Feeds

Report: BlackBerry BYOD-ware doesn't pass UK.gov security test

But is 'likely' to in future, says GCHQ

Providing a secure and efficient Helpdesk

Update BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG).

The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia."

The Guardian reports a CESG assessment of BlackBerry Balance found it did not satisfy the requirements for "restricted" communications, the basic level of protection recommended for sensitive government information, because data leaked between the supposedly closed BYOD walled garden and the public areas of the phone.

The level beneath "restricted" is "protect", a "sub-national security marking", at which point the UK government asks agencies to apply "best commercial practice" to secure data.

Beyond "restricted" lie "confidential", "secret" and "top secret". Blackberry OS 7.1 was deemed suitable for "restricted" communications last year. Very few ordinary commercial products are certified for levels above Restricted: such information is normally deemed to require the use of special hardware solutions.

The Guardian report says BlackBerry is aware of the problem and intends to re-apply for certification.

Whether or not it succeeds in its attempt to pass the CESG's tests, the news is surely unwelcome for BlackBerry, whose executives are currently circling the globe to talk up the utility and security of the new BB10 operating system.

In Sydney this week CEO Thorsten Heins suggested BlackBerry's strength as a secure carrier of messages makes it an ideal candidate for applications like healthcare in which confidentiality is utterly non-negotiable. Balance also scored a mention as giving BlackBerry the chance to catch the wave of enthusiasm for the concept.

If CESG or other similar agencies around the world find BB10 and Balance are not as secure as their predecessors, that will deny BlackBerry access to a market it may count on as a natural buyer of its products while also damaging its reputation in other markets.

With the Canadian company's financials still less-than-exciting, the resulting dent to its reputation for security would be most unwelcome. ®

Updated to Add

The CESG has issued a statement on the matter, saying:

Discussions with Blackberry are ongoing about the use of the Blackberry 10 platform in government ...

We have a long-standing security partnership with Blackberry, and this gives us confidence that the Blackberry 10 platform is likely to represent a viable solution for UK Government.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.