I've recently written about five preemptive steps to take before your mobile devices are stolen. Today, I want to focus on the BlackBerry smartphone platform and some of its security capabilities. Make no mistake about it, the BlackBerry OS was designed with security integrated into every aspect of the operating system; we are really only scratching the surface here on some of its user configurable security options.
You can check out the BES Security Technical Overview here (pdf) for an in-depth understanding of how security is handled. Finally, while most of the below features have been around for years, for avoidance of doubt, assume that they reference features available to the new BlackBerry OS 7 devices.
RIM was ahead of its time by its implementation of encryption for device memory, which encrypts its onboard storage memory to defend against attempts to extricate potentially sensitive files. This encryption extends to the removable media card, preventing it from being accessed from a computer. Both device memory and media card encryption can be configured to skip media files so as not to bog down the processor, and is configured under "Encryption" of the Security menu.
To make things even harder for hackers who may have gained physical access to a BlackBerry smartphone and may have advanced tools to dismantle it for unencrypted data that is stored in system RAM, you can enable "Memory Cleaning" under Advanced Security Settings. This will cause the BlackBerry to periodically wipe temporary user data such as the clipboard, encrypted messages and cached data from memory, rendering it impervious to recovery.
One way to initiate a data wipe is from the "Security Wipe" submenu. Users have the option to delete application and user data from the BlackBerry, including user installed applications or the data stored on the media card. The amount of time varies depending on the options chosen, but can take anything from 10 minutes to upwards of an hour due to the intensive data scrubbing process.
The ability to set and enforce an IT policy on a BlackBerry smartphone is doubtlessly its most valued capability by IT departments around the world. Because this feature was designed by RIM to serve enterprise companies, only devices connected to a BlackBerry Enterprise Server (BES) have been benefiting from this. Fortunately, BES-like capabilities can now be partially used by SMB via the Business Cloud Service.
A common mistaken here is the assumption that the IT policy can be deleted by performing a security wipe. This is not true however; an installed IT policy is retained even after a full data wipe, which is an excellent way to protect corporate data assets against theft. The only way to remove an IT policy would be by pushing a new policy from the server, or by performing a "factory reset," which requires a PC and specific know-how.