Australian government approves Apple's iOS for handling classified info

Posted:
in iPhone edited January 2014


Apple's iPhone and iPad have been approved by the Australian government to be used for storing and sharing classified government data.



Apple's iOS 5 software passed the government's stringent security assessment to gain the approval, the Herald Sun reported on Friday. Mike Burgess, acting director of Australia's Defence Signals Directorate, approved iOS 5 devices to handle secret information classified at the "Protected" level.



The security evaluation for iOS 5 is said to be the first of its kind for Apple's mobile operating system. The approval means government agencies in Australia that have implemented DSD security advice will be able to use iPhones and iPads.



"Embracing new technologies, such as smartphones and tablet PCs, provides government with a genuine opportunity to conduct its business more efficiently," Burgess said. "However, the threat of government information being stolen or compromised is also very real."



Last June, the security experts at Symantec declared that iOS offers more protection than Google's competing mobile operating system, Android. Specifically, iOS was found to have "full protection" against malware attacks, while Android was deemed to have "little protection."











Symantec also found that iOS has greater protection than Android against abuse and service attacks, data loss, and data integrity attacks. iOS was also found to have greater security feature implementation for access control, application provenance, and encryption.



Apple's iOS-based devices have found a growing presence in government as the operating system's security has been vetted by agencies. In one recent, prominent example, the U.S. Air Force expressed interest in purchasing 18,000 iPads for use on cargo aircraft like the C-5 Galaxy and C-17 Globemaster.



[ View article on AppleInsider ]

«1

Comments

  • Reply 1 of 28
    gatorguygatorguy Posts: 24,176member
    Well done. The Aussie government traditionally evaluates RIM and Microsoft software and devices for security needs, but with Apple's iPhone the number one smartphone line in Australia, the pressure was on for iOS to gain some level of approval. As expected they've met the requirements spelled out for them last June.



    Apple is hard to ignore with the impact they've made the past few years and I expect other countries should follow suit in the near future.
  • Reply 2 of 28
    drdoppiodrdoppio Posts: 1,132member
    Good for Apple.



    Quote:
    Originally Posted by AppleInsider View Post


    ...

    Symantec also found that iOS has greater protection than Android against abuse and service attacks, data loss, and data integrity attacks. iOS was also found to have greater security feature implementation for access control, application provenance, and encryption...



    Lol, Symantec...
  • Reply 3 of 28
    Yikes! Could they have used any worse color choices in the rating graphics for those of us who are color blind?
  • Reply 4 of 28
    boeyc15boeyc15 Posts: 986member
    US govt still won't allow govt email on IOS devices.
  • Reply 5 of 28
    sunilramansunilraman Posts: 8,133member
    What about ASIO?
  • Reply 6 of 28
    justflybobjustflybob Posts: 1,337member
    Well at least now there is one government body that actually got something right.
  • Reply 7 of 28
    muppetrymuppetry Posts: 3,331member
    Quote:
    Originally Posted by boeyc15 View Post


    US govt still won't allow govt email on IOS devices.



    Not so. We are using them with Good's enterprise interface to our Exchange servers.
  • Reply 8 of 28
    lkrupplkrupp Posts: 10,557member
    Quote:
    Originally Posted by boeyc15 View Post


    US govt still won't allow govt email on IOS devices.



    Interesting. In a previous post you babble on about how only Android, Microsoft, and RIM products are allowed. A few posts later you claim that only Black Berry devices are allowed on your corporate network. So what happens when RIM goes belly up as it appears to be headed for? And why would the government allow an obvious security risk like Android yet iOS is banned? The Australian government appears able to figure it out.
  • Reply 9 of 28
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by SixPenceRicher View Post


    Yikes! Could they have used any worse color choices in the rating graphics for those of us who are color blind?



    That is pretty bad in this day an age. My dad was red green and I discovered this at a young age while walking with him across a field in which there was a large bull eyeing us. The words "what bull?" have been a source of humor ever since in our family.
  • Reply 10 of 28
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by lkrupp View Post


    And why would the government allow an obvious security risk like Android yet iOS is banned?



    Do some reading other than at AI or other enthusiast sites and you should find out rather quickly that Android isn't an obvious security risk.
  • Reply 11 of 28
    gprovidagprovida Posts: 258member
    Look forward to US Gov't and companies adopting the core iOS5 as a basis to handle sensitive information. I suspect DOD Classified is not really what we are talking about.
  • Reply 12 of 28
    Quote:
    Originally Posted by muppetry View Post


    Not so. We are using them with Good's enterprise interface to our Exchange servers.



    We use them with GOOD as well although we are waiting for FIPS validation of the iPhone and iPad cryptographic modules and we then may use ActiveSync.
  • Reply 13 of 28
    otriotri Posts: 13member
    Quote:
    Originally Posted by Gatorguy View Post


    Do some reading other than at AI or other enthusiast sites and you should find out rather quickly that Android isn't an obvious security risk.



    Yes, and you should check out the state of affairs with keeping android devices up to date. http://theunderstatement.com/post/11...ory-of-support This is what's killing RIM in the enterprise too. The ability to upgrade is part of good security planning.



    - Aaron

    Conquer Mobile

    http://conquermobile.com
  • Reply 14 of 28
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by otri View Post


    Yes, and you should check out the state of affairs with keeping android devices up to date. http://theunderstatement.com/post/11...ory-of-support This is what's killing RIM in the enterprise too. The ability to upgrade is part of good security planning.



