Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® PlayBook™

Reply
New Contributor
Posts: 3
Registered: ‎08-04-2011
My Device: Blackberry Bold 9780
My Carrier: Orange

Playbook Device Password can be switched off by user in corporate setting

I am evaluating the Playbook from an IT security perspective for use in a large corporate environment where we already have a BES set-up. I'm impressed with the Blackberry Bridge security, but have major concerns about the Playbook device password. Unless I've missed something really obvious, it appears that we can't administratively force a Playbook device password. The user can unlock the Playbook, go into the settings and turn the password off.

 

The scenario that concerns me is where sensitive company documents are saved onto the Playbook either from email attachments viewed in Outlook Web Access (this gets around the Blackberry Bridge control that stops attachments from being saved to the Playbook), or copied from a PC to the Playbook via a USB connection. The user turns off the Playbook device password, loses the device, we report the loss to our regulatory authority which is distinctly unimpressed that we ended up with sensitive data lost on a device that we can't guarantee was password protected.

 

Could somebody please tell me that I'm being daft and have missed something very basic in the security model, and how the device password can be set as compulsory?!

Forums Veteran I
Posts: 2,359
Registered: ‎04-19-2011
My Device: Z10 & Playbook
My Carrier: Verizon Wireless

Re: Playbook Device Password can be switched off by user in corporate setting

You are correct, but is there a way thru BES that tbis could be done with an IT policy.
Be a Shepard and not an iSheep.
Guru III
Posts: 32,200
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry DTEK60, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Playbook Device Password can be switched off by user in corporate setting

If you enable encyption on media card, they cant transfer anything from the phone to the playbook but still be able to access it in bridge mode. If you have endpoint encryption on laptops, they wont be able to do much with the encrypted files unless they are opened on the laptop.

 

If wondering about security on the playbook with bridge, you do have to type in your smartphone password to acces bridge items.

 

soon there will be a compenant in BES 5 for playbook once the 3g/4g models are rolled out.

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


Trusted Contributor
Posts: 170
Registered: ‎04-23-2011
My Device: Bold 9700 and Playbook 64 Gb
My Carrier: Rogers

Re: Playbook Device Password can be switched off by user in corporate setting


Retreev wrote:

The scenario that concerns me is where sensitive company documents are saved onto the Playbook either from email attachments viewed in Outlook Web Access (this gets around the Blackberry Bridge control that stops attachments from being saved to the Playbook), or copied from a PC to the Playbook via a USB connection. The user turns off the Playbook device password, loses the device, we report the loss to our regulatory authority which is distinctly unimpressed that we ended up with sensitive data lost on a device that we can't guarantee was password protected.


If the users have access to OWA, then they could be saving attachments anywhere and you have no control over the attachment after it is saved.  You can't force a password on the Playbook through BES right now, but you also can't force a password on whatever device the user is accessing OWA from.  If you need that much control over the attachments, OWA probably shouldn't be available to the users.

Guru III
Posts: 32,200
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry DTEK60, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Playbook Device Password can be switched off by user in corporate setting

if they have OWA, maybe some BIS devices are getting emails and attachments on them that you have no control of.

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


New Contributor
Posts: 3
Registered: ‎08-04-2011
My Device: Blackberry Bold 9780
My Carrier: Orange

Re: Playbook Device Password can be switched off by user in corporate setting

Thanks for the comments, everyone.

 

I have our BES Administrator looking into whether a device password can be forced via Policy, but from what Quila467 wrote, it seems unlikely that it's an option.

 

My concern at the moment are the security policy requirements for Company-issued portable devices to be encrypted and password protected, and whether the Playbook can meet those needs. The risks associated with OWA are understood, within the Company's risk appetite, and have previously been officially accepted.

Guru I
Posts: 19,020
Registered: ‎07-29-2008
My Device: Passport, Playbook, 9320BES
My Carrier: Bouygues _ SFR

Re: Playbook Device Password can be switched off by user in corporate setting

well from my point of view, from a BES perspective, the PlayBook is just an accessory for the BlackBerry smartphone, alike a Bluetooth headset or a battery charger.

So it does not really needs any security, because it you want to access the BES world using a PlayBook, you need to access the BlackBerry smartphone... than can be password protected by IT policy.

so the PlayBook allows to access less or equal stuff as the Blackberry smartphone, but never more.



The search box on top-right of this page is your true friend, and the public Knowledge Base too:
Contributor
Posts: 17
Registered: ‎06-01-2011
My Device: storm 2 9550, Playbook
My Carrier: verizon

Re: Playbook Device Password can be switched off by user in corporate setting

The original poster was referring to accessing corporate email via Outlook Web Access. This allows user direct connection to corporate email via the browser which will allow the downloading of attachments directly to the playbook. As an officially sponsored device by a corporation, the ability to set a policy which enforces a requirement to keep a device password at all times is a must have. Is there a way to set such a policy through BES directly? There have been reports this week stating RIMM is having more than expected problems with porting BES to the playbook. Does anyone know anything regarding statements of the BES being enabled?
Guru I
Posts: 19,020
Registered: ‎07-29-2008
My Device: Passport, Playbook, 9320BES
My Carrier: Bouygues _ SFR

Re: Playbook Device Password can be switched off by user in corporate setting


djdimages wrote:
As an officially sponsored device by a corporation, the ability to set a policy which enforces a requirement to keep a device password at all times is a must have.


Well this is an assumption that you are currently making.

 

If the device (in this case the PlayBook) cannot store any information from the BES world, then it is failsafe and does not need to have that password protection. Just like you do not need any password protection for a mouse or an AC adapter.

And indeed if OWA allows for such storage, then OWA must be taken care of and not the PlayBook.




The search box on top-right of this page is your true friend, and the public Knowledge Base too:
New Contributor
Posts: 3
Registered: ‎08-04-2011
My Device: Blackberry Bold 9780
My Carrier: Orange

Re: Playbook Device Password can be switched off by user in corporate setting

Hi Xandrex

 

djdimages has identified the issue at the heart of my original question. djdimages is not making an assumption, because as I posted previously:

"My concern at the moment are the security policy requirements for Company-issued portable devices to be encrypted and password protected, and whether the Playbook can meet those needs."

We have a written security policy that we have to adhere to. It states that all Company-issued portable devices (capable of carrying data) need to be encrypted and password protected.

 

Mice and AC adapters are not usually designed to carry data and generally don't. The Playbook has significant amounts of memory that can be utilised in a similar manner to a memory stick/flash drive.

 

I can connect my Blackberry smartphone to my PC via USB and copy files to it . Those files are then sitting on an encrypted and password protected portable device. The password cannot be switched off as it is forced by BES policy.

 

I have connected my Playbook to my PC via USB and copied files to it. Those files were sitting on a portable device on which the password could be turned off by the end user.

 

OWA is another means of getting Company files onto the Playbook, as is using a USB connection. At present I'm not concerned with how the files get onto the Playbook. I need to ensure that they are protected by encryption and a password if and when they get there.

 

So my question is: Is it possible to administratively force a device password on the Playbook?