GCHQ says BlackBerry is safest

BlackBerrys are the only recommended smartphones for handling highly sensitive Government data, according to a GCHQ division.

The UK's National Technical Authority for Information Assurance at GCHQ (CESG) has published smartphone security guidance for public sector workers.

The advice published today covers various phones, including the Apple iPhone, Windows Phone 7 devices, Nokia hardware and BlackBerrys.

Four security procedures documents have been produced, outlining how to best secure any mobile deployment for UK Government departments and organisations on those platforms.

"These security procedures cover architectural issues (such as recommended network layout, recommendations for operational monitoring), configuration advice, user education and training suggestions, and information on residual risks that senior risk owners will need to take into account," a CESG spokesperson told IT PRO.

"The publication of this risk management advice and guidance is intended to ensure all UK Government organisations have access to the information they need to take educated risk management decisions when deploying remote working solutions using smartphones."

CESG worked with the telecoms industry to produce the report on how to secure smartphones for remote working, covering lower risk situations.

The guidance document itself was not available to the press.

CESG claimed the document will help many parts of the public sector work more efficiently and effectively, in turn saving money for the taxpayer.

As for more handling serious data, however, the GCHQ body said the only way was BlackBerry.

"The BlackBerry Enterprise Solution from Research In Motion remains the only smartphone system to have been formally evaluated by CESG and is approved to protect material classified up to and including restricted,'" CESG said.

RIM was unsurprisingly buoyant about that particular comment, as a host of supporters talked about BlackBerry security credentials.

"The BlackBerry platform remains, in my opinion, the leader in this respect, providing the highest levels of assurance without the added cost or complexity of needing to bring third-party software into the equation," said Nick McQuire, director for enterprise mobility at analyst house IDC.

BlackBerry devices are not infallible of course, as the recent Pwn2Own contest highlighted when a Torch 9800 was successfully hacked.

"The reality is that BlackBerry does have more enterprise features and controls such as remote kill, email retention, guaranteed message deliver with application and encryption controls," said Ron Gula, chief executive (CEO) of Tenable Network Security.

"However, while this is important, a lot of it is just details, and we'll probably see some leapfrogging between the various mobile vendors as they get bitten and react."