If you are in the position of developing a BES security policy, there are a few basic, common-sense procedures that any BES security policy should implement on a network wide scale. First of all, you need to make sure that the network administrator has full and ultimate control over each individual Blackberry item at all times. A BES security policy is only as strong as its weakest link, so this should include the ability of a network administrator to remotely disable and wipe the hard drive of any handset that may be lost or stolen. This is absolutely essential to protecting both sensitive personal and company data, and should be considered non-negotiable for any BES security policy overall.
Once you have this in mind, go ahead and ask yourself what types of sites or apps your BES security policy should block. There are many undesirable sites, distractions, et cetera that a solid BES security policy should deign to block off the bat, so ensuring that your network administration software of choice is equipped to do so is essential, as well. You should also include antivirus and firewall technology in any basic BES security policy that you decide to implement, and any updates to these software utilities should automatically be downloaded and applied without the consent of any individual network user. This prevents human error from potentially compromising an entire network due to a simple oversight, and keeps the basic tenets of your BES security policy in order.
Keep these points in mind as you survey the web for the right software that can implement your Bes security policy adequately, and compare and contrast your options as carefully as possible. Choose the best BES security policy enforcement software available, and hopefully you should be all set!