Communication is an important part of our everyday life. We need to talk: about work, confidential business issues, political secrets and our innermost passions. The smartphone has become our tool of choice when we want to share something fast; a fact that is all too well known by a certain industry – one that’s dedicated itself to listening in on sensitive data and information. Secusmart GmbH, based in Düsseldorf, Germany, has come up with solutions which the German government and civil services also work with to fight against electronic eavesdropping.
Smart phones – smart security. That is the motto adopted by the encryption experts at Secusmart GmbH. These smart eavesdropping solutions are the first choice by no less than the German government – and not just because of their practicality in everyday life. The secret behind the latest development of the Düsseldorf security experts is that data and conversations can only be transmitted effectively and safely when high quality protection can be integrated invisibly and simply into everyday use. For the first time ever, SecuSUITE for BlackBerry 10 combines the high standards necessary to meet German government VS-NfD (for official use only) classification requirements, as well as the NATO Restricted security level (which came into effect on the 1st of July, 2013) with the usual comfort and usability, now on a single device. Government and agency employees can switch easily between the highly secure official area and personal, public area with a simple swipe on any standard smartphone. In addition to this important concession to usability, unheard of up until now, the Secusmart technology protects all mobile communication within the framework of business use.
This means that saved information and typical smartphone data, voice, text messaging and secure browsing are protected with secure access to company intranets along with a secure, defined access point to the intenet.
Smartphones Create Gaps in Security
SecuSUITE for BlackBerry 10 was Secusmart’s answer to a recent call to tender by the German federal government. This required the development of a solution which would be able to ensure the security of all data within the scope of mobile communication. The solution should be a “Framework agreement for the supply, installation and operation of a system for secure mobile communication”.
The Procurement Department of the German Federal Ministry of the Interior and the Federal Agency for Security in Information Technology (BSI) commissioned the SecuSUITE for BlackBerry 10 solution, developed by Secusmart GmbH, for security in mobile communication. SecuSUITE for BlackBerry 10 couples comprehensive protection with intelligent design and comfort, and is able to keep pace with an increasingly mobile and flexible lifestyle in line with technological advancements. Today it’s hard to imagine that just a few years ago it was necessary to check your home pc to access your emails. Telephone calls were usually made on a landline telephone at a small table in the hallway or living room. Today, even Angela Merkel, the German Chancellor, writes her messages on an easy to conceal handheld device, sending text or email messages quickly to her colleagues. Politics has moved with the times at the same tempo as in our personal lives. Borders in communication are practically non-existent. This is obviously a big challenge for security managers. Afterall, a lack of data protection in politics could lead to severe consequences.
Espionage is no longer something that is only found in James Bond films as many countries have learned the hard way in recent years. When political secrets become public, a few careless mistakes made in IT security are not at fault. Security management normally needs to be completely and holistically rethought to be able meet the challenges arising from a new, technically-adept generation of spies.
However, security management should not just concentrate on external attacks. Security measures should also include employee awareness training, particularly where it concerns the everyday use of smartphones, to ensure that it is appropriate and secure. Almost everyone has become accustomed to the comfort associated with these little, technical helpers. In everyday smartphone communications, it is no longer easy to separate personal from business use. Talking about personal affairs is just as likely to take place as a conversation about the latest developments and occurrences at work. Gaps in security start when employees don’t understand the risks involved in smartphone use. Although there are sometimes employees who will sell company secrets in worst case scenarios, a lack of loyalty is seldom the reason for serious data loss. Usually, it is an unknown third party who will intercept data or conversations unbeknownst to the employee, or install malicious software at a moment of non-attention, or use a fake identity to get unauthorized information.
Going Through Life Securely
When planning comprehensive security management, governments as well as companies need to keep in mind that the smartphone has become a kind of second place of work. “Bring-your-own-device” is not some passing trend for hip, young companies. It’s pretty normal to take advantage of smartphone efficiency at work – it’s now possible to take care of life’s necessities wherever you are. And yet the people responsible for IT in many companies are still only trying to protect the company’s IT. That is by no means a mistake, but the smartphone – an easy to use, mobile high performance computer – should definitely not be forgotten. When in doubt, the security of stationary pcs should be regarded as the highest priority at least until politically or economically relevant information is passed on carelessly by employees, for example, upon arrival at an airport, where it is there intercepted by waiting third parties.
People responsible for security have real difficulty maintaining an overview of all possible security issues. Just the loss of a smartphone can have serious repercussions, when, according to the law, data can’t just be deleted or accessed from the central server because it might contain personal information as well. In order to be able to ensure simplicity and everyday usability here, SecuSUITE for BlackBerry 10 separates the personal, public area from the high security official area.
By separating these two areas, those responsible for security can access the official profile and the data stored there. The user can access social networks, or talk with their partner about dinner plans, as before in the separate personal area. Up until now, in order to ensure this level of security in official use, it was necessary to have one highly secure device for emails and another one for voice calls. Not a very practical solution, which SecuSUITE for BlackBerry 10 now makes redundant: Facebook, Twitter & Co. can be accessed in the personal sphere. In the official profile, company data can be protected and emails, personal information managers and surfing in the company network are safe against unauthorized third party attempts to access data. That’s how Secusmart became the most important supplier to the German federal government of the secure voice product SecuVOICE which conforms to the current requirements and meets the challenges of both political and commercial companies and departments. The latter has received approval from the BSI, the Dutch NBV, the EU Council on Information Security and NATO for VS-NfD (for official use only) communication.
Responsibility for Security Must be Shared
One of the reasons for the decision to choose SecuSUITE for BlackBerry 10 was that the solution is hardware based. Only this form of mobile security, as opposed to some type of software, can be approved for the VS-NfD security level. For all Secusmart mobile security solutions, including SecuSUITE for BlackBerry 10, all data is encrypted and decrypted in the Secusmart Security Card.
No information can be accessed freely outside of the hardware. In order for the encryption to work, the Secusmart Security card (in Micro SD format) is inserted easily in the appropriate slot in the smartphone. The user is then asked to enter the PIN of their choice. If this request for a PIN does not occur, the user can be sure that the card has been used before and is therefore no longer secure.
Once in operation, SecuSUITE for BlackBerry 10 protects mobile communication in two ways. First the end-to-end encryption of communication, and then the certificate-based authentication of both parties. The first step is for both parties to agree a joint key. The key exchanged between the two conversation parties is authenticated to protect against so-called ‘man-in-the-middle’ attacks. These attacks are attempts to eavesdrop with the help of fake identities, wrong caller numbers and similar methods which usually go unnoticed. The authenticity of the information received as part of the key exchange can be determined beyond doubt, using the digital signature of the root CA. In this way the conversation parties can be absolutely certain of the authenticity of the keys received.
The German Federal Government Takes on the Role of Ínnovator
SecuSUITE for Blackberry 10 offers high class security that promises all-round protection. One would expect big business to be the innovators here. However, it’s the German federal government that is currently state-of-the-art with the newly developed SecuSUITE for BlackBerry 10 solution for mobile security. As a result of the recent call to tenders, the German federal government was able to keep pace with the times and meet the current requirements of secure communication.
Secure mobile solutions such as SecuSUITE for BlackBerry10 are not just available to the government. Anyone can protect themselves with professional technology and still ensure that the user experience is positive. The German federal government has been taking advantages on offer here since 2009. Since the introduction of the new solution at the beginning of 2013, the Düsseldorf security firm has been receiving orders from both politics as well as mid-sized companies, large, and even DAX, corporations. It’s a good sign for the company – after all it’s the highest priority of the German economy not to miss the boat – whether because of previous government measures or advanced technology used in espionage attacks on the part of interested though unauthorized eavesdroppers. [www.secusmart.com]
Founded with a good reason! Dr. Christoph Erdmann and Dr. Hans-Christoph Quelle, Shareholder-managing director.
All photos Source: Secusmart GmbH