Back in February 2012, Becrypt’s Disk Protect became the first security product to achieve CESG’s new Commercial Product Assurance (CPA) accreditation. CPA is a security certification designed to provide assurance for UK government agencies and departments to use UK commercial products. The scheme is administered by CESG as the UK National Technical Authority (NTA) for information security, with the test process conducted by one of a number of accredited test laboratories. Disk Protect was evaluated by SiVenture (a Cisco company) and accredited to Foundation grade (the only other grade is Augmented, where the testing is undertaken by CESG itself).
To date, Becrypt Disk Protect remains the only CPA accredited security product. Other products currently in evaluation include Sophos’ SafeGuard Enterprise (which also includes full disk encryption), Egress email encryption, Deep Secure’s XML Guard (a web application firewall), and Amulet Hotkey’s Zero Client? (a remote desktop system). These are all being evaluated to Foundation grade, while Becrypt’s Disk Protect is the only product currently being evaluated to Augmented grade.
The value of this scheme has now been proven for both customer and vendor, with HM Revenue and Customs (HMRC) set to save up to £2.4m by opting to use the CPA approach for its disk encryption. HMRC’s head of service design, Stewart Weston-Lewis, explained the background. “We considered a need/use case and believe that the CPA solution is appropriate for these devices where we would have traditionally defaulted to the CAPS solution (CESG Assisted Products Service)... Implementing a CAPS solution was not justified given that the cost would have been £2.4m more and the CPA solution is sufficient for our requirements. CPA does not compromise standards. It balances the security of the product to the risks it is exposed to.”
This is not the first government sale for Disk Protect Foundation. It “is already in use by several government departments,” Keith Ricketts, Becrypt’s global marketing director told Infosecurity. “It is also currently being rolled out at a major financial institution – where a CESG approved solution is highly desirable – but whom we cannot name.”
HMRC still has a tarnished name where it comes to securing personal data. The loss of 25 million child benefit details in 2007 is not easily forgotten. This purchase is not related: “There has already been a huge project within the HMRC in response to that situation to secure all data,” Becrypt explained.
Nevertheless, HMRC’s ‘clients’ can take heart. “Disk Protect provides removable media protection which secures data on removable media such as USB connected storage devices and disks by encryption and password protection,” Ricketts confirmed to Infosecurity. “Part of the solution being supplied by Becrypt also includes the management of data ports.”