[chinatti]

Hi forum,

I have a friend who was asking about corporate monitoring of personal use of his BB. He works for a big company, and his BB is company provided, on a BES. Apparently he has a new device, and is now able to add BIS accounts, and also install his own apps. He was interested in adding a personal email account (through BIS), and possibly an IM client (like maybe JiveTalk). I run the BES for our company (small installation), and he came to me to ask my opinion. His concern is that he sometimes gets emails from friends that, shall we say, might be a concern as far as corporate policies go. Nothing too serious, but you can imagine what kinds of emails single guys with a large group of single guy friends get...

So my understanding is:

1) BIS email does not go through the corporate/BES system, and therefore would be relatively safe from monitoring. Is that true? Is there any way for the BES to monitor the content of BIS emails? I guess there's always the concern about the company taking the device back, but I'm guessing they would wipe the device anyway if they did that...

2) How about third party apps? Like JiveTalk for instance. My guess is that if the app uses BES/MDS for data connectivity, then the network traffic would route through the normal corporate gateway, which could in turn have monitoring enabled. But, if the app uses BIS for data connectivity, then it would route through the carrier's network, and the corporate network wouldn't be able to monitor that traffic.

Can any of the experts here confirm or deny these assumptions?

Thanks in advance.....

[jibi]

Inbound BIS emails would not be monitored, however outbound BIS emails could be redirected from his corporate account, depending on the policies. The easiest way to test this is to email himself on that BIS account and reply to the email from the device. If it comes from his BIS email configuration, then they don't have any policies enabled; however, if it comes from his corporate email address, then they do.

With that said, some companies have the modernistic understanding that our jobs are demanding enough to blur the lines between business and personal and have adopted policies that take in account the balance we are asked to make. I would recommend he have a look at his company's usage policies for clarification. Honestly, if he's concerned about content of email coming to the device, then I wouldn't bother with configuring a BIS address.

...he could always get a GMail account and use the GMail client on the BB, separate from his BIS/BES emails.

JiveTalk can be configured for BIS usage, which would route through the carrier APN. Most chat applications are like this. However, if it is configured for the BES/MDS, then that traffic will be subject to sniffing, packet analyzation, etc.

The fact of the matter is that if he's in the banking/financial or government sectors, who actually have to comply with a crapload of restrictions and policies, then he may have something to be concerned with. If he doesn't work for these industries (or the few others like them), then the concern is really not warranted.

[chinatti]

Quote:

Originally Posted by jibi

Inbound BIS emails would not be monitored, however outbound BIS emails could be redirected from his corporate account, depending on the policies. The easiest way to test this is to email himself on that BIS account and reply to the email from the device. If it comes from his BIS email configuration, then they don't have any policies enabled; however, if it comes from his corporate email address, then they do.

With that said, some companies have the modernistic understanding that our jobs are demanding enough to blur the lines between business and personal and have adopted policies that take in account the balance we are asked to make. I would recommend he have a look at his company's usage policies for clarification. Honestly, if he's concerned about content of email coming to the device, then I wouldn't bother with configuring a BIS address.

...he could always get a GMail account and use the GMail client on the BB, separate from his BIS/BES emails.

Actually, I guess "BIS account" was a little confusing ... this is indeed a separate account (AOL actually), which he is configuring to poll through the carrier's BIS interface.

As far as the outgoing re-direction, you're basically saying that they could enforce a BES policy that says all outgoing mail MUST be sent through the BES, implying that the outgoing mail would come from his work address, right? If that's the case, then I know they're not doing that, because he has this set up already, and has sent mail to me from his home address from the BB.

Quote:

Originally Posted by jibi

JiveTalk can be configured for BIS usage, which would route through the carrier APN. Most chat applications are like this. However, if it is configured for the BES/MDS, then that traffic will be subject to sniffing, packet analyzation, etc.

The fact of the matter is that if he's in the banking/financial or government sectors, who actually have to comply with a crapload of restrictions and policies, then he may have something to be concerned with. If he doesn't work for these industries (or the few others like them), then the concern is really not warranted.

Yeah, he's in the pharma industry, so I don't believe those types of monitoring policies apply. Other friends in those industries tend to have all those services disabled, due to monitoring requirements, so they don't even have the option of setting these things up....

In general, sounds like he's pretty much safe, or at least reasonably safe. Thanks for the info.

[x14]

Aside from BIS, BES can log SMS and PIN messages as well as call logs.

[KnacK]

Here's my stance and this is what our company policy states.

No personal use of company provided electronics unless expressly authorised.

With that being stated, this prevents a lot of personal use of personal email on your corporate email account, all web browsing goes through the BES, and if you want a web site removed from the filter, send me an email with your request and send a copy to the president. ( never had a non business related request come through)

You just have to be really carefull with using personal email with company assets.

[Dawg]

I am a person who wears the tin foil hat and i would assume they were watching everything and wouldn't want my personal stuff on my corporate device. Just my opinion.