6. Solicit info from similar companies who have already implemented what you are looking to implement.
a. Ask about how long they've been using the product for.
b. Find out if they're any pinch points that they didn't foresee.
7. Build a test group of more than just IT staff to test your POC. Take usability information from IT and non-IT staff alike.
1. Assume that all devices treat things like encryption, both on the device and in transit, the same.
2. Give every single person in the company a smartphone. While it may be helpful for people below the executive level employee to have a device, HR needs to be involved to make sure that those users understand that they may/may not be compensated for OT worked while communicating with their smartphone.
3. Deploy devices without understanding what policies you have (or not) enabled and what your risk of data loss is.
Don't just limit your evaluation to "Everybody uses Blackberries we should, too." Good for Technology has a pretty decent application and supports a huge range of devices from Win Mo to certain palm devices (no pre yet) and even the iPhone. The Good for Enterprise application for the iPhone is far better than using ActiveSync, security wise. But, with how the iPhone 3.0 OS is built, the app doesn't really sync messages, contacts and calendar until it's launched. The db backend for the application is slow. But, they're promising an overhauled backend for the next revision. I'm hopeful the version after that will support the network back-grounding features of the iPhone 4 OS.
Also, RIM devices have been really disappointing in their most recent devices. They have really poor reception in most areas. Also the latest device OSes, to my understanding, don't meet the DOD's security requirements. While you may not have DOD level security needs for your devices. It's something to think about in your evaluation.
Also, and I don't mean to hate on RIM, if you actually enable encryption on your blackberry devices. Expect a good amount of lag in working with your device. It's very tolerable, on strong, if you just use it as a messaging device. But, the minute someone puts a microsd card in it and takes some company pictures with it. It slows down very quickly as it has to decrypt the data on the card every time it's unlocked and re-encrypt it every time it's locked.
Overall there are features in the BES admin interface that I feel are lacking, but easily fixed by buying a third-party product like Zenprise or Boxtone. But a lot of that functionality is built into the Good for Enterprise product.
My one recommendation is to avoid ActiveSync. In general I've had very poor results with managing devices using ActiveSync. Granted I've not managed them with a 2007 or later Exchange environment. But, I don't feel that ActiveSync is nearly as robust or well thought out as Good or BES.
Mayank Aggarwal, global threat center research engineer, SMobile Systems
1. From the SMobile Systems Threat Center paper "Man in the Middle Attack": MITM attacks are considered to be a legitimate threat to confidential or private data in the PC side of information security. The testing team has adequately shown that with a mobile laptop in a Wi-Fi network, it is possible to intercept communications between the smartphone and the Wi-Fi hotspot. The testing team was able to perform successful MITM attacks against four different smartphone devices, illustrating that protections provided by SSL can be bypassed and login credentials can be intercepted.