Australia's Defence Signals Directorate, an agency charged with collecting signals intelligence and educating the rest of the government about security, has green-lit Apple's iOS for use in “classified Australian government communications”. The decision doesn't mean spooks can nip out to a phone shop and start chattering away on …
Disabling apps ...
should be really easy for an Apple device.
Re: Disabling apps ...
Didn't read the link, eh?
users can use their own devices, and put what ever programs they want on it. (I refuse to use the 'A' abbreviation)
We've been using iOS5 based secure comms for almost 2 years now :).
Odd considering iOS5 has only been around for 9 months or so.
Cisco is on iOS v15.1 now
You're right - the "5" was too much, we started this with iOS4..
So the advice (for experienced iOS & Windows admins, who are also familiar with basic networking concepts) boils down to "use a password"?
Oh, and use encryption for classified data (although Apple doesn't do PGP).
Well worth every penny spent on salaries for the endless hours spent in meetings, I'd say.
I always have to laugh with "passwords need to change within 90 days". Don't know the moron who originally has come up with this, but since It has been a requirement in the company I work for, passwords have lost all their value. I know loads of people who just write down their passwords (several systems, all need to be changed, and ALL use different password rules). Some even go as far as having a Post-it on the side of their screen with their different passwords on it...
The password change time should reflect the time it would take to brute force the password while avoiding locking out the account.
i.e. if you can have two failed logins every five minutes for 90 days is that enough attempts to brute force a password corresponding to the password policy.
<insert fanboi erection joke here>
Can't see how the data is encrypted at rest when on an iDevice. Password is useless considering the root password for iOS is well known and you simply need an exploit like a jailbreak to gain the access required. Simple fact is very few mobile devices can offer the protection needed for the higher impact levels.
I've used Good for Enterprise on iDevices as it works in a sandbox of sorts and is isolated from the OS. Only blackberry have an offering that can go above protect to restricted and possibly higher. But then the Australian information levels might be different to the UKs.
Woop dee doo, "Protected" just means keep your voice down a bit whilst talking about it at the pub.
Re: Protected ?
Not really. It means your children’s data, or a vulnerable adult. As a parent I wouldn't want protect information leaked, would you? So it’s not secret, or top secret but the data still needs to be secure.
Out of interest do you work with information at that level or above, I'm guessing so if you're that blasé about the lower levels.
Re: Protected ?
Ah true enough I wasn't thinking about civilian public data which needs to be protected. Mind you, I would worry about the impact of aggregation if you start storing a lot of data on the phone, in the UK this can mean the protective marking gets bumped up a level.
Another concern is the ability to access and modify the data in a secure manner, that is to say the context in which you use a smartphone is often public or semi-public. Casual shoulder surfing of mobile devices seems to be fairly common.
Re: Protected ?
I assume he meant "Protected" as in the specific data classification of that name rather than as a generic term. I believe vulnerable person data would be classed as "Confidential" and therefore be out of scope.
AU has five grades of data confidentiality - Top Secret, Secret, Confidential, Protected, and Unclassified. The iOS guide referenced only covers data classed as either Protected or Unclassified - if you want to use iOS for anything more secret than that and you need to give the Defense Signals Directorate a note from your mum beforehand.
But why choose Apple ?
I mean, Huawei make some damn fine phones these days.