Feeds

Report: BlackBerry BYOD-ware doesn't pass UK.gov security test

But is 'likely' to in future, says GCHQ

Build a business case: developing custom apps

Update BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG).

The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia."

The Guardian reports a CESG assessment of BlackBerry Balance found it did not satisfy the requirements for "restricted" communications, the basic level of protection recommended for sensitive government information, because data leaked between the supposedly closed BYOD walled garden and the public areas of the phone.

The level beneath "restricted" is "protect", a "sub-national security marking", at which point the UK government asks agencies to apply "best commercial practice" to secure data.

Beyond "restricted" lie "confidential", "secret" and "top secret". Blackberry OS 7.1 was deemed suitable for "restricted" communications last year. Very few ordinary commercial products are certified for levels above Restricted: such information is normally deemed to require the use of special hardware solutions.

The Guardian report says BlackBerry is aware of the problem and intends to re-apply for certification.

Whether or not it succeeds in its attempt to pass the CESG's tests, the news is surely unwelcome for BlackBerry, whose executives are currently circling the globe to talk up the utility and security of the new BB10 operating system.

In Sydney this week CEO Thorsten Heins suggested BlackBerry's strength as a secure carrier of messages makes it an ideal candidate for applications like healthcare in which confidentiality is utterly non-negotiable. Balance also scored a mention as giving BlackBerry the chance to catch the wave of enthusiasm for the concept.

If CESG or other similar agencies around the world find BB10 and Balance are not as secure as their predecessors, that will deny BlackBerry access to a market it may count on as a natural buyer of its products while also damaging its reputation in other markets.

With the Canadian company's financials still less-than-exciting, the resulting dent to its reputation for security would be most unwelcome. ®

Updated to Add

The CESG has issued a statement on the matter, saying:

Discussions with Blackberry are ongoing about the use of the Blackberry 10 platform in government ...

We have a long-standing security partnership with Blackberry, and this gives us confidence that the Blackberry 10 platform is likely to represent a viable solution for UK Government.

Secure remote control for conventional and virtual desktops

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.