackberry on BIS is still an incredibly secure device, RIM is the best in the business when it comes to email security, but if we are talking about confidential or mission critical data you are not going to store it on a 3rd party server without a specific contract between your company and that provider as well as a Service Level Agreement guaranteeing acceptable uptime and access to your data, neither of which you will get with a Blackberry on BIS.
    When you say every bit of information, do you mean even things like BBMs? So, does the BES admin work just for that company? Does he have the option to simply click a user name and then he's "inside" that user's BlackBerry?

    When you say the servers are hosted by the company, do you mean hosted by BlackBerry or hosted by the company that purchased the services?
    07-08-09 10:12 AM
  18. darko m's Avatar
    That should be a tip right there. The big four are about as corrupt and inept as them come. All their experts, are experts in sales first, technology second... and they wen't with the provider that offered the right exec the biggest bribe.
    So, again is the security thing she mentioned bogus? Or does it have more to do with potential bribes/discounts offered to the execs who make that kind of decision?

    ...or is the BlackBerry service simply deemed too expensive to some companies when compared to other email services?
    07-08-09 10:17 AM
  19. tomasjdaniel's Avatar
    They are just as secure as anything else. PPL just need to follow the best practices for each.
    07-08-09 12:05 PM
  20. armedtank's Avatar
    When you say every bit of information, do you mean even things like BBMs? So, does the BES admin work just for that company? Does he have the option to simply click a user name and then he's "inside" that user's BlackBerry?
    Yep, every piece of information that passes through a BB on BES is available to the administrator. Calls, Messages, SMS, BBM, Browing history, the whole nine. I'm not a BES admin but I would imagine a list of pins with the accompanying usernames is used to idetify a given device.

    When you say the servers are hosted by the company, do you mean hosted by BlackBerry or hosted by the company that purchased the services?
    A BES server is ususally but not always hosted by the company that purchases the software. You can buy a hosted BES service where the servers are hosted by a 3rd party but your BES administrator still has full control of the devices.
    07-08-09 12:59 PM
  21. zzycatch's Avatar
    Yep, every piece of information that passes through a BB on BES is available to the administrator. Calls, Messages, SMS, BBM, Browing history, the whole nine.
    This may be default behavior, but it is an unsecure practice. The administrator should only have access to administrative resources, private data should be exactly that and controlled by each users' private key. Access to these keys, should be availiable for auditing/forensic purposes, but only with executive authority and the technical means to enforce it (which are beyond the scope of this post)
    07-08-09 06:07 PM
  22. CanuckBB's Avatar
    This may be default behavior, but it is an unsecure practice. The administrator should only have access to administrative resources, private data should be exactly that and controlled by each users' private key. Access to these keys, should be availiable for auditing/forensic purposes, but only with executive authority and the technical means to enforce it (which are beyond the scope of this post)
    BES admins are usually bound by confidentiality and non-access agreements. And trust me, we have better things to do than to peek at PIN mesaages all day. I won't go into the logs unless requested to do so.
    07-09-09 11:20 AM
  23. dst255's Avatar
    Security is such a buzz word now that most companies don't know a thing about it.

    One of the biggest issues (as stated earlier in this thread) is giving your password to a 3rd party (for BIS).

    However, it is amusing when companies state this as a 'security concern', but will allow WinMo and iPhones to use ActiveSync to get their email. If one of those devices is stolen and the radio is turned off, there is no way to wipe those devices remotely. I also bet some of these companies are still using IMAP and SMTP that is NOT over SSL ...

    If people really want their confidential and proprietary emails to be secured, try a little thing called S/MIME. (And yes, I know you can't encrypt/decrypt email using BIS, but maybe some things you just shouldn't be able to access on your phone.)
    07-09-09 12:46 PM
  24. armedtank's Avatar
    Security is such a buzz word now that most companies don't know a thing about it.

    One of the biggest issues (as stated earlier in this thread) is giving your password to a 3rd party (for BIS).

    However, it is amusing when companies state this as a 'security concern', but will allow WinMo and iPhones to use ActiveSync to get their email. If one of those devices is stolen and the radio is turned off, there is no way to wipe those devices remotely. I also bet some of these companies are still using IMAP and SMTP that is NOT over SSL ...

    If people really want their confidential and proprietary emails to be secured, try a little thing called S/MIME. (And yes, I know you can't encrypt/decrypt email using BIS, but maybe some things you just shouldn't be able to access on your phone.)
    While I agree with your overall statement, it is incorrect to state that you cannot remote wipe an ActiveSync connected device. That ability is available to an admin via the exchange management console and also to end users via OWA in our implementation. I'm pretty sure it's standard fare.
    07-09-09 01:58 PM
  25. dst255's Avatar
    While I agree with your overall statement, it is incorrect to state that you cannot remote wipe an ActiveSync connected device. That ability is available to an admin via the exchange management console and also to end users via OWA in our implementation. I'm pretty sure it's standard fare.
    Very true. I stated if phone was stolen and the radio was turned off, then it wouldn't be possible. Granted, it would take a thief who was after the data on the phone, and not the phone itself, which is very unlikely.
    07-09-09 02:06 PM
36 12
LINK TO POST COPIED TO CLIPBOARD