Feeds

Report: BlackBerry BYOD-ware doesn't pass UK.gov security test

But is 'likely' to in future, says GCHQ

Boost IT visibility and business value

Update BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG).

The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia."

The Guardian reports a CESG assessment of BlackBerry Balance found it did not satisfy the requirements for "restricted" communications, the basic level of protection recommended for sensitive government information, because data leaked between the supposedly closed BYOD walled garden and the public areas of the phone.

The level beneath "restricted" is "protect", a "sub-national security marking", at which point the UK government asks agencies to apply "best commercial practice" to secure data.

Beyond "restricted" lie "confidential", "secret" and "top secret". Blackberry OS 7.1 was deemed suitable for "restricted" communications last year. Very few ordinary commercial products are certified for levels above Restricted: such information is normally deemed to require the use of special hardware solutions.

The Guardian report says BlackBerry is aware of the problem and intends to re-apply for certification.

Whether or not it succeeds in its attempt to pass the CESG's tests, the news is surely unwelcome for BlackBerry, whose executives are currently circling the globe to talk up the utility and security of the new BB10 operating system.

In Sydney this week CEO Thorsten Heins suggested BlackBerry's strength as a secure carrier of messages makes it an ideal candidate for applications like healthcare in which confidentiality is utterly non-negotiable. Balance also scored a mention as giving BlackBerry the chance to catch the wave of enthusiasm for the concept.

If CESG or other similar agencies around the world find BB10 and Balance are not as secure as their predecessors, that will deny BlackBerry access to a market it may count on as a natural buyer of its products while also damaging its reputation in other markets.

With the Canadian company's financials still less-than-exciting, the resulting dent to its reputation for security would be most unwelcome. ®

Updated to Add

The CESG has issued a statement on the matter, saying:

Discussions with Blackberry are ongoing about the use of the Blackberry 10 platform in government ...

We have a long-standing security partnership with Blackberry, and this gives us confidence that the Blackberry 10 platform is likely to represent a viable solution for UK Government.

The Essential Guide to IT Transformation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.