Feeds

Report: BlackBerry BYOD-ware doesn't pass UK.gov security test

But is 'likely' to in future, says GCHQ

Choosing a cloud hosting partner with confidence

Update BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG).

The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia."

The Guardian reports a CESG assessment of BlackBerry Balance found it did not satisfy the requirements for "restricted" communications, the basic level of protection recommended for sensitive government information, because data leaked between the supposedly closed BYOD walled garden and the public areas of the phone.

The level beneath "restricted" is "protect", a "sub-national security marking", at which point the UK government asks agencies to apply "best commercial practice" to secure data.

Beyond "restricted" lie "confidential", "secret" and "top secret". Blackberry OS 7.1 was deemed suitable for "restricted" communications last year. Very few ordinary commercial products are certified for levels above Restricted: such information is normally deemed to require the use of special hardware solutions.

The Guardian report says BlackBerry is aware of the problem and intends to re-apply for certification.

Whether or not it succeeds in its attempt to pass the CESG's tests, the news is surely unwelcome for BlackBerry, whose executives are currently circling the globe to talk up the utility and security of the new BB10 operating system.

In Sydney this week CEO Thorsten Heins suggested BlackBerry's strength as a secure carrier of messages makes it an ideal candidate for applications like healthcare in which confidentiality is utterly non-negotiable. Balance also scored a mention as giving BlackBerry the chance to catch the wave of enthusiasm for the concept.

If CESG or other similar agencies around the world find BB10 and Balance are not as secure as their predecessors, that will deny BlackBerry access to a market it may count on as a natural buyer of its products while also damaging its reputation in other markets.

With the Canadian company's financials still less-than-exciting, the resulting dent to its reputation for security would be most unwelcome. ®

Updated to Add

The CESG has issued a statement on the matter, saying:

Discussions with Blackberry are ongoing about the use of the Blackberry 10 platform in government ...

We have a long-standing security partnership with Blackberry, and this gives us confidence that the Blackberry 10 platform is likely to represent a viable solution for UK Government.

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.