2

Our BlackBerry servers require a password to be set on the device, all traffic between the devices and the servers is encrypted, and in addition, we have set the devices to be encrypted when locked.

Encrypting the content on the devices when locked has caused a massive degradation in battery life - it's gone from anything up to 4-5 days down to under 24 hours for some.

We also have an issue where individuals who were using Bluetooth to sync their addressbook with the car have lost the functionality making their hands-free systems difficult/impossible to use.

Are the benefits of the device encryption worth the loss in service?

The data on the devices is limited to emails, calendars and contacts. When notified of a loss we can wipe the device remotely and disable its access. All devices are password protected anyway. Even in the event of loss seems to me the risk of data loss is limited.

Does anyone else have experience of taking this decision in your businesses and what approach did you take?

Sam Meldrum
  • 273
  • 4
  • 12

3 Answers3

4

Yes, it's normal for device encryption to reduce battery life in this way.

Does anyone else have experience of taking this decision in your businesses and what approach did you take?

This is a business risk decision, so a server admin would not normally be expected to make it and could be putting themselves in a dangerous position if they did. The technical aspects of the decision are those of usability, performance, effectiveness of encryption, cost, etc, and that info should be presented to someone who can weigh that against the value of information held in email (including attachments), contacts, cached browser content, specific apps, etc. If there's a history of BlackBerrys left in taxis or stolen from homes/hotels, then the likelihood of loss is higher; but unless the information on the device is valuable then the risk overall is probably low, and encryption probably isn't needed.

However, in a smaller company, this decision might be delegated to IT, and to us - so we should apply a thought process like that. Most importantly, document the decision and the reasoning used to get there, so that someone can review it later if needed and understand why it was done.

William
  • 1,158
  • 8
  • 9
2

Yes, it means people can't remove the flash modules and read everything in plain text before you get a chance to wipe remotely. This method has very specifically happened on a number of occasions in the worlds of commerce, government and against individuals.

We do the same for all applicable smart phones, setting as high a level of security as possible may be inconvenient for employees but if it means that secrets are kept that way then many organisations will choose safety over battery life.

Chopper3
  • 100,240
  • 9
  • 106
  • 238
0

Many thanks for the good answers above. We have found a workaround which should solve the bluetooth issue with access to the addressbook. Repeated here for future searchers:

Here's a paper on encryption in blackberry devices:

!When you or BlackBerry device users turn on content protection on BlackBerry devices, the BlackBerry devices encrypt the following user data items:

....

Contacts (in the address book)

All information except the contact title and category

Note: Set the Force Include Address Book In Content Protection IT policy rule to True to prevent the BlackBerry device user from turning off the Include Address Book option on the BlackBerry device. The BlackBerry device permits the Caller ID and Bluetooth Address Book transfer features to work when content protection is turned on and the BlackBerry device is locked."

Sam Meldrum
  • 273
  • 4
  • 12