[Soapm]

I just got my BB running just the way I want it. I have everything except wireless syncing of contacts cuz we still have BES 3.6. I've got the filters set just right, level 1 alerts just right and finally got every rule I can imagine set in outloook, you guessed it, just right. Life is GREAT.

I just got a call from IT, the company has now concluded that a personal BB on the company email is a security risk and they will all soon be turned off. I asked how can a personal BB be anymore a security risk than a company paid one especially since MDS (internet) is shut off on the BES. They had no answer except their management concluded that personal BB's are a security risk.

How can these guys make my life any omre miserable? I know some of you guys work in IT, I ask, please consider the impact of the end user before making changes, try and let them know in advance.

[ladydi]

I work in IT and I too have been burned by these sorts of policies. They don't usually come from the unfortunate soul who had to call and give you the bad news, but from managers whose attention somehow got drawn in the direction of wireless devices. A managers' job is to write policy and if there is no policy to write, then they have no job.

Realistically, IT doesn't want to support personal devices. It becomes a very time consuming headache and frustrating for the user when the device doesn't work and IT has no power to replace it.

The security risk is that if company info gets out because you left your personal device lying around, it's the company's fault for not forbidding it. If the info gets out because you left a company device lying about, they can fire you or hold you financially responsible for it. At least that is the way it is in municiple gov in WA.

[T-Roy]

All BlackBerry models meet the strict security requirements of ...other BlackBerries... so your IT dept. sounds uneducated. Infact I would recommend not using a personal BlackBerry if your company provides you with one only because they can apply IT Policies to your handheld that you cannot remove.

[MarvinK]

I think it generally has more to do with getting the data OFF the personal Blackberry if you leave the company--and the mess of supporting personal equipment. Unfortunately, not all users are self-sufficient with their own devices.

Your company still has to pay for the BES CAL--if you have a business need for a Blackberry, make them pay for it. If you don't have a need--why make the company pay for the CAL or deal with the mess of getting it off your personal equipment when you leave the company?

[Soapm]

Recently the company gave us the choice of using our own BB and they reimberse for the data plan or we could get the company BB which comes without the phone enabled. Since I had my own I chose to use it to keep from carrying more than one device. This was the sole reason i bought this BB, was to keep from carrying more than one device (pager and phone) and to keep from having to log on the old laptop to see if anything urgent was in my mail.

i do see the point about company data though I don't really "store" anything on the BB since it has only 32 megs of memory. We used to be able to log into the company from my personal home puter but they shut that off also. I guess times are changing and security is now the hot word of the day...

[jibi]

Welcome to the world of Sarbanes-Oxley...

I think the point about termination/separation is the only real security risk. They can push down policy one way or the other. I know you've been contacting your administrators lately (atleast I gather that), so that may be another issue that has caused the new policy.

If they gave you the option in the first place, then I'd try and push that. Or, at the very least, get reimbursed for your handheld (if you can), assuming that you had to pay out of pocket.

[Rancor]

Quote:

Originally Posted by T-Roy

All BlackBerry models meet the strict security requirements of ...other BlackBerries... so your IT dept. sounds uneducated. Infact I would recommend not using a personal BlackBerry if your company provides you with one only because they can apply IT Policies to your handheld that you cannot remove.

Strict security requirements can also include restricting the ability to send sensitive information outside the company walls.
Personal Blackberry’s are something that allows unregulated communications and can be considered a security risk.
Yes, so too do mobile phones, they are also just as risky.
In some cases the Outbox for snail mail can be a huge risk too.
An employee can simply place a document in an envelope and send it outside if mail is not closely monitored.

My guess this is one of the reasons you do not find cameras on the Blackberry's, imagine that. Click, send, Top secret exposed.
Blackberry's would be banned everywhere.
eg. Many car manufacturers will not even allow mobile phones with cameras into their factories for that reason.

So before you send your mind below the belt, measuring the tightness of your IT departments anus, think about the type of information your company might be protecting and respect their right to protect it.

Of course some IT managers are just plain Tight Arses!

[Soapm]

Quote:

Originally Posted by jibi

Welcome to the world of Sarbanes-Oxley...

I know you've been contacting your administrators lately (atleast I gather that), so that may be another issue that has caused the new policy.

I think you hit the nail on the head. I think my ticket opening days have ended and hopefully they will forget I exist...

[TheWastedYears]

Guys who have corporate devices generally have to sign various forms agreeing to how the device will be used, handled, etc and what may/may not happen in the event of loss. Legally, I'd have a very difficult time enforcing my strict policy on a device not owned by the company.

In companies where only "mission critical" guys get BBs, I've seen instances where some employees wanted Blackberries anyway, bought them out-of-pocket and were allowed to activate on the BES. When these BBs were lost w/ no insurance, the employees expected the company to buy them new ones. Though, the same could be said for employees who use personal laptops on the corporate hotspot.

