Craig Mathias, principal at Farpoint Group, a wireless and mobile advisory firm in Ashland, Mass., says allowing users to buy and configure their own devices "quickly gets intolerable" because it's impossible to make sure that the device firmware, operating system, applications and security are compliant and up to date. Also, he says, most users won't feel comfortable allowing employers to monitor content on it and wipe it clean if it is lost or stolen.
Another game-changer on the Storm is its support for a large, removable data store. Slater says he'll only allow his employees to use the device's expandable memory if it's encrypted.
"This is something we addressed with previous BlackBerry models, but the size of the Storm's media card support makes it even more critical. We have to safeguard the confidentiality, integrity and authenticity of corporate data that's stored there," he says.
David Heit, director of enterprise software product management at Research in Motion Ltd., says the Storm features multiple ways to ensure the security of data on the microSD card, including encryption. "You can also map the card to the device and/or the user so that if it is removed, it can't be read," he says.
Companies that want to use the expandable memory to allow users to carry sensitive corporate assets, such as pricing books, on the device can not only encrypt the card, but also make it read-only. "If someone tried to write to the card, they would need the correct password," Heit says.
Heit recommends that users in legal, health care, financial, and other heavily regulated industries take a careful look at their data protection requirements and apply the appropriate policies to the Storm.
An extra layer
In addition to the policy-enforcement tools already provided in the BES, some companies are choosing to add another layer of security, such as device-level anti-virus or mobile Web gateway servers, to ensure that users aren't visiting sites loaded with malware or leaking data off their devices.
To keep his network from being exposed to threats, Ferguson has deployed Purewire's Web Security Service, a gateway that connects to the BES so that he can monitor, filter, and log his users' mobile browsing.
"We have a very succinct requirement from the state to block all pornography and gambling on the Internet. This means on handhelds, too," he says.
Therefore, he routes all Web traffic from the BlackBerrys through the Purewire proxy server to ensure they aren't looking at inappropriate content or accessing malware-laden sites. "We can show government agency leaders we're logging what's happening on these devices. We also use the Purewire SaaS to prove we're enforcing our acceptable use policies even through social networking and other Web 2.0 tools," he says.
In addition, he can use the logs to see what sites users are attempting to download applications from and add those to his URL blacklist. He adds that using a service is simpler than having to deploy and manage anti-virus software on each device.
If companies address these key areas, Hochmuth says the Storm holds tremendous potential for the enterprise. "For IT organizations that have users who want the coolness factor of the iPhone but had trouble with enterprise integration, the Storm is a good alternative," he says.