iOS 6 iPhones and iPads get security thumbs-up from UK government

iOS 6 iPhones and iPads get security thumbs-up from UK government

Summary: The UK government's IT security arm CESG has published guidance for the public sector on how to use Apple devices running iOS 6 to share confidential information - and what to do if there are problems with a rollout.

SHARE:

Government security authorities have published details on how public sector agencies should use iOS 6 devices for confidential information.

iPhone 4
The UK public sector now has guidelines on using Apple devices running iOS 6. Image: CNET

CESG, the government's IT security arm, has published documents setting out how iPads, iPhones and iPods running iOS 6 can be used to pass on sensitive information, a spokeswoman for CESG, part of intelligence agency GCHQ, confirmed on Wednesday.

"CESG is currently working on updates and enhancements to a number of our mobile security guidance documents," the spokeswoman said. "As part of this work, CESG has published risk management guidance for iOS 6 devices for protecting sensitive emails - up to and including Impact Level 3 depending on local risk management decisions.

"The guidance is based on existing CESG security procedures for iOS, but includes updated guidance, additional technical controls and improvements to user guidelines to more effectively manage identified risks with mobile working," she added.

The CESG has effectively given iOS 6 devices clearance to carry Impact Level 3 (IL3) information – data deemed 'restricted'. Information handled in the public sector can be one of six impact levels, from unrestricted (zero) to top secret (six).

This isn't the first time that Apple has featured in such guidance – CESG wrote similar documents for iOS 4 in April 2011.

"Our recent publication takes advantage of new security features within iOS, and builds on CESG's increasing understanding of the security properties of this platform," the spokeswoman said.

CESG has also previously published guidance on some BlackBerry, Windows Phone and Symbian platforms.

The guidance documents list the elements that public sector organisations should consider prior to rolling out devices on any of the platforms. These include recommended network architecture for their enterprise services, the provisioning and deployment process for the devices, their configuration and ongoing management, and user guidance and education. The documents also set out the relevant technical and procedural mitigations that can be put in place to help tackle security threats such as device loss.

Topics: iOS, Apple, Government UK, Mobility, Security, EU, United Kingdom

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Big mistake!

    This one might go down in history. But approval for governmental use is NOT the same thing as a security green light or a successful comprehensive security review for iOS devices, and nobody should interpret it in that way.

    In reality, there is simply no great demand for these devices in government:

    "government departments ... bought no iPads at all since the start of 2010"

    http://www.zdnet.com/uk/ipad-inertia-does-apples-tablet-have-a-future-in-whitehall-7000006203/

    So, can you guess who was pushing for iOS devices even to be assessed for governmental use, let alone approved? Apple's powerful corporate lobbying operation, of course. The word "lobbying" in the political context is a euphemism for the subversion of democracy by wealthy and powerful vested interests, ensuring that decisions are influenced by money and power rather than votes.
    Tim Acheson
  • Misleading headline alert

    This story is about the publication of official guidelines and considerations relating to iOS devices, and nothing more.

    This is absolutely NOT a "security thumbs-up" for iOS devices.

    However, I welcome these guidelines. Any fool could bring in an iPhone and try to plug it in somewhere otherwise, and public sector IT needs to be aware of the dangers. Nevertheless, these guidelines leave me with several serious concerns, including their failure to fully address the even greater threat posed by "jailbroken" iOS devices which are easily mistaken for the original device. I hope public sector employees are held properly accountable for any incident.

    http://news.cnet.com/8301-1009_3-57506159-83/apples-ios-and-android-are-new-favorite-malware-victims/
    Tim Acheson
  • What's the matter Tim Acheson?

    Scared that Apple will gain more penetration in the enterprise and governments? Why all the fear of Apple?
    athynz
    • I bet I know where you put your iPhone ...

      Yes, he's probably scared stiff that the UK govt is going to be crippled by people bringing their toys into the workplace.
      Pastabake
  • CESG Guidance is No Green Light for iOS

    Jo,
    Without the detail of the recommendations this article is meaningless. Already its being interpreted as a green-light or as you put it "thumbs up"which in my experience of CESG is definitely not the case.
    What are the architecture recommendations? What do they mean by "on-going management"? If these are are as restrictive as I imagine they will be, past experience tells me so, then they will be impractical on their own. They are also not likely to meet the needs of todays organisations who are already under huge pressure to develop a BYOD policy that works.

    More detail please.
    robert.campbell