[d_wilson4]

Good Day All,

I would like to get some opinions on Security Policies. Our agency had not been running any handheld security policies on our blackberries for several years and have now (about 3 months ago) implented a policy of no thrid party applications. Over the last month the complaints have become overwhelming for my boss who as now tasked me to come up with a plan of attack on allowing certain applications or allowing all apps for some users and everyone else gets nothing. My main question is what software out there would you concider a definate security issue or no go on installing to your users blackberry?

A second question would be; did I miss something setting up a policy to allow Google Maps to work? I have a default policy that blockes everything and then a second policy that specificly allowed Google Maps. I had assumed after reading the BES Policy Reference Guide that this would only allow people to download it if they wanted it. Instead it installed the software to everyone of my test devices. Did I miss something?

Thanks,

Drew Wilson

[yk101]

Drew, there are 2 different policies to worry about.

1. IT Policy is the one you should use to restrict certain tasks, but if you restrict 3-rd party apps download you will not be able to install anything via Application Policy (see below).

2. Application Policy is the one yuou should use to push applications to the users that require it. Basically, you would set-up rules for Deny, Optional and Required (see elsewhere on this forum) and add applications to the policy. So, the overall policy would be to Deny all applications, except those specifically listed in the policy.

Create 2 (or more) groups of users and assign a blank Deny policy to those that do not need anything. Then create another App policy that has GMM and what ever else you want and set the applications as Required and Wireless. Assign that policy to the rest of the users that need it.

[ladydi]

I think that the issue you are going to run into here is that you cannot just insert a list of allowed apps into a policy. You would most likely want to set up a whitelist that allows only the apps you specify. the caveat is that these apps have to exist on your BES. So your company would have to purchase licenses for apps such as BB411 or games or whatever else they want (google maps is free of course) ***Beware the whitelist*** applied on an existing device, it will remove google maps and cause headaches. do lots of testing. I have been going round and round with RIM on this for the last month.

The other option is that you leave the "no 3rd party apps" IT policy in place and they have to request to have apps installed. then you have to remove them from policy, install said app and add back to policy.

At this time, there really is no better way to deal with it