by Al Sacco

BlackBerry Enterprise Server (BES) Security Checklist Helps ID Risks

Apr 21, 2010
MobileSmall and Medium Business

How secure is your organization's BES and associated BlackBerry devices? Use this checklist to help identify security holes.

Research In Motion’s (RIM) BlackBerry Enterprise Server (BES) software is known through the IT industry for its proven security safeguards. But any BES is really only as secure as the responsible administrator(s) makes it, right?

BlackBerry Bold 9700 with padlock on its display

In the most recent edition of the BlackBerry Connection newsletter, RIM distributed an interesting set of check-lists meant to help BES admins accurately gauge their organizations’ BlackBerry security. The exercises are a bit basic—especially if you’re managing a BES with lots of custom settings. But it’s a great starting point for admins looking to ensure their BES infrastructure is as secure as possible.

RIM included two checklists in the newsletter—one on securing BlackBerry handhelds and data contained within and another on secure communications to and from BlackBerrys. But I’m only listing the first here. Pop-on over to RIM’s website for the second checklist.

From RIM:

“Are you sure your organization’s data is protected? With all the security features built into the BlackBerry Enterprise Server and the new BlackBerry Enterprise Server Express you would think the answer to be, ‘plenty sure.’ But just as an unlocked house keeps only honest men out, all the security features in the world cannot help you if you do not turn the locks.”

Checklist: Secure the Mobile Device and Its Data

  • Label mobile devices with a serial number and a toll-free telephone number. Also add the device owner’s name and phone number to the BlackBerry smartphone’s Owner feature. Hint: Find the Owner feature by going to Options/Owner.

  • Require users to authenticate using security passwords.

  • Define authentication features such as password expiry, maximum number of attempts, password length, and complexity. Hint: Click here for example password IT policies.

  • Ensure that all devices have timeout mechanisms that automatically prompt for a password after a period of inactivity. Hint: Review how your users will be interacting with their devices to balance between security and usability.

  • Protect mobile devices from malicious third-party applications. Hint: Read “Protecting the BlackBerry Smartphones Platform Against Malware.”

  • Regularly back up all data on the device. Hint: Backup is automatic with the BlackBerry Enterprise Solution.

  • Keep mobile device software and settings up to date (OS patches, server patches, and apply the latest IT policy settings). Hint: BlackBerry Enterprise Server v5 and BlackBerry Enterprise Server Express can make device updates over the air.

  • Specify whether or not applications, including third-party applications, on the mobile device can initiate specific types of connections. Hint: Review your policies for connections to BluetoothŽ devices, the USB port, the corporate network, and so on.

  • Enforce security and policy controls through an IT-managed server.

For more on BlackBerry user security, read my recent post, “BlackBerry Security Basics: Five Tips to Keep Your Smartphone Safe.”

And if you’re not already subscribed to RIM’s BlackBerry Connections newsletter, you can sign up on the company’s website.