Posted on

User Success – Are you making the most of Armour technology?

Convincing people to use security products is a challenge.  Employees are often reluctant to change their working practices, especially if it involves any kind of inconvenience. So when you have successfully built the business case, found the product, got budget approval, procured the product and rolled it out to end users – then what? How can you ensure that the product is being used, and can you demonstrate business value, or return on investment?  With security products this is notoriously difficult because if the product is successful at diverting a threat, then there may be no obvious outcome or benefit to the end user.

With this in mind we’re going to be revisiting customer successes that we think will help our clients achieve maximum benefit from their investment in Armour technology.

Secure Note to Self – Provide a great user experience

Evidence shows that the most enthusiastic adoption of Armour Mobile and SigNet by Armour is where it solves a compelling business problem, as well as providing better security. The product must be easy and pleasant to use, and users need to see immediately how it makes their lives easier.

By talking to our many clients about how they are using our products on the ground, we have learnt about some surprising real-world benefits.  For example, SigNet has an extremely useful Note to Self capability – something that once users discover they absolutely love. No more sticky notes, or emails to self, just a voice memo that is completely secure and cannot be eavesdropped or overheard by anyone other than the intended recipient that goes to devices linked to the same account.

Cyber Essentials Plus and BYOD don’t mix – or can they?

Another point worth keeping in mind, if your organisation is planning to undertake Cyber Essentials Plus accreditation, then employees’ unmanaged personal devices (i.e. BYOD) cannot be used to access corporate information, including email.  Employees are generally highly resistant to Mobile Device Management (MDM) solutions on their personal devices, however, by using Armour Mobile all corporate information shared using the app is completely isolated from the rest of the device.  This makes Armour Mobile an extremely viable alternative to MDM which employees are more than happy to use as it does not interfere with their personal apps, while protecting business information. The same device can be used for both personal and business communications. For more information about this read our blog: https://www.armourcomms.com/2022/05/03/protecting-sensitive-comms-on-byod-devices-without-resorting-to-mdm/

In the coming weeks and months, we’ll be sharing different scenarios where our customers have achieved sometimes unexpected benefits from different use cases.  In the meantime, if you have a business problem, get in touch and it may be that someone else has already faced that same issue, and we have the solution ready and waiting.

Posted on

Recall by Armour – Armour Mobile Audit capabilities

Unofficial channels now subject to FoI requests

If you need to audit secure calls, protect evidence, or prove compliance, Armour can help.

A recent ruling by the Information Commissioner’s Office (ICO) (https://www.civilserviceworld.com/professions/article/freedom-of-information-foi-covers-whatsapp-and-other-private-channels-confirms-ico) states that emails and messages between officials and ministers sent from private accounts, including consumer-grade apps such as WhatsApp, are covered by the Freedom of Information (FoI) Act. The ruling aims to deal with the concerns that unofficial communication channels may impede official record keeping and the public record.

 

Keep Professional and Personal Comms separate

Quite apart for the need for government officials and those in public office to remain transparent and accountable, our previous blog entitled: Insider trading, a Russian banker and WhatsApp – the case for Audit  explains the importance of keeping professional and personal communications totally separate, and why organisations should use an enterprise app for business communications. There are many security reasons that consumer-grade apps are unsuitable for professional use, not least that free-to-use apps simply don’t have the features required for use at enterprise level, such as audit.

 

Privacy with an Audit trail

One of the key reasons that many organisations will want to use to use Armour solutions is to maintain complete privacy and security of communications. However, there are instances, when audit functionality is a requirement. We understand that providing the option for an auditor to be able to review sensitive calls after the event is, in itself, a security management conundrum.

 

With Recall by Armour we have solved this challenge

Recall by Armour is available as an additional module to Armour Mobile for on-premises deployments. Designed for organisations in regulated industries Recall provides call audit capabilities for security-conscious organisations that need to be able to prove who said what, to whom, and when.

 

How it works

Armour Mobile and Desktop support an audit capability enabling communication (text, audio) to be captured in its entirety within the centralised audit log, allowing detailed retrospective analysis of all conversations.   Each entry within the audit log is encrypted using keys unique to the user to whom the entry relates, and access to the decrypted content can only be gained when an Administrator with sufficient access rights has access to the audit tools to securely retrieve the key material and perform the necessary decryption tasks.

With Recall, all communications via Armour Mobile are protected and preserved automatically, the user doesn’t need to do anything extra. This supports the NCSC ethos of Secure by Design, making security easy for the end user.

For more information about how Armour Comms can help your organisation preserve, check and interrogate secure and sensitive conversations, contact us today. sales@armourcomms.com

Posted on

Advice from NCSC – Using Secure Messaging, Voice & Collaboration Apps

NCSC recently published a blog containing some great advice about using secure messaging, voice and collaboration apps. https://www.ncsc.gov.uk/blog-post/using-secure-messaging-voice-and-collaboration-apps.  

As the world of work has morphed into one of hybrid working where many people now work partly from home, partly from the office, and often other locations while travelling, so people have adopted messaging and collaboration apps for business use.

However, as many headlines in the press have highlighted, consumer-grade apps are simply not designed nor suitable for business use.  Apart from the fact that none of these apps address the rigours of data privacy legislation such as GDPR, there are some serious security concerns around the wholesale selling or distribution of users’ data and meta-data by the multi-national organisations that own many of the consumer apps.

Here are just some of the issues:

  • User details can be sold to third parties

 

  • Even with end-to-end encryption meta-data can be hacked and compromised

 

  • Your location and who you are talking to can be visible

 

  • There is no management of users – anyone that finds your mobile number could contact you

 

  • User identities are easily spoofed – you can’t be sure who you are in contact with

 

  • Data privacy regulations, like GDPR (and others) are flouted

NCSC spells out exactly what organisations should look for when procuring a secure messaging and collaboration solution that is suitable for