How Armour Comms can provide a turnkey solution for Zero Trust mobile comms – even on BYOD devices
The UK National Cyber Security Centre (NCSC) defines zero trust as “an architectural approach where inherent trust in the network is removed, the network is assumed hostile and each request is verified based on an access policy.”
This is music to our ears at Armour® where, by their very nature, our products and services have been designed for communicating securely in potentially hostile environments. When a network is hostile, security comes from trusting users, devices and services. This means that user identity and authentication become critically important. Something, which in the secure comms space, we have been working on for many years.
Our flagship product, Armour Mobile® uses MIKEY-SAKKE identity-based encryption to secure multimedia services. This enables secure voice and video calls, voice and video conference calls, one-to-one and group messaging, and sending file attachments. The solution ensures that the parties exchanging calls and data are who they claim to be (hence the term “identity-based”). Armour offers several secure communications products with closed user groups, protecting against fake contacts from external hackers. These systems can run on your own servers for total sovereignty for data and metadata.
The MIKEY-SAKKE protocol, which uses identity-based cryptography and is designed to enable secure, cross-platform communications by identifying and authenticating the end points. It is an efficient, effective and NCSC-accredited protocol for building a wide range of secure multimedia services for government and enterprises.
Guidance from NCSC provides eight design principles for implementing a Zero Trust environment. https://www.ncsc.gov.uk/collection/zero-trust-architecture The eight principles are as follows:
1. Know your architecture, including users, devices, services and data
2. Know your User, Service and Device identities
3. Assess your user behaviour, devices and services health
4. Use policies to authorise requests
5. Authenticate & authorise everywhere
6. Focus your monitoring on users, devices and services
7. Don’t trust any network, including your own
8. Choose services designed for zero trust
NCSC states that “When choosing the components of a zero trust architecture, you should prefer services with built-in support for zero trust.” Furthermore, NCSC advises “Using products that utilise standards-based technologies allows for easier integration and interoperability between services and identity providers.”
Moving to a Zero Trust environment will in most cases be a significant undertaking for any organisations. With this in mind, the 8th principle to choose services designed for a zero trust environment makes obvious sense and avoids re-inventing the wheel.
At Armour we have consistently taken a standards-based approach to all design and development and have achieved; ISO27001:2013 registration for the Armour Communications Information Security Management System covering the development and delivery of Armour Mobile, SigNet by Armour® and white-labelled products; and Cyber Essentials Plus for our whole organisation.
Secure by Design and Secure by Default principles are in our very DNA. We’ve been working with the NCSC since our inception to ensure that our products conform to the appropriate industry standards and are designed with the end user in mind. Armour Mobile is used by some of the most security conscious organisations in the world including Governments, defence organisations and financial institutions, while SigNet is used in many enterprise environments and seen as a secure WhatsApp replacement product.
Contact us today to find out how Armour can empower your organisation with secure mobile comms that comply with Zero Trust requirements firstname.lastname@example.org