BlackBerry Enterprise Server (BES) Security Checklist Helps ID Risks
How secure is your organization's BES and associated BlackBerry devices? Use this checklist to help identify security holes.
By Al Sacco
Managing Editor, CIO
Research In Motion’s (RIM) BlackBerry Enterprise Server (BES) software is known through the IT industry for its proven security safeguards. But any BES is really only as secure as the responsible administrator(s) makes it, right?
In the most recent edition of the BlackBerry Connection newsletter, RIM distributed an interesting set of check-lists meant to help BES admins accurately gauge their organizations’ BlackBerry security. The exercises are a bit basic—especially if you’re managing a BES with lots of custom settings. But it’s a great starting point for admins looking to ensure their BES infrastructure is as secure as possible.
RIM included two checklists in the newsletter—one on securing BlackBerry handhelds and data contained within and another on secure communications to and from BlackBerrys. But I’m only listing the first here. Pop-on over to RIM’s website for the second checklist.
“Are you sure your organization’s data is protected? With all the security features built into the BlackBerry Enterprise Server and the new BlackBerry Enterprise Server Express you would think the answer to be, ‘plenty sure.’ But just as an unlocked house keeps only honest men out, all the security features in the world cannot help you if you do not turn the locks.”
Checklist: Secure the Mobile Device and Its Data
Label mobile devices with a serial number and a toll-free telephone number. Also add the device owner’s name and phone number to the BlackBerry smartphone’s Owner feature. Hint: Find the Owner feature by going to Options/Owner.
Require users to authenticate using security passwords.
Define authentication features such as password expiry, maximum number of attempts, password length, and complexity. Hint: Click here for example password IT policies.
Ensure that all devices have timeout mechanisms that automatically prompt for a password after a period of inactivity. Hint: Review how your users will be interacting with their devices to balance between security and usability.
Regularly back up all data on the device. Hint: Backup is automatic with the BlackBerry Enterprise Solution.
Keep mobile device software and settings up to date (OS patches, server patches, and apply the latest IT policy settings). Hint: BlackBerry Enterprise Server v5 and BlackBerry Enterprise Server Express can make device updates over the air.
Specify whether or not applications, including third-party applications, on the mobile device can initiate specific types of connections. Hint: Review your policies for connections to BluetoothŽ devices, the USB port, the corporate network, and so on.
Enforce security and policy controls through an IT-managed server.
Al Sacco was a journalist, blogger and editor who covers the fast-paced mobile beat for CIO.com and IDG Enterprise, with a focus on wearable tech, smartphones and tablet PCs. Al managed CIO.com writers and contributors, covered news, and shared insightful expert analysis of key industry happenings. He also wrote a wide variety of tutorials and how-tos to help readers get the most out of their gadgets, and regularly offered up recommendations on software for a number of mobile platforms. Al resides in Boston and is a passionate reader, traveler, beer lover, film buff and Red Sox fan.