DSD approves iPhones, iPads for Govt use


news The Federal Government’s security evaluation agency has approved devices running version 5 of Apple’s iOS platform (including iPads and iPhones) for classified government communications, after a lengthy evaluation period and the production of a detailed security ‘hardening’ guide for the popular mobile products.

Historically the Defence Signals Directorate has focused on certifying mobile operating systems from BlackBerry maker Research in Motion and Microsoft. However, in July last year, DSD revealed that it was evaluating Apple’s iOS platform, with certification slated to be complete by September last year. At the time, DSD published an interim guide to hardening the security on iOS devices, including the iPod Touch, the iPhone and the iPad.

A number of senior government officers, ranging from politicians to public servants, use the iPhone and iPad devices extensively for their daily work. In October, the Department of Parliamentary Services revealed that it would allow its growing fleet of 40 iPad users to access full desktop and internal IT services under its ongoing pilot of the tablets. High-profile politicians such as Communications Minister Stephen Conroy and his shadow, Malcolm Turnbull, regularly use Apple iOS devices for their daily work.

In a statement issued late last week, DSD said it had certified the Apple devices to communicate and store classified information up to the ‘Protected’ level. Mike Burgess, Acting Director DSD, said that DSD had been working closely with industry to develop practical instructions for government to securely use the latest technologies.

“Embracing new technologies, such as smart phones and tablet PCs, provides government with a genuine opportunity to conduct its business more efficiently,” he said. “However the threat of government information being stolen or compromised is also very real. DSD is continuously working to help agencies better protect valuable government information, while still enabling them to benefit from the advantages of these devices.”

The iOS5 successfully passed an evaluation using a stringent and intensive security assessment to ensure it met Australian Government information security requirements. The formal security evaluation, which DSD said was the first of its kind for iOS5, covers devices that are owned and managed by Australian government agencies that have implemented specific DSD security advice.
DSD has also produced an accompanying security hardening guide for iOS devices — which can be downloaded for free from its website.

In February, DSD declined to respond to a question on whether it had seen any further interest from government stakeholders in certifying the Android operating system, which is believed to have even stronger market share in Australia than Apple’s devices, but has not yet been adopted strongly for corporate use. “The Android platform has not yet been submitted for DSD evaluation,” a Defence spokesperson said in response to a question on the issue in July. “At this time, the use of the Android platform for Australian government business does not necessitate the production of a hardening guide.”

Finally! It’ll take a while for the theory to become reality, but the door has been opened for the many thousands of public servants and politicians around Australia who are currently carrying two phones — a BlackBerry for work, and an iPhone for personal use — to be able to unify their two worlds.

Australia’s corporate sector has strongly adopted the iOS platform due to the convenience it offers for being able to access information online, and Apple’s devices are also gradually being taken up in Government. However, that take-up has been hampered by the lack of support on the issue from DSD, which hadn’t fully evaluated the platform for government use. This will now gradually change — and just in time. iPads are no doubt the next big corporate deployment for many organisations, including in Government.

DSD’s production of a security hardening guide (PDF) for organisations wanting to deploy iOS devices is also a highly positive move. This guide — which covers a range of areas from suggested device profiles to mobile device management, from encryption to risk management and so on — will no doubt prove to be a useful item in corporate IT managers’ iOS management toolkit in any sector.

Want to know how to protect your corporate iOS fleet? Start with this document. If its recommendations are good enough for classified government information, no doubt they’re good enough virtually anywhere else. We’d love to see DSD produce more guides of this nature to cover other areas in future — with Android perhaps being an obvious target ;)

Image credit: Apple