in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

BYOD Mobile Security: UK Government Says Yes To iOS6, iPhones And iPads

The English government has essentially placed a stamp of approval on the security of Apple mobile devices like iPhones and iPads.  Not a full vote confidence, but "up to and including Impact Level 3" information can be handled on iOS devices, according to CESG, the information assurance branch of GCHQ (the UK's version of the NSA).

iOS6 Only

There are seven stages of impact levels, with zero being the lowest and six being the highest.  The higher the impact level, the more sensitive the data that is being handled: the term alludes to the type of impact the breach of the information would have on businesses.  From HMG IA Standard No. 1, Technical Risk Assessment:

The successful exploitation of a compromise method by a threat actor will result in compromise of Confidentiality, Integrity or Availability (C, I or A) of an asset. This compromise will have a business impact. The SPF and this Standard ranks business impact on a seven-point (0 to 6) numerical scale.

An Impact Level 3 (IL3) allows data classified as "restricted" to be stored on the devices.

According to zdnet.com,

CESG, the government's IT security arm, has published documents setting out how iPads, iPhones and iPods running iOS 6 can be used to pass on sensitive information.

As far as I can tell, Apple devices using an earlier iOS versions would not be approved.

Also, it appears that the presence of iOS6 and up is not the sole requirement.  In addition to the much ballyhooed update to Apple's mobile operating system, the public sector must build in additional security controls -- something like AlertBoot mobile security solutions, no doubt.

Less a Vote of Confidence than Spreading Risk?

The move to approve iPhones and iPads for government work, however, may not actually be a sign that Apple devices are secure.  According to computerweekly.com,

Until now, BlackBerry has been the only device accredited for the use of restricted information by the government’s security arm CESG.
The news comes amid mounting concerns over the long-term viability of BlackBerry, which has seen a successive fall in sales.
According to Whitehall sources, the government currently has around 20,000 BlackBerry devices in circulation.
Peter Sommer, London School of Economics professor and cyber war expert, said the move was a sensible continuity plan, given BlackBerry-maker Research in Motion's (RIM) troubles.

Viewed in this light, it could be assumed that the UK government is being forced to look for alternatives to the one device that everyone agrees is stellar when it comes to data security: the BlackBerry.  However, it looks like the latest approval is merely a sign of what's being admitted by many in the IT space.  Namely, that Apple products have reached a particular point where it has adequate security in place.  According to a government spokesperson:

We are providing informed risk management and advice and guidance for those in the UK public sector who might be considering deploying iOS. The goal of this guidance is to assist them in effectively managing the risks to sensitive information when working remotely on smartphones. [computerweekly.com]

The US has done the same and no doubt the same will occur across the globe.


Related Articles and Sites:
http://www.zdnet.com/uk/ios-6-iphones-and-ipads-get-security-thumbs-up-from-uk-government-7000007100/
http://www.computerweekly.com/news/2240170360/Departments-given-go-ahead-to-use-iPhones-for-sensitive-data
http://www.techweekeurope.co.uk/news/gchq-government-iphone-ios-98641

 
<Previous Next>

South Africa Data Security: Reports Of "Sinister" Break-Ins

Small Healthcare Data Security: Neurologist Files HIPAA/HITECH Breach With HHS

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.