[MisterGriffiths]

I'm interested to know how many of us in the 'community' use the BES IT Policy to enforce Content Protection on the handheld.

[knottyrope]

Wipe the Micros SD card NO.

Wipe device on 10 failed password attempts yes.

[jimbob_]

4 character password, 1 hour timeout. wipe on 10 failed attempts.

New security guy wants Content Protection-i told him this was less critical than getting our desktops off IE 6.

[wistowg]

I'm being pressured to but 90 minutes to wipe a content protected handheld device is going to be resisted by the support teams

[MisterGriffiths]

Quote:

Originally Posted by wistowg

I'm being pressured to but 90 minutes to wipe a content protected handheld device is going to be resisted by the support teams

Know what you mean, that scrubbing takes forever.

Have you considered making a copy of your IT Policy and naming it something like Content Protection Unlocked, then disable the Content Protection settings in the new IT Policy. When ever you want to wipe a device, assign this policy to the user/device, once it has been applied, disable Content Protection on the handheld, then do the Security Wipe?

[DarthBBerry]

Content Protection enabled for device and media cards. No exceptions. Kill your device, kill the media card too. No exceptions.

I rule those BBs with an iron virtual fist. No mercy.

[Wiseass]

Man I'd love to have some security/content protection here, but even upper management and the VPs won't have it. We're not a large company by any means (3000 total users of Lotus Notes, about 350 Blackberry Users), however even the littlest change would throw them into a tizzy.

[DarthBBerry]

Quote:

Originally Posted by Wiseass

Man I'd love to have some security/content protection here, but even upper management and the VPs won't have it. We're not a large company by any means (3000 total users of Lotus Notes, about 350 Blackberry Users), however even the littlest change would throw them into a tizzy.

Use the "what if the competition got your BlackBerry" scenario. They might go for a bit of security then. Or even use the analogy that a BB is a mini computer in your hand. As long as the desktops/laptops have security, the BBs need them too.

[MisterGriffiths]

Firstly, thank you to the 16 who have entered the poll so far. Not sure why the other 230 odd visitors didn't have the time to click a button but there you go.

I have a related question to the poll but I'm not sure whether to pose it here or in the 9700 discussion thread. Think I will start here as most Admins usually get to hear if there are issues with firmware.

We have an odd problem with some new 9700's running v5.0.0.421 firmware.

We enforce Content Protection on all handhelds and we have found that after activating one of these new devices, any recurring appointments in the calendar that have a 'Reminder' set on them, will be duplicated on the handheld at the time the 'Reminder' goes off.

Anyone else with a similar set-up and device/OS seeing this?

[pdubya]

Got this today for a similar issue:
www_blackberry_com/btsc/documentLink.do?externalID=KB21364

[MisterGriffiths]

Indeed. We eventually proved our case to RIM.

[pootshwan]

I think the real question is why would any company go without content protection?

[MisterGriffiths]

Must say, I'm somewhat surprised by the poll results. I would have thought more companies were getting wise to protecting mobile data.

[the-economist]

Quote:

Originally Posted by MisterGriffiths

Must say, I'm somewhat surprised by the poll results. I would have thought more companies were getting wise to protecting mobile data.

Usability and security are sitting on opposing ends. Every time you move towards one end, you're getting further away from the other. A truly usability friendly system is not that secure, an open door is extremely user friendly, not secure though. 150 biometric tests and 2000 authentication mechanisms before a single char is type is rather secure. Usability is low though.

Management has to walk a thin line to maintain a policy that satisfies the potential compliance required while at the same time doesn't render business operations a struggle to accomplish.

Coming back to topic, the solution proposed by MisterGriffiths makes perfect sense and administratively would make life easier for the IT team while at the same time honours the sec policy that introduced the issue to start with.

[glenn4dde]

Quote:

Originally Posted by pootshwan

I think the real question is why would any company go without content protection?

pootshwan - Why would you say that? Do you know of any confirmed case where data was ever extracted off of a BlackBerry device (without the device being unlocked, of course)?

I can tell you one reason why a company would not use CP. Maybe if a company has 10's of thousands of devices running handheld code prior to version 4.3. In that case, the device will not accept an OTA password reset. That's a big reason.

[rdw]

We actually determined that with Content protection turned on, and the damn Bing push, it has dramatically slowed up our Berrys. Content Proection off, everything is ok. Our Director is so pissed off right now I hear him saying iphone iphone. This is from a Govt agency too.

Rim wanted us to send in diag logs but you have to turn off Content Protection for the necessary logs. rofl. Anyway we solved it by blocking ALL Application pushes from the BES Server. Blackberrys are once again fast with Content Protection turned on.

[CanuckBB]

Quote:

Originally Posted by pootshwan

I think the real question is why would any company go without content protection?

Other than the removable SD card, password protection effectively protects the content without the overhead.

[John Clark]

All content protection does is scrub the data so it can't be extracted by very high-tech agencies like the FBI. Once the device is wiped there is no way to get the data from the device unless you have sophisticated memory reading tools and most likely would have to remove the memory itself. I don't think the "competetion" is going to have this kind of arsenal in their pockets. That being said, for highly sensitive areas such as DoD the content protection was required. I really doubt it's necessary for much else. Enabling content protection has historically had unintented consequences...such as caller ID not working when locked, etc. Most Admins (aside from my DoD admin friends) I know do not require content protection. Passwords many say yes. Content Protection, no.

[SteveO86]

I've found Content protection to severely slow down the locking/unlocking on the BlackBerry.

I'd really hate to think I am lax on security, but as John Clark mentioned it would take quite the cracker to get the information off an already wiped BlackBerry, so I am very skeptical about enabling this.

Has their even been a single reported event of someone getting information off a wiped BB? (it's like the PDF fixes we did a dozen times last year)

[tduffy]

Quote:

Originally Posted by rdw

We actually determined that with Content protection turned on, and the damn Bing push, it has dramatically slowed up our Berrys. Content Proection off, everything is ok. Our Director is so pissed off right now I hear him saying iphone iphone. This is from a Govt agency too.

Rim wanted us to send in diag logs but you have to turn off Content Protection for the necessary logs. rofl. Anyway we solved it by blocking ALL Application pushes from the BES Server. Blackberrys are once again fast with Content Protection turned on.

What policy in the BES needs to be set to block all application pushes?