The government is opening up the number of accredited smartphone providers for public sector staff, as pressure...
grows to roll out "bring your own device" schemes across departments.
Blackberry is still the only approved provider of smartphones in the public sector for purposes up to security restrictions at impact level 3 - which covers information that could compromise the workings of government. But Whitehall has begun to open up the market to enable more mobile devices, government IT chiefs and experts have told Computer Weekly.
“Apple and Android are more involved in security discussions than they ever were before,” said Denise McDonagh, director of IT at the Home Office.
“I think we are moving towards getting more trusted end devices, and part of the government’s end-user device strategy should help us in that space. At that point we can be more flexible about letting people use their own devices to do personal and professional work,” she said.
McDonagh added that her department was working on a mobility strategy: “We are looking at giving officers some sort of tablet when they go out into the field in order to access case working applications.” The department intends to run a pilot next September, she said.
GCHQ, the Government Communications Headquarters which is responsible for security approval of IT products, confirmed that it had accredited the use of iPhones in lower risk environments up to impact level 2, but a spokesman said he was unable to comment on relationships with other companies.
Apple has previously refused permission for GCHQ security experts to analyse its software source code, which has prevented use of iPhones and iPads for work involving restricted information.
The End User Device strategy published in October as part of the government’s ICT strategy intends to enable greater flexibility and cost savings in the use of PCs, laptops, thin clients and smartphones in the public sector. It also aims to open up the market to more suppliers of these devices.
"The End-user Device strategy will give public sector workers the freedom to work from any location on any suitable government or non-government device," said Cabinet Office minister Francis Maude in October.
Ken Dalaney, senior analyst at Gartner, said other mobile providers had started to make inroads with the public sector. “Like the commercial sector, public sector is getting huge demand for bring your own device to both cut costs and reduce support for a technology that is ever changing,” he said.
“Blackberry is still the most enterprise-secure by far. However, we hear the government is working with Apple, although less so with Android because of its immaturity at this point. That said, certain vendors using Android's open source model can make Android more secure than Apple while not as secure as RIM. Symbian is a bit in there but fading because of Nokia's direction to Microsoft. Windows Phone 7 doesn't have native encryption which could be a problem for the public sector,” he said.
Traditionally Apple has been reluctant to work with the public sector, added Dalaney. “Apple is a consumer company and wants to be in the enterprise but only on their own terms and that doesn't include high security,” he said.
GCHQ said it was up to each department to decide which IT it uses, and how it is configured to manage their information risk. “Therefore, CESG [the government’s technical security advisor] is not in a position to advise on whether departments plan to use, or are using, the devices,” said the spokesman.
Local government IT chiefs recently told Computer Weekly that central government regulations were preventing councils from deploying bring your own device schemes. Under the Department for Work and Pensions Code of Connection rules local authorities were finding it difficult to implement such schemes, they said.
In April CESG issued guidance for the UK public sector on the use of smartphones, but did not make the details available to the public.