NANOG:RE: [outages] News item: Blackberry services down worldwide
Gabriel.McCall at thyssenkrupp.com
Thu Oct 13 14:21:57 CDT 2011
ActiveSync on Android allows corporate to force compliance with security policy and allow remote wipe. User cannot complete the exchange account setup without permitting the controls. If the user doesn't agree their sync isn't enabled. Moreover, if corporate requirements change sync is disabled until you approve again. That seems like it covers all the bases to me.
Sent from my Verizon Wireless Phone
From: Andrea Gozzi <mls at vp44.net>
To: Jamie Bowden <jamie at photon.com>, Christopher Morrow <morrowc.lists at gmail.com>, Jay Ashworth <jra at baylink.com>
Cc: NANOG <nanog at nanog.org>
Sent: Thu, Oct 13, 2011 17:02:53 GMT+00:00
Subject: Re: NANOG:RE: [outages] News item: Blackberry services down worldwide
Can't but agree with Jamie.
The ability to centralize management for all Blackberry users and _force_
them to comply with company policy (it's an investment bank) saved us lot
of hassle when, and it happens regularly, people lose their handsets.
Otherwise, it would be all unencrypted, unmonitored and unprotected access
points to customer's private data.
Some of our representatives recently switched to iphones, but nobody from
management will ever be allowed anything than a Blackberry.
On 10/13/11 5:55 PM, "Jamie Bowden" wrote:
>> -----Original Message-----
>> From: Christopher Morrow [mailto:morrowc.lists at gmail.com]
>> Sent: Thursday, October 13, 2011 11:36 AM
>> To: Jay Ashworth
>> Cc: NANOG
>> Subject: Re: [outages] News item: Blackberry services down worldwide
>> On Thu, Oct 13, 2011 at 11:13 AM, Jay Ashworth
>> > ----- Original Message -----
>> >> From: "Jamie Bowden"
>> >> Someday either Google or Apple will get
>> >> off their rear ends and roll out an end to end encrypted service
>> >> plugs into corporate email/calendar/workgroup services and we can
>> >> gladly toss these horrid little devices in the recycle bins where
>> >> belong.
>> > I'm fairly sure K-9 does GPG, at least for the email
>> plus normal mail + k9 will do TLS on SMTP and IMAP... or they both do
>> with my mail server just fine. (idevices seeem to also do this well
>> It's possible that the 'encryption' comment from Jamie is really about
>> encrypting the actual device... which I believe Android will do, I
>> don't know if idevices do though.
>As of 2.3[.x?] (can't remember if it's a sub release that intro'd this),
>Android devices can be wholly encrypted, though I don't know if they are
>by default. All these kludges are great on a small scale, but the BES
>does end to end encryption for transmission, plugs into Exchange, Lotus,
>Sametime, proxies internal http[s], and lets us manage policies and push
>out software updates from a central management point. When it works,
>it's also scalable, which matters when you have thousands of devices to
More information about the NANOG