news Apple’s iPhone 3G was first released in Australia three and a half years ago, and its flagship iPad tablet 18 months ago. But the Federal Government still hasn’t certified the devices for use in government agencies, despite having pledged to do so by September last year, and despite approving Research in Motion’s unpopular rival, the BlackBerry PlayBook.
The organisation responsible for certifying technology software and hardware for use by government agencies in Australia is the Defence Signals Directorate, which sits within the Department of Defence. Historically the organisation has focused on certifying mobile operating systems from BlackBerry maker Research in Motion and Microsoft.
In July last year, DSD revealed — and the Australian Government Information Management Office confirmed — that DSD was evaluating Apple’s iOS platform, with certification slated to be complete by September last year. At the time, DSD published an interim guide to hardening the security on iOS devices, including the iPod Touch, the iPhone and the iPad.
This week Delimiter queried the Department of Defence on the matter, asking what the current status was of DSD’s project to certify iOS devices, when it anticipated the products would be added to DSD’s Evaluated Products List, and what had caused the delay.
However, DSD did not respond directly to the majority of the questions.
“DSD, as the Commonwealth authority on information security, will continue to produce advice and assistance for technology based on the business requirements of Australian Government users,” the organisation said in a statement. “To do this, DSD works closely with industry partners to enable effective information security options for Australian Government agencies.”
“DSD’s work in evaluating the latest version of the iOS is moving towards the final stage. DSD evaluations take time to complete to ensure the integrity of the product meets the specific security requirements of the Australian government.”
The delay comes despite the fact that Research in Motion’s BlackBerry PlayBook tablet, which was released in Australia in mid-2011, a year after Apple’s first iPad, was in 2011 approved by DSD for Government use. The tablet has failed to take significant market share globally, and is believed to have achieved only a very small share of the tablet market in Australia, with the iPad estimated to have taken somewhere north of 80 percent of Australia’s tablet market.
A number of BlackBerry and Windows Mobile devices were already approved by DSD for government use, throughout 2007 to 2011.
The delay also comes despite the fact that a number of senior government officers, ranging from politicians to public servants, use the iPhone and iPad devices extensively for their daily work. In October, the Department of Parliamentary Services revealed in October last year that it would allow its growing fleet of 40 iPad users to access full desktop and internal IT services under its ongoing pilot of the tablets.
High-profile politicians such as Communications Minister Stephen Conroy and his shadow, Malcolm Turnbull, regularly use Apple iOS devices for their daily work.
In addition, Defence this week declined to respond to a question on whether it had seen any further interest from government stakeholders in certifying the Android operating system, which is believed to have even stronger market share in Australia than Apple’s devices, but has not yet been adopted strongly for corporate use. “The Android platform has not yet been submitted for DSD evaluation,” a Defence spokesperson said in response to a question on the issue in July. “At this time, the use of the Android platform for Australian government business does not necessitate the production of a hardening guide.”
opinion/analysis
The DSD’s certification program has clearly descended into a farcical situation. The organisation has no problem certifying BlackBerry devices which fewer and fewer people are using, but has not yet certified the Apple iPhone for use within Government, three and a half years after it was released in Australia or the Apple iPad, 18 months after it was released locally.
I have no idea what is going on inside DSD, but it’s time the organisation started responding more speedily to the needs of its public service users, who are audibly demanding that they be allowed to use these devices in their everyday life. This is a perfect example of government inaction in action.
Image credit: Apple
They haven’t had time, they’re too busy playing Angry Birds and arguing with Siri.
When the certification cycle is longer then the release cycle for all major mobile vendors, you need to start wondering if you’re doing it wrong :).
As someone who, in a past life, has had to deal with DSD on matters of network hardening, IT security and device certification I can state unequivocally that it’s largely NOT interested in making the APS’ life easier.
We used to refer to them as “The Department of No”.
The certification timeline is, for all intents and purposes, designed to discourage change and innovation.
Tell you right now why it would be taking so so long… apple loves to store all your personal information, your location, what you like to do, what you type fir their “marketing” thus in ut self is a massive security breach that if you read the terms and conditions you agree too, so if you think about a government agency having all that data stored quite possibly in another country that in itself is a massive security threat, and apple being so arrogant wouldn’t change it fir them… Guarenteed
I agree but I think you’ll find that most Smartphones will have the same issues
There are obvious ways to stop Apple storing your info if you’re using an iOS device. I have turned off almost all of the things on my iPhone and iPad which rang alarm bells with me. I’m sure a security professional could do a lot more.
