Citrix approved by ASD for government mobile communication

Citrix apps are now able to be installed on the mobile devices of parliamentarians following the approval of its Worx Mobile Apps by the Australian Signals Directorate.

The Australian Signals Directorate (ASD) has given approval to government departments in the country to use Citrix Worx Mobile Apps for "protected" level communications on mobile devices.

This approval allows for the secure use of government material offsite on iOS devices, via Citrix secure mail, web, and file sync and share clients, adding to the protected level communications approval it currently holds with its existing XenDesktop, XenApp, and NetScaler platforms.

Mark Hazell, government manager at Citrix told ZDNet his Canberra clients are often very different to the rest of the market.

"Particularly in the defence and intelligence spaces, they might use products in complete reverse to what everyone else uses them for," Hazell said. "For instance, we've got some agencies who use remote access to access external data."

Hazell said the reason for having the likes of the ASD involved is centred on assurance to the end user.

"CIOs and C-level-type people that sign off on these types of solutions want assurance from ASD that they're not doing something that's going to be potentially insecure and opening the department to data theft, which these days is a big issue," he said.

"With the move to the cloud underway and employees demanding to work outside of the office and across mobile devices, government departments can now easily identify Citrix XenMobile as the solution without compromising security."

Ian Curnow, senior manager of productivity sales, enterprise mobility who worked closely with Hazell on attaining the approval, said getting secure data onto a mobile device presents different types of challenges than that of traditional IT solutions.

"The protected level approved product is a platform for securely delivering applications; it allows government departments to get all the benefits of mobile, but still adhere to classifications and standards around that kind of data," Curnow said.

"[The ASD] realise that at an app level, there's such an explosion of applications that it would be difficult for them to go and certify down to the individual product, so they instead focus on the operating system and ensuring there's integrity from the operating system up. So they gave us a set of standards or commands and methods to make the best of the underlying operating system that we had to integrate into our product."

Curnow said the ASD guidelines currently specify only iOS for protected level content, however he said Citrix is currently rolling out the same set of requirements across the other platforms in anticipation of them being added in the future.

For government, the levels of data classification are as follows: unclassified, then protected, secret, and top secret. According to Hazell, most secret types of government systems are not generally connected to the internet; however, if they are, it is in a very limited way.

"I think people should be far more mindful about what they put out on the internet and what could be publicly available," he said. "If there's an opportunity to use the technology which is secure, then use it."

Earlier this month, Prime Minister Malcolm Turnbull found himself scrutinised for his use of private email, fuelling the fire by saying politicians use insecure communication all the time.

"Classified information can only be exchanged through government systems," Turnbull said in a press conference at the time. "Obviously, all members and senators, and ministers, use non-government forms of communication ... for matters that are not classified, that are routine and non-sensitive."

"If you have a talk about the security of different forms of communication, firstly, you shouldn't assume that government email services are more secure than private ones.

"Secondly, I can tell you that text messaging, which is widely used, is the least secure form of communication -- it's unencrypted in transit, and it is unencrypted at rest."

Curnow said it comes down to education.

"I think there's probably a greater need for education, and not just in government, but with people that deal with sensitive information in general in their work; I think there needs to be a greater level of education on secure and non-secure forms of transmission."

Hazell said Citrix has worked with the Department of Veterans Affairs in Australia to wrap their board paper application in a digital method, and has also provided advice to other third party vendors that build mobile applications within government, adding "we wrap them and secure them in our container, basically".