The range of Smartphones in use by government departments could be about to widen after the Communications-Electronics Security Group (CESG) published new guidelines on securing devices from a range of platforms.
Currently, RIM’s BlackBerry remains the only Smartphone platform that meets the CESG’s exacting standards thanks to its long-standing use of messaging and data encryption, and remote wipe facility.
The detail of the new guidelines can only be accessed by users of the Government’s Secure Intranet but is understood to take account of the fact that rival platforms now have some of these features which makes their use possible in some circumstances.
However Computerworld UK understands that the BlackBerry is likely to remain the only device cleared to be used at Impact Level 3, or ‘restricted’ in CESG parlance, thanks to its mature Enterprise management software and BlackBerry Messenger application.
The effectiveness of the end-to-end encryption used on this service was demonstrated last year as a number of countries including India, Saudi Arabia and the United Arab Emirates asked the company for access to its servers in order to monitor some traffic.
About the only significant chink yet found in BlackBerry security was a Russian company than claimed it had found a way of accessing encrypted PC and Mac backups of smartphone data. This use case would not apply in government where backups are centrally managed, however.
As with any smartphone, BlackBerrys also go missing from time to time. Last week the Department of Transport admitted it had lost or had stolen 18 BlackBerrys.
"Information held on departmental laptops and BlackBerrys is encrypted to appropriate HMG standards. All such BlackBerrys reported as lost or stolen are remotely erased,” Under-Secretary of State for Transport Norman Baker was quoted as saying.
The CESG seems to accept that other smartphone platforms have caught up but change is still likely to be slow. The known is always compelling for risk-adverse departments.
“There is a common perception that BlackBerry is more secure than Android or Apple platforms,” commented Tenable Network Security CEO, Ron Gula on news of the softening of the CESG’s stance.
The reality is that BlackBerry does have more enterprise features and controls such as remote kill, email retention, guaranteed message deliver with application and encryption controls. However, while this is important, a lot of it is just details, and we'll probably see some leapfrogging between the various mobile vendors as they get bitten and react.”