BlackBerry just got another vote of confidence from a long-time user, the U.K. government. This month CESG, the U.K. government’s national technical authority for information assurance, released updated security guidelines for government agencies and other security-conscious industries that want to use BlackBerry devices.
CESG is the information security arm of the Government Communications Headquarters (GCHQ) and the national technical authority for information assurance in the U.K. (GCHQ is the modern-day incarnation of the Government Code and Cypher School, which produced famed World War II code breaker Alan Turing, popularized in the movie The Imitation Game.)
One of CESG’s jobs is to offer configuration advice for mobile devices it deems secure enough for use by U.K. government employees. It refreshes its findings whenever new versions of these products introduce security improvements.
The new guidelines, End User Devices Security Guidance: BlackBerry 10.3, is an update of CESG’s previous BlackBerry guidelines at OFFICIAL, for OS 10.2. To test OS 10.3’s security features, the group used a BlackBerry Classic running BlackBerry OS 10.3.1 and managed with BlackBerry Enterprise Service 12 (BES 12). The resulting guidelines are designed to help government and corporate users configure their BlackBerry devices for the best balance of security and mobility for both work and personal use.
CESG doesn’t assess mobile device management software; however, once it has assessed the device itself, any MDM software used to manage it is deemed suitable. BlackBerry’s BES12, of course, extends far beyond typical MDM capabilities, managing enterprise mobility across not only BlackBerry devices but iOS, Android, Windows Phone, and Samsung KNOX devices as well.
Assurance: Continuing a legacy
Trust is key to success in mobile solutions. A 2015 survey commissioned by the U.K. government’s Department for Business, Innovation and Skills showed that 90% of large organizations recently have faced security breaches costing them in excess of 1 million pounds in business, fines, and customer confidence. Fifteen percent of the same companies suffered smartphone breaches, up from 7% in 2014.
The BlackBerry brand is synonymous with trust and security. BlackBerry mobile devices were the first to be considered secure enough for use by U.K. government employees. In the U.S., the BlackBerry 10 platform remains the only mobile product to receive Full Operational Capability certification to run on U.S. DOD networks. BlackBerry continually monitors the security landscape and provides innovative security solutions that deter determined attackers. One recent improvement is the advanced data-at-rest encryption model for regulated environments that protects work space data on locked BlackBerry 10 devices. This critical feature helps reduce the overall risk to the platform of being hacked.
The latest guidance–which incidentally also helps organizations comply with requirements for using the government’s high-security Internet alternative, the Public Services Network (PSN)—validates the efforts of BlackBerry and its teams and personnel. The BlackBerry Security Certifications team continues to work with CESG and other government security technical authorities to evolve and increase the security posture of our products, so watch this space for more details of upcoming assurances.