The Communications and Electronics Security Group (CESG) has published security guidance to enable organisations to safely deploy BlackBerry 10.2.1, Android 4.4 and Chrome OS devices.
The information security arm of GCHQ has revised its rules to assist those working in IT departments on how best to rollout and use these mobile operating systems securely.
The updated guidance is available now on Gov.uk and forms part of the Cabinet Office's End User Device Security Framework. It shows how the platforms can be configured to meet security recommendations and details the threats and other security problems for each of them.
It said the advice aims to "take a balanced approach between security and usability for remote or mobile working devices" by helping to reduce common risks to an organisation's information while still providing flexibility and ease of use.
There is also information on system architectures for deploying the devices. The CESG said the advice was not an endorsement of the platforms and only there to improve the UK's overall cyber security stance.
"Rather than being an 'approval' or 'endorsement' by CESG of any of these products, this guidance helps organisations to understand and manage the risks associated with the different devices, as part of their normal risk management processes," it said.
It added that each platform's virtual private network (VPN) and encryption efforts should be areas organisations should be aware of and manage appropriately.
It said Chrome OS's VPN "has not been independently assured to Foundation Grade, and does not currently support some of the mandatory requirements expected from assured VPNs."
"The VPN can be disabled by the user and some Google traffic is sent prior to the VPN being established resulting in potential for data leakage onto untrusted networks. Without assurance in the VPN there is a risk that data transiting from the device could be compromised," it added.
It also noted similar problems with Android's VPN as well as pointing out the lack of security of SD cards and non-data partitions. Blackberry OS 10.2's VPN and native data encryption also fell short, according to the CESG.
Minor updates have also been made to guidance for iOS 7, Windows 7 and Windows 8.1.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Blackberry revenue falls by 4% as cyber security division takes hitNews Despite this, the company’s Internet of Things (IoT) division increased its revenue by 28% as it attracted new customers from the automotive sector
-
BlackBerry revival is officially dead as OnwardMobility shuts downNews The Texas-based startup is mysteriously shutting down and taking its ultra-secure 5G BlackBerry with it
-
BlackBerry and AWS are developing a standardized vehicle data platformNews Platform will give automakers a standardized way to process data from vehicle sensors in the cloud
-
BlackBerry thwarts mobile phishing attacks with new AI toolsNews The company's Protect Mobile platform alerts users to potential malware before a link is clicked
-
BlackBerry Persona Desktop delivers zero-trust security at the endpointNews New security solution learns user behavior and can take action if there’s an abnormality
-
A 5G BlackBerry phone with physical keyboard is coming in 2021News The business phone to be resurrected with OnwardMobility and FIH Mobile planning a security-savvy enterprise handset
-
The business smartphone is deadIn-depth BlackBerry’s demise signals the end of the business-first handset
-
BlackBerry Key2 review: The best physical keyboard no one asked forReviews Despite the improvements, the flaws of BlackBerry’s Key range are still front and centre
