CESG dishes out security advice for Blackberry, Android & Chrome OS
Advice for organisations from the spooks
The Communications and Electronics Security Group (CESG) has published security guidance to enable organisations to safely deploy BlackBerry 10.2.1, Android 4.4 and Chrome OS devices.
The information security arm of GCHQ has revised its rules to assist those working in IT departments on how best to rollout and use these mobile operating systems securely.
The updated guidance is available now on Gov.uk and forms part of the Cabinet Office's End User Device Security Framework. It shows how the platforms can be configured to meet security recommendations and details the threats and other security problems for each of them.
It said the advice aims to "take a balanced approach between security and usability for remote or mobile working devices" by helping to reduce common risks to an organisation's information while still providing flexibility and ease of use.
There is also information on system architectures for deploying the devices. The CESG said the advice was not an endorsement of the platforms and only there to improve the UK's overall cyber security stance.
"Rather than being an 'approval' or 'endorsement' by CESG of any of these products, this guidance helps organisations to understand and manage the risks associated with the different devices, as part of their normal risk management processes," it said.
It added that each platform's virtual private network (VPN) and encryption efforts should be areas organisations should be aware of and manage appropriately.
It said Chrome OS's VPN "has not been independently assured to Foundation Grade, and does not currently support some of the mandatory requirements expected from assured VPNs."
"The VPN can be disabled by the user and some Google traffic is sent prior to the VPN being established resulting in potential for data leakage onto untrusted networks. Without assurance in the VPN there is a risk that data transiting from the device could be compromised," it added.
It also noted similar problems with Android's VPN as well as pointing out the lack of security of SD cards and non-data partitions. Blackberry OS 10.2's VPN and native data encryption also fell short, according to the CESG.
Minor updates have also been made to guidance for iOS 7, Windows 7 and Windows 8.1.
Shining light on new 'cool' cloud technologies and their drawbacks
IONOS Cloud Up! Summit, Cloud Technology Session with Russell BarleyWatch now
Build mobile and web apps faster
Three proven tips to accelerate modern app developmentFree download
Reduce the carbon footprint of IT operations up to 88%
A carbon reduction opportunityFree Download
Comparing serverless and server-based technologies
Determining the total cost of ownershipFree download