Becrypt disk crypto earns first Brit spook kitemark
Trusted ... up to a point
A full disk encryption product has become the first bit of kit to be certified by Brit spooks in their new Commercial Product Assurance scheme.
Covent Garden-based Becrypt's DISK Protect demonstrated good commercial security practice, earning it the official stamp of approval to be used by the UK government and public sector bodies in lower threat environments. The foundation-grade certification earned by Becrypt means the DISK Protect is trusted to safeguard data sensitive enough to earn the classification of "restricted". The technology is not approved for guarding more sensitive "confidential" or "secret" material. Nonetheless the seal of approval will make it easier for Becrypt to sell full disk encryption to public sector organisations.
The certificate was handed out by CESG (Communications-Electronics Security Group), which is part of the UK's snooping centre GCHQ. CESG has evaluated and certified security products for years prior to the introduction of the CPA scheme in April 2011. Under the new regime, CESG and independent test labs evaluate commercial security products against published security standards. Products that meet the foundation or tougher augmented grade get the seal of approval for public sector use. Even augmented-grade certification is only good enough for the protection of "restricted and some confidential data", CESG explains.
The CPA scheme is not just for cryptographic products but also covers any security-enforcing gear - such as firewalls and virtualisation technology. The certification scheme does not cover services, which are likely to fall under a separate assurance scheme, currently under development.
A spokesman for CESG said: “We are grateful to Becrypt and our first test labs – Enex and Siventure – for the interest and support they have given us during the pilot phase of CPA." ®