The English government has essentially placed a stamp of approval on the security of Apple mobile devices like iPhones and iPads. Not a full vote confidence, but "up to and including Impact Level 3" information can be handled on iOS devices, according to CESG, the information assurance branch of GCHQ (the UK's version of the NSA).
There are seven stages of impact levels, with zero being the lowest and six being the highest. The higher the impact level, the more sensitive the data that is being handled: the term alludes to the type of impact the breach of the information would have on businesses. From HMG IA Standard No. 1, Technical Risk Assessment: The successful exploitation of a compromise method by a threat actor will result in compromise of Confidentiality, Integrity or Availability (C, I or A) of an asset. This compromise will have a business impact. The SPF and this Standard ranks business impact on a seven-point (0 to 6) numerical scale. An Impact Level 3 (IL3) allows data classified as "restricted" to be stored on the devices. According to zdnet.com, CESG, the government's IT security arm, has published documents setting out how iPads, iPhones and iPods running iOS 6 can be used to pass on sensitive information. As far as I can tell, Apple devices using an earlier iOS versions would not be approved. Also, it appears that the presence of iOS6 and up is not the sole requirement. In addition to the much ballyhooed update to Apple's mobile operating system, the public sector must build in additional security controls -- something like AlertBoot mobile security solutions, no doubt.
There are seven stages of impact levels, with zero being the lowest and six being the highest. The higher the impact level, the more sensitive the data that is being handled: the term alludes to the type of impact the breach of the information would have on businesses. From HMG IA Standard No. 1, Technical Risk Assessment:
The successful exploitation of a compromise method by a threat actor will result in compromise of Confidentiality, Integrity or Availability (C, I or A) of an asset. This compromise will have a business impact. The SPF and this Standard ranks business impact on a seven-point (0 to 6) numerical scale.
An Impact Level 3 (IL3) allows data classified as "restricted" to be stored on the devices.
According to zdnet.com,
CESG, the government's IT security arm, has published documents setting out how iPads, iPhones and iPods running iOS 6 can be used to pass on sensitive information.
As far as I can tell, Apple devices using an earlier iOS versions would not be approved.
Also, it appears that the presence of iOS6 and up is not the sole requirement. In addition to the much ballyhooed update to Apple's mobile operating system, the public sector must build in additional security controls -- something like AlertBoot mobile security solutions, no doubt.
The move to approve iPhones and iPads for government work, however, may not actually be a sign that Apple devices are secure. According to computerweekly.com, Until now, BlackBerry has been the only device accredited for the use of restricted information by the government’s security arm CESG.The news comes amid mounting concerns over the long-term viability of BlackBerry, which has seen a successive fall in sales.According to Whitehall sources, the government currently has around 20,000 BlackBerry devices in circulation.Peter Sommer, London School of Economics professor and cyber war expert, said the move was a sensible continuity plan, given BlackBerry-maker Research in Motion's (RIM) troubles. Viewed in this light, it could be assumed that the UK government is being forced to look for alternatives to the one device that everyone agrees is stellar when it comes to data security: the BlackBerry. However, it looks like the latest approval is merely a sign of what's being admitted by many in the IT space. Namely, that Apple products have reached a particular point where it has adequate security in place. According to a government spokesperson: We are providing informed risk management and advice and guidance for those in the UK public sector who might be considering deploying iOS. The goal of this guidance is to assist them in effectively managing the risks to sensitive information when working remotely on smartphones. [computerweekly.com] The US has done the same and no doubt the same will occur across the globe.
The move to approve iPhones and iPads for government work, however, may not actually be a sign that Apple devices are secure. According to computerweekly.com,
Until now, BlackBerry has been the only device accredited for the use of restricted information by the government’s security arm CESG.The news comes amid mounting concerns over the long-term viability of BlackBerry, which has seen a successive fall in sales.According to Whitehall sources, the government currently has around 20,000 BlackBerry devices in circulation.Peter Sommer, London School of Economics professor and cyber war expert, said the move was a sensible continuity plan, given BlackBerry-maker Research in Motion's (RIM) troubles.
Viewed in this light, it could be assumed that the UK government is being forced to look for alternatives to the one device that everyone agrees is stellar when it comes to data security: the BlackBerry. However, it looks like the latest approval is merely a sign of what's being admitted by many in the IT space. Namely, that Apple products have reached a particular point where it has adequate security in place. According to a government spokesperson:
We are providing informed risk management and advice and guidance for those in the UK public sector who might be considering deploying iOS. The goal of this guidance is to assist them in effectively managing the risks to sensitive information when working remotely on smartphones. [computerweekly.com]
The US has done the same and no doubt the same will occur across the globe.
Related Articles and Sites:http://www.zdnet.com/uk/ios-6-iphones-and-ipads-get-security-thumbs-up-from-uk-government-7000007100/http://www.computerweekly.com/news/2240170360/Departments-given-go-ahead-to-use-iPhones-for-sensitive-datahttp://www.techweekeurope.co.uk/news/gchq-government-iphone-ios-98641