Have you thought the delay might be due to that fact that when you compare security of an iOS (or Android device for that matter) with a BlackBerry there essentially is no comparison.
http://www.pcworld.com/businesscenter/article/249140/blackberry_os_achieves_coveted_government_security_clearance.html
When it comes to security, popularity means nothing. So saying you don’t know why a less popular product (for consumers) takes longer to security certify than a tablet / smartphone designed with security from the start, just shows you don’t understand the underlying technology.
I don’t argue that iOS and Android are great for the consumer, but believe they really don’t have a place in most businesses yet, and certainly not in govt or finance
“I don’t argue that iOS and Android are great for the consumer, but believe they really don’t have a place in most businesses yet, and certainly not in govt or finance”
I liked the rest of your comment, but this sentence is pure bullshit. Adoption rates of iOS and Android by businesspeople in particular has been huge.
Renai, adoption rates are not the same as having a place in business.
Exactly, and the types of businesses that have adopted these either dont have a strong need for security, or if they do, are blind to these sort of events:
http://www.forbes.com/sites/andygreenberg/2011/11/14/hackers-claim-to-reverse-engineer-apples-siri-to-run-on-android-or-other-gadgets/
http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/
http://gizmodo.com/5851435/siris-default-settings-leave-your-iphone-4s-exposed
http://techland.time.com/2011/10/21/ipad-2-smart-cover-exploit-breaks-through-passcodes/
Let me make this clear, from the perspective of an end user within the business: IT is there to serve the business interest, not its own interest.
There is clear business and government interest in having iOS devices as a core part of the workplace, because they have many, many advantages over legacy devices such as BlackBerries and Windows Mobile 6.5 (also on the DSD approved list). Decent mobile web browsing is probably the most obvious one, but enterprise app support (for example, Salesforce.com) is another one.
The business wants what it wants. If these devices are insecure by default, it is the job of the IT department to make them secure so the business can safely use them. If they are impossible to secure (and I do not believe this is the case with iOS), then it is the job of the IT department to say so clearly. However, in any other case, and in my experience this is most cases, the IT department can comply with business needs. It’s just that it doesn’t always like to.
I’m sorry, am I sounding too much like a CIO who has been told by his CEO that he wants iPads for his entire executive team and board, and he wants them now? Well. That must be because I’ve talked to dozens of people like this over the past few years.
Wake up people. You do not have a choice about supporting iOS in the enterprise. And shortly, you will not have a choice about supporting Android.
this x1000
the as someone already mentioned what does popularity of a device with consumers have to do with suitability for secure government or corporate work. Certain products are simply not suitable for some uses.
Greetings from Canada
See my post above about supporting iOS in businesses.
And wake up. IT does not direct business interest. It is the other way around.
I realise that people who don’t know better love to attack soft media targets like the DSD but have you considered the possibility that a “consumer” product which was never designed to provide the user with any particular assurance about it’s ability to handle anything but unclassified information may struggle to get through the rigourous assessment process? Also given the teeny-weeny market that business & government represent to Apple for IOS do you think it could be a very time consuming process getting them to address any issues if they did find any? RIM marketed and designed their products for business / government use, Apple designed and market their IOS products for the mass market.
Sorry, not as much fun as picking on the government is it but probably the reason the pollies still can’t play Angry Birds in cabinet but they probably do anyway.
(don’t forget to keep your tin-foil hat handy)
I can’t say I blame the DSD. I spite of iOS being a tremendously popular consumer product, it has serious security flaws that would make any business or government agency concerned with privacy and sensitive data avoid iOS at all costs. As for the other Australian Government Officials using iOS they are probably dealing with non sensitive data, although we know what a disaster this can be vis a vis the Murdoch phone hacking scandals that seem to multiply by the minute. Google Murdoch’s Database 3 -fun read that also reveals aspects as to the concerns of this article. Simply disabling an iOS device would do little, to meet security standards,major elements of iOS would need to be disabled as well.RIM still remains the OS of choice for many buisineses and governments who value privacy. As for the U.S Armed forces choosing Android , they have the resouces and capabilities to create their own version of Android exclusively for themselves, a private OS, I highly doubt Apple would let them create a private version of iOS.
Comments are closed.