We are going to be rolling out Blackberries(ys?) to our mobile staff and I
wanted to know if anyone knows of any white papers or advisories on securing
them.
We are already looking at the usual mobile device security practices we have
in place but I would like something more specific for the device.
We will be using the BIS service(ie no Exchange server run in-house, all
mail goes via the provider's BB server.) Some would say this is inherently
insecure but this is a financial reality that we have to live with.
There is encryption between the device and the provider and vice versa but
I'm not sure what type of encryption it will use--maybe AES or 3DES. I still
have no definite answer.
However, is there any native way of encrypting data on the device itself?
Blackberry's site is thin for anything like this-it has plenty for the BES
solution--I'm just unsure as to how different BIS will be in this respect.
The provider's tech team has been a little sketchy too, they have only just
begun to roll these out to customers so I'm guessing that they know as much
as I do--which is not a huge amount.(I actually had to tell them that we
would be able to use the BIS system when none of them knew if our pop3
server would be able to work with it.)
Googling this seems to give me a lot of vague docs but nothing in the way of
specifics.
Kind Regards
Murad Talukdar
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