    - Aaron

    Conquer Mobile

    http://conquermobile.com



    Consumer updates wouldn't apply to secured devices for classified uses.
  • Reply 15 of 28
    sockrolidsockrolid Posts: 2,789member
    Quote:
    Originally Posted by AppleInsider View Post


    [...] Specifically, iOS was found to have "full protection" against malware attacks, while Android was deemed to have "little protection." [...]



    Google's only reason for dumping Android onto the market is to make money by serving up ads.

    Security and quality are irrelevant to them. Android isn't their product. Consumers' eyeballs on ads is their product.



    Ironic that Google makes 4x as much money from iOS than they do from all of Android.

    That's right folks. 80% of Google's mobile revenue comes from iOS, and only 20% comes from Android.

    Even more reason for Google to not waste time, money, and effort "improving" Android.



    http://www.appleinsider.com/articles...m_android.html
  • Reply 16 of 28
    otriotri Posts: 13member
    Some of the people at Colligo Networks went to Australia to showcase their Briefcase app for iPad, to groups including the government and large enterprise organizations.



    As designers of the app, we had to be fully aware of all aspects of security to lock down the entire system. From securely accessing Sharepoint to making sure all data was immediately put in a crypto locked storage. This got audited by Ernst & Young's security researchers, and even has security in the event of the iPad being jailbroken. Apple's APIs guide you to do the right thing, and I'm glad the Australian government acknowledges the platform's security.



    The end-to-end security has been a real brain twist for organizations. The US government had provisions saying all devices needed security software on top. There was no provision until very recently for a secure platform, however the way iOS has been designed even the Anti-virus guys can't install their software legitimately. There's some very smart Apple security people that explain how it all works. I spent a full day learning about Apple's security infrastructure at Apple Connect 2012 a couple weeks ago, and it was totally worth it.



    I think the BIG WIN is appliance like computing, minimal support costs, on a device that's actually elegant and fun for personal use.



    Cheers!

    - Aaron

    Conquer Mobile

    http://conquermobile.com
  • Reply 17 of 28
    otriotri Posts: 13member
    Quote:
    Originally Posted by Gatorguy View Post


    Consumer updates wouldn't apply to secured devices for classified uses.



    Consumer updates makes it easier to maintain overall system integrity. For Classified data you're thinking of fixed deployments of a standard issue device then passing FIPS 140-2 validation (which takes 6-7 months just to get evaluated). There's only so much you can do to keep a fork of a platform secure. These devices don't have a lot of shelf life, so it's hard to keep security updates rolling with multiple devices. Even more difficult keeping a managed and mandatory update deployments going without potentially wreaking havoc on user data, thus requiring heavy testing before roll-out. Very few organizations have the resources to do that effectively. So, unless you're government your best bet is security via the latest OS updates.



    - Aaron

    Conquer Mobile

    http://conquermobile.com
  • Reply 18 of 28
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by otri View Post


    Some of the people at Colligo Networks went to Australia to showcase their Briefcase app for iPad, to groups including the government and large enterprise organizations.



    As designers of the app, we had to be fully aware of all aspects of security to lock down the entire system. From securely accessing Sharepoint to making sure all data was immediately put in a crypto locked storage. This got audited by Ernst & Young's security researchers, and even has security in the event of the iPad being jailbroken. Apple's APIs guide you to do the right thing, and I'm glad the Australian government acknowledges the platform's security.



    The end-to-end security has been a real brain twist for organizations. The US government had provisions saying all devices needed security software on top. There was no provision until very recently for a secure platform, however the way iOS has been designed even the Anti-virus guys can't install their software legitimately. There's some very smart Apple security people that explain how it all works. I spent a full day learning about Apple's security infrastructure at Apple Connect 2012 a couple weeks ago, and it was totally worth it.



    I think the BIG WIN is appliance like computing, minimal support costs, on a device that's actually elegant and fun for personal use.



    Cheers!

    - Aaron

    Conquer Mobile

    http://conquermobile.com



    FWIW, Android and iOS security has more in common than most here might suspect.

    "First of all let’s start at the similarities with both platforms, and the security features which they both share. Android and iOS both have what is known as traditional access control, basically the method in which users get access to the device and put the device to sleep or lock it. They both also have access control settings to add or remove permissions for applications, meaning users can limit an applications ability to access certain services or data. Something which was surprising to me, was the limited access to the hardware which the two operating systems have. Both platforms contain a number of layers of intermediary software which acts as a go between for the OS and the underlying hardware. Finally, both iOS and Android have built in contingencies to resist web based attacks, should they occur."



    Where comments about Android security come up, it nearly always involves the app market. It's here that iOS has the reputation for keeping users safe from harm, while Android's app markets are made out to be a wild west with viruses and malware around every corner. Recently it's become fairly obvious that Apple doesn't curate their marketplace as heavily as some have assumed. Some of the highest profile Apple apps have been found to be secretly harvesting data that Apple says is off-limits. Either Apple doesn't look hard enough or they chose to ignore some violations. Either way Apple users aren't as immune to apps that do a bit more than they say as they might assume they have been.



    There's a good infographic here that compare the two platforms from a security standpoint:

    http://www.redmondpie.com/android-vs...y-infographic/
  • Reply 19 of 28
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by otri View Post


    So, unless you're government your best bet is security via the latest OS updates.



    - Aaron

    Conquer Mobile

    http://conquermobile.com



    Which is what this article was discussing: Government use in secured environments, not consumer updates.



    I completely agree that the slow or non-existent rollout of timely Google Android updates thru the licensees isn't something for Android users to be proud of.
  • Reply 20 of 28
    ezorroezorro Posts: 11member
    Who would have thought that there would be a need for classified data in Australia?
Sign In or Register to comment.