Being that I'm the guy who writes IT policy for my company, I'd have to side w/ the company on this one. If we didn't buy it, I wouldn't want it on our network. Too much potential for headaches.

[bfrye]

We're the same way...

We've had this discussion before though, and the bottom line is if you're going to put your BB on your company's BES, then you must adhere to thier security policies.

If you're going to use a company BB, then don't expect to be able to play with it like your personal BB.

Those policies are there for a reason. Even if you don't see the reason, someone else does.

They might deny MDS access globally because they pay a per/Kb usage charge and don't want users running up charges with instant messenger apps or browsing the internet.

They might not want users setting up their personal email because it could violate the integrity of the company if personal/business emails get mixed up and inadvertently sent out.

[aspen_leaf]

I have a sneaky suspicion that I know exactly who Soapm works for and all I can say is build a bridge and get over it. I manage the BES servers for the company and corporate information on a personal device is in direct violation of the MSB. If you think you know better how security should be run and the policies they have to answer for should be enforced, then apply for a position.

We push corporate policy to the handhelds and the personal users are the first to complain even though you had to agree to all terms prior to being allowed on the BES. Not to mention the thousands of users we have to manage for BB’s alone and pay for the CAL’s out of our expense budget.

If you have legitimate business justification for a BB then request one from your management. If not, keep crossing that bridge boss.

[bfrye]

touche...

[dkmadrid]

Well put...

[jscully]

My 2 cents....
the strength of a BES really is to wirelessly sync contacts, and run some crazy MDS programs....
write it off as a loss, you're not using the BES to sync anyway!
Remove yourself from the BES, and in your regular e-mail (Outlook), run a rule to foward a copy of all e-mail to your blackberry, and no-one will be any the wiser.
for the crazy MDS programs, look to the other solutions (mailstreet) etc.
lates,
scully

[Soapm]

Quote:

Originally Posted by aspen_leaf

I have a sneaky suspicion that I know exactly who Soapm works for and all I can say is build a bridge and get over it. I manage the BES servers for the company and corporate information on a personal device is in direct violation of the MSB...

If you have legitimate business justification for a BB then request one from your management. If not, keep crossing that bridge boss.

This is exactly what I mean, I can't even vent my frustrations to a group of virtual friends without the company finding me and making me feel small. Sometimes I feel like I'm going to wake up and realize this was all a dream. Well I got other things to cry about now, the wife just found out her cancer is back and terminal. Really sucks to be me these days but i'll keep crossing my bridge...

Thanks

[SDCromer]

Quote:

Originally Posted by jibi

Welcome to the world of Sarbanes-Oxley...

SOX has made my life much less convenient. I am part of our company's 25 user Blackberry pilot program. We just got BES up and running and life was good. Then all of a sudden I have to enter a 7 character password and I have a timeout of just 15 minutes. Do you know what a pain in the a$$ it is to enter 7 charachters and then hit the enter key just to make a phone call? I have seriously considered boxing up the Blackberry and sending it back.

[TwinTurbo]

Quote:

Originally Posted by aspen_leaf

I have a sneaky suspicion that I know exactly who Soapm works for and all I can say is build a bridge and get over it. I manage the BES servers for the company and corporate information on a personal device is in direct violation of the MSB. If you think you know better how security should be run and the policies they have to answer for should be enforced, then apply for a position.

We push corporate policy to the handhelds and the personal users are the first to complain even though you had to agree to all terms prior to being allowed on the BES. Not to mention the thousands of users we have to manage for BB’s alone and pay for the CAL’s out of our expense budget.

If you have legitimate business justification for a BB then request one from your management. If not, keep crossing that bridge boss.

I agree. I am in the same type of role at another large company. It's not just security policy. There are many issues with personally owned blackberry devices:

1. Corporate data residing on a personal device: This is both a security and legal risk. There are controls to minimize these risks but it adds layers of complexity to centrally managing the program. Sarbanes Oxley makes this even more complicated. It is much more ideal for the device to be a corporate asset vs. a personal asset.

2. Personal blackberry connecting to corporate email system via BES vs. desktop email redirector: One is "secure" while the other is not. Most personal users try to setup a desktop redirector that is not secure or encrypted. And do you really want your sensitive corporate email being forwarded through some third party service provider in an unencrypted format?

3. Licensing: CALs are not free. Additional budget considerations need to be made for personal devices connecting to the BES.

4. Scalability Each BES can only scale to around 2,000 users. Servers are not free and neither is the data center and associated support costs. The cost of adding additional servers can be prohibitive to any corporate blackberry program. And just like the CAL's, there is no way to recover these infrastructure costs internally from personal users.

5. Support There are limited support resources as it is for corporate devices which are usually the same model and code version. Now add personal devices and all those variables to the mix. It adds complexity and costs that cannot be recovered.

These are just some of the reasons why many companies do not allow personal blackberry devices.