Mobile WorkHorse

By Al Sacco
About this Blog:

Al Sacco writes about (and drools over) anything and everything mobile or wireless as it applies to the global workforce--with a focus on BlackBerry smartphones

| See Al's Posts
Al Sacco

BlackBerry Enterprise Server (BES) Security Checklist Helps ID Risks

How secure is your organization's BES and associated BlackBerry devices? Use this checklist to help identify security holes.

Posted April 21, 2010 to Mobile/Wireless |
. What's this?

Research In Motion's (RIM) BlackBerry Enterprise Server (BES) software is known through the IT industry for its proven security safeguards. But any BES is really only as secure as the responsible administrator(s) makes it, right?


BlackBerry Bold 9700 with padlock on its display

In the most recent edition of the BlackBerry Connection newsletter, RIM distributed an interesting set of check-lists meant to help BES admins accurately gauge their organizations' BlackBerry security. The exercises are a bit basic—especially if you're managing a BES with lots of custom settings. But it's a great starting point for admins looking to ensure their BES infrastructure is as secure as possible.

RIM included two checklists in the newsletter—one on securing BlackBerry handhelds and data contained within and another on secure communications to and from BlackBerrys. But I'm only listing the first here. Pop-on over to RIM's website for the second checklist.

From RIM:

"Are you sure your organization's data is protected? With all the security features built into the BlackBerry Enterprise Server and the new BlackBerry Enterprise Server Express you would think the answer to be, 'plenty sure.' But just as an unlocked house keeps only honest men out, all the security features in the world cannot help you if you do not turn the locks."

Checklist: Secure the Mobile Device and Its Data

  • Label mobile devices with a serial number and a toll-free telephone number. Also add the device owner's name and phone number to the BlackBerry smartphone's Owner feature. Hint: Find the Owner feature by going to Options/Owner.

  • Require users to authenticate using security passwords.

  • Define authentication features such as password expiry, maximum number of attempts, password length, and complexity. Hint: Click here for example password IT policies.

  • Ensure that all devices have timeout mechanisms that automatically prompt for a password after a period of inactivity. Hint: Review how your users will be interacting with their devices to balance between security and usability.

  • Protect mobile devices from malicious third-party applications. Hint: Read "Protecting the BlackBerry Smartphones Platform Against Malware."

  • Regularly back up all data on the device. Hint: Backup is automatic with the BlackBerry Enterprise Solution.

  • Keep mobile device software and settings up to date (OS patches, server patches, and apply the latest IT policy settings). Hint: BlackBerry Enterprise Server v5 and BlackBerry Enterprise Server Express can make device updates over the air.

  • Specify whether or not applications, including third-party applications, on the mobile device can initiate specific types of connections. Hint: Review your policies for connections to Bluetooth® devices, the USB port, the corporate network, and so on.

  • Enforce security and policy controls through an IT-managed server.

For more on BlackBerry user security, read my recent post, "BlackBerry Security Basics: Five Tips to Keep Your Smartphone Safe."

And if you're not already subscribed to RIM's BlackBerry Connections newsletter, you can sign up on the company's website.

AS

Print
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Browse CIO Blogs

See all CIO Blogs »

White Papers »
IT Management in the Cloud
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Citigroup Transforms Application Development with an IBM Cloud Solution
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
Extending the Value of Legacy Applications
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
The Hybrid Computing Proposition
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
Picking a Sensible Mobile Password Policy
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
Why You Should Consider Cloud-Based Email Archiving
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
Webcasts »
Does Your IT Initiative Require Real End User Experience Monitoring?
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
IPv6 is Coming...Are you Ready?
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Spear Phishing and the Modern Cyber Attack
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
The Business Case for Migrating to Red Hat Enterprise Linux
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social Media: The Impact on the Multichannel Contact Center and Your Customers
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Advanced Authentication Methods: Software vs Hardware
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy