GCHQ considers iPhone and Android for government use but RIM wins out

Apple's iPhone and Google's Android platform could be edging closer to formal adoption by public sector organisations, although RIM's BlackBerry Enterprise Solution remains the only platform cleared for high security use, according to the latest guidance from GCHQ.

The organisation's National Technical Authority for Information Assurance, known as CESG, has published new smartphone guidelines for the public sector, covering the secure deployment, management and use of platforms including iOS, Android, BlackBerry and Windows Phone 7.

The four documents cover areas including architectural issues, user training and configuration advice, but are accessible only to government employees with Government Secure Intranet accounts.

The guidelines cover a new security level for public sector smartphone use, known as Impact Level 2, referring to use in low threat and low impact situations.

The fact that vendors such as Apple are now being considered alongside long-time favourite RIM shows that even the government is beginning to recognise employee preferences for certain devices, according to Nick McQuire, director for enterprise mobility at IDC.

"Consumerisation is occurring cross-sector in the business environment, but the difference is the constraints that GCHQ needs to honour," he said.

"You can't just bring your iPhone into that environment without thinking of the security overlays and the rigorous compliance requirements that these agencies have."

To this end, RIM's BlackBerry Enterprise Solution remains the only platform certified for use at Impact Level 3, i.e. suitable for handling government information protectively marked 'restricted', the CESG said.

This was certainly the case in June 2010, when health secretary Simon Burns confirmed in response to a question from Labour MP Tom Watson that ministers in his department have been issued with BlackBerrys and that this will be the case for all government departments.

"The only mobile telecoms or personal digital assistant devices that have been issued to ministers of the department are BlackBerrys," he said.

"The department does not issue Apple iPhones to staff as these are not approved for government use by the CESG."

IDC's McQuire argued that supporting non-BlackBerry platforms would not appeal to the government given the requirement for significant further investment in third-party infrastructure to secure the devices.

Robert Rutherford, managing director of IT consultancy QuoStar Solutions, agreed that such platforms are unlikely to find favour in public sector anytime soon.

"I just can't see that GCHQ would have put any real consideration into the iPhone and/or Android for secure communications," he explained.

"There is significant growth in unsecured and difficult to manage devices, entering corporate networks. There's going to be painful lessons to be learnt by those who don't take the threats seriously."