NCSC publishes advice for Advanced Mobile Solutions for high-threat organisations

With Cyber UK just a couple of weeks away, the UK’s National Cyber Security Centre (NCSC) has announced new guidance for using mobile devices in high-threat organisations.

In a blog published on 1 May, NCSC outlines its new Advance Mobile Solutions (AMS) risk model, architecture patterns and associated technologies that will allow high-threat organisations to stay connected while ‘on the go’.

It explains how the use of special or hardened mobile phones is expensive and has proven extremely difficult to maintain. We see from anecdotal evidence that people don’t like using them either. However, consumer grade devices can be a realistic alternative, when combined with the AMS model to mitigate as many of the threats as possible.

The starting premise of the AMS risk model is that mobile devices cannot be trusted, and that organisations must assume that a device may be compromised, and that information held on it could be at risk. The risk model goes on to state that core networks and services must be protected, and that sensitive information should not be aggregated in the mobile infrastructure.

The AMS architecture

The AMS architecture enables secure mobile working taking into account the associated risks.  The architecture aims to:

• Protect consumer mobile devices as well as possible.
• Prevent data from being aggregated in mobile infrastructure.
• Provide robust protections for core systems using hardware-based, cross domain technology.

Key elements of the architecture include:

• Protecting the device.
• Protecting data on global networks.
• Protecting the remote access zone.
• Protection for core networks and systems.
• And, assume compromise.

The use of Armour Mobile™ can help in a number of ways from preventing data within the Armour ecosystem being leaked or accessed by other apps on the device; preventing information from being forwarded or shared to unsanctioned individuals; central user management which ensures that only invited people can join a chat group; identity-based encryption that helps to positively authenticate users (combats deepfakes and impersonation-based attacks); and should a device be compromised, remote wipe of all information held in the Armour platform on the device.

Secure mobile is difficult to achieve and it’s certainly not one size fits all.  For more information about Advance Mobile Solutions and how Armour® Comms could help your organisation see us at Cyber UK, 13 – 15 May, ICC, Birmingham Register here: https://www.cyberuk.uk/2024/about