I’m often asked about the difference between BES and BIS. They both serve the same ultimate purpose: to deliver email (and data) to your handheld in a secure and reliable manner. So what’s the difference?
What is BIS?
BIS stands for BlackBerry Internet Service. It gives your BlackBerry access to the Internet. It’s like an ISP, but for your smart-phone instead of your home computer. Every time your BlackBerry gets an email, or accesses a webpage, it does so through BIS (unless you’re using BES)
BIS Structure Diagram
What is BES?
BES stands for BlackBerry Enterprise Server. It gives your BlackBerry access to a corporate intranet. The intranet is the private, internal, network within a company. It’s kind of like a mini-internet that is cut off from the rest of the world. Many intranets allow you to communicate with the Internet as well, but with added layers of security.
BES Structure Diagram
Both BES and BIS allow your BlackBerry to get email, as well as retrieve webpages and use third-party applications (like WICKSoft Mobile Documents!). All traffic from your phone goes to the BES / BIS server, and then the BES / BIS server communicates with the world on your behalf.
The difference, ultimately, lies in where the server resides and the level of control and security you get.
In the case of BIS, your carrier operates the server. Everything from BIS to your handheld is encrypted, but that’s about the extent of the security features. The carrier can decide what applications run on your phone, and how applications communicate with the Internet.
For BES, your company operates the server, and usually has it sitting somewhere within the corporate network. The IT department controls all aspect of the BES server, and it’s likely sitting in a nice and secure location.
So really, what does this mean?
It’s all about privacy. In the case of BIS, everything operates on a public network. Data from your phone to your carrier is encrypted, but ultimately your carrier is communicating with the Internet, which isn’t exactly the pinnacle of a secure environment. The odds of somebody intercepting your data, or worse, compromising the different systems you access, are much higher. I don’t want to scare anyone though: BIS is typically more secure than accessing the Internet from home using an ISP, and is WAY more secure than using WiFi or BlueTooth.
With BES, most of your data remains in a private, closed network. Your BlackBerry has a secure link directly to the corporate environment, because the BES server is located in the office somewhere. The only way for someone to monitor or intercept your data would be for them to infiltrate your organization.
So think of it like this: In the BIS case, a guy with an envelope (your data / email) is running around New York City trying to deliver the package to you—hopefully you can trust him, and hopefully nobody thumps him over the head and takes the envelope. For BES, the guy delivering the envelope is walking around inside a secure compound, among trusted people who have proper security clearance, and cameras are monitoring his every move as he travels the 50 feet from his desk to your desk.
Wait, there’s more!
I’ve been overly simplistic in my description of BES. BES really does a whole lot more than just fetch email. For one, it acts just like a VPN in the sense that in makes sure ALL data travelling between your BlackBerry and your office is encrypted.
Also, BES provides tools to publish applications, and define how those applications can interact with the phone and the network.
Imagine that you have 500 BlackBerrys in your organization, and you want to install an application (like WICKSoft Mobile Documents) on each of the phones. BES will let you ‘push’ a copy of the application to each of the phones without ever having to physically touch a single device. You don’t have to worry about an end-user making a configuration mistake, or forgetting to install the application. It’s all done automatically, and securely.
BES also lets you remotely wipe and lock a device. This is very useful for those cases where people forget their BlackBerrys in the back of a taxi, or have them stolen.
Not all wireless carriers offer the same level of BIS service. Some of you are unlucky enough to be stuck with one that restricts third-party applications from accessing the Internet. This means that a lot of excellent third-party applications for the BlackBerry are simply unavailable.
With BES there are no inherent restrictions, because your company gets to decide all of these things. Want GoogleTalk to work, but not Yahoo! Messenger? No problem: BES lets your company enable one, and cripple the other.
BIS provides a direct link between your phone and your wireless provider, but after that all traffic essentially goes out over the Internet. Any and all security becomes the responsibility of the BlackBerry application in question, so there are no security guarantees. That said, BIS does a good job at providing Internet and email support and, best of all– you don’t have to set anything up.
BES provides what is essentially a direct link between your phone and your office environment. It’s very secure, flexible, and gives your company control over all aspects of the BlackBerry. There is a certain ‘baseline’ security inherent in all data transactions, and your IT department can always disable your BlackBerry if it’s been compromised.
Smaller companies, or individuals, are well served by BIS—it provides you with almost everything you need. Larger organizations, with their own internal mail systems and other infrastructure, should definitely be using BES.