CESG approves BlackBerry Enterprise Solution for ‘restricted’ government information

Certified under the CESG's CAPS programme, the product provides secure mobile access to resources such as e-mail, contact and calendar information, internet/intranet browsing, instant messaging and back office services and resources, including the use of third-party software and applications.

But Ron Gula, chief executive at Tenable Network Security, says regardless of platform, the main challenge to mobile security is the vulnerability of mobile data.

Mobile technology is often new and rapidly changing, so the potential for spyware is huge and all smart devices will continue to be a constant security concern now and in the future, he says.

"Smart devices entering the workplace represent a combination of opportunity and threat, so organisations must understand the bigger picture of where information rests and flows within the network," said Gula.

The IT network management environment is only going to become more complex and challenging, both internally and externally, he says, so businesses must ensure that they can see what is happening at every moment.

Gula believes the only way to truly protect systems is through comprehensive network visibility.

Although CESG has approved the BlackBerry Enterprise solution for government use, it is on condition that administrators of the system follow CESG security procedures.

Smartphone risk management guide

The CESG has also published a guide on risk management of smartphones by the UK public sector after consultations with smartphone platform providers.

The guidance, however, is accessible only to government employees with secure intranet accounts, according to The Guardian.

The guidance also applies only to lower-risk situations, which cover large parts of the public sector, but is not applicable for data classified "restricted" or above.

According to CESG, the guide covers systems management and maintenance, configuration settings, architectural advice, user education and awareness training, and information on common risks to mobile working.

The guide also highlights where a significant risk remains due either to a lack of technical or procedural controls to reduce it or heavy reliance on procedural mitigation.

The guide covers products from Apple, Microsoft, Nokia and Research In Motion to enable government organisations to choose the platform that best suits their business needs.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?