You are in:
CESG guidance on use of smartphones in Government
CESG - the UK's National Technical Authority for Information Assurance at GCHQ - has today published risk management advice and guidance for the UK public sector on the use of smartphones in lower risk situations.
Today's smartphones allow employees to connect back into their corporate networks and work remotely and efficiently. Government cyber-security experts at CESG have successfully worked with major smartphone platform providers on how best to secure their products. The result is guidance for UK Government departments and the wider UK public sector on how to secure smartphones for remote working. The guidance applies to lower risk situations which covers large parts of the public sector. The guidance is not applicable for classified data (‘restricted’ or above).
Covering the majority of the smartphone market, the advice enables the UK public sector to use whichever platform best suits their business needs, confident that they understand the security measures they need to employ and the risks associated with each option. The advice is available for products from Apple, Microsoft, Nokia and Research In Motion.
A spokesman for CESG said: "This is a great example of Government and industry collaborating to ensure that all parts of Government have the tools and information we need to work more securely in cyber space. It will help many parts of the public sector work more efficiently and effectively - saving money for the taxpayer.”
The BlackBerry Enterprise Solution from Research In Motion (RIM) remains the only smartphone solution to have been formally evaluated by CESG and is approved to protect material classified up to and including ‘restricted’. Stephen Bates, UK Managing Director, RIM, said: “Because of the security of our platform, BlackBerry smartphones have been deployed widely in the public sector and we have helped enable public sector organisations to deliver more efficient and effective services as highlighted in our work with the UK police service where we have helped forces save £112m.”
Mobile insecurity
Not everyone is convinced by the security of mobile phones, however. Ron Gula, CEO of Tenable Network Security, said: “When it comes to mobile security, all smartphones and tablets share a common set of challenges: they carry lots of data; they are often riding around in someone's pocket where they can be easily misplaced; they transfer data over a network that can be intercepted; and they run applications that may or may not be well written. Placing important data on a mobile device where it's easy to lose, steal, or rootkit offers the same problem as uncontrolled laptops, only worse.
“This is the case regardless of the mobile platform. There is a common perception that BlackBerry is more secure than Android or Apple platforms. The reality is that BlackBerry does have more enterprise features and controls such as remote kill, email retention, guaranteed message deliver with application and encryption controls. However, while this is important, a lot of it is just details, and we'll probably see some leapfrogging between the various mobile vendors as they get bitten and react.
“With all mobile devices we have a situation where information is everywhere, getting auto-synched, distributed, cached, and downloaded – along with applications being downloaded on to them by the metric jillion, written by who knows who. The technology is often new and rapidly changing, so the potential for spyware is huge and all smart devices will continue to be a constant security concern now and in the future.
“Smart devices entering the workplace represent a combination of opportunity and threat; so organisations must understand the bigger picture of where information rests and flows within the network. The IT network management environment is only going to become more complex and challenging, both internally and externally – so businesses must ensure that they can see what’s happening at every moment before something happens that they weren’t expecting.”
