Since I support an organization with 4 BES, with ~2000 users, my company has asked me for BB help. In my company the BES is support at a higher level than my local office, so the local office has no control over IT Policy. Recently, password enforcement was added to the IT Policy (8 characters and lock on holster) and it is tearing up the local staff. I have been asked how to circumvent the BES IT Policy and prevent the password policy. The local staff has even considered setting up PCs in VMWare to run Desktop redirector 24/7, so they can get their email without having to enforce a password. I must admit my first response to the question probably was that tactful and didn't contain my utter disbelief at the absurdity of the request. I told them that a password was a basic security requirement and if they wanted to complain I could provide them the IT Policy that is run at the organization. Ugh! Had to vent.

__________________
AUTIGER92
Exchange\Blackberry Admin
4 - BES Servers (4.1.6), 3 Exchange Organizations,
~1800 BB Users, and a headache.
War Eagle!!

I can see why they wouldn't like the lock on holster. I don't like that one either. What is the timeout period before it locks if not holstered? My employeer has it set to 60 minutes with only a 4 character password. I get a few people that complain every now and then but not much.

Holster lock is a pain, but not earth shattering. The Timeout is 60 minutes, I believe. They've taken to not putting the BB in the holster and still fret about it.

__________________
AUTIGER92
Exchange\Blackberry Admin
4 - BES Servers (4.1.6), 3 Exchange Organizations,
~1800 BB Users, and a headache.
War Eagle!!

I don't even get involved anymore. I give anyone who complains about the BB policy the name and # of our Compliance / Risk officer and tell them I only push the policy, all settings are governed by a joint collobration between security, compliance and legal.

I realize some likely don't have the layers I deal with but unless your some evil BES admin who just wants to piss people off the policy settings are decided by a much higher pay grade then I pull.

I offer my insight and end user usability feedback but often it is pushed aside in the name of security!

__________________

Security should be a top priority. I had to re-read your post and just amazed that your organization is trying to circumvent the policy. It only takes one instance of a lost or stolen hh to cause an uncomfortable situation. I've seen it happen. As a BES Admin, I also remove myself from this and fwd our electronic policy that was composed by those higher-ups. Stick to your guns and your peeps will adjust. Good luck.

Maybe I'm just Pro Management because in my BES Admin experience I have always participated in management decisions that specifically concern the BES infrastructure. More importantly, I've always felt that I have to support the decisions that have ultimately been agreed upon within the environment. I also feel it is a disservice if I can't adequately explain and defend the withstanding policies. The BES was created for the management and uniformity of blackberry devices. As soon as this position is swayed, it ultimately becomes an administrative nightmare. Lastly, if you have a user or group of users that don't understand the compromises of security, perhaps the device is not for them.

Don't get me wrong, I'm not caving to their request. Anyway, the I don't control the BES domain that they are in (I have my own two domains to support). They have asked me to circumvent another's IT Policies. They get no sympathy from me.

__________________
AUTIGER92
Exchange\Blackberry Admin
4 - BES Servers (4.1.6), 3 Exchange Organizations,
~1800 BB Users, and a headache.
War Eagle!!

Nuts!!! We use timeout (not device holster lock as most people don't use them) which is set to 10 minutes with a minimum 4 letter password requirement. I also have a list of illegal passwords which I impliment in that respect.

User revolt is often the largest challenge faced by any IT department looking to enhance mobile security, especially from senior employees who will claim they cannot put up with the likes of password entry. As difficult as it may be to convey the potential risk, especially with senior staff who, ironically, will have more sensitive information on their devices than anyone else in your device fleet, it is a diplomatic task of educating the employee that this is a necessary change for the security of the company.

With mobile devices increasingly providing access to the same levels of data which can be obtained and stored on laptops, the need for security enforcement via IT policy, at even the most basic level such as password enforcement, is clear to see.

__________________
Si MCTS
Co-Owner
Port3101 - Your BES Connection

Don't forget, you can follow us on Twitter

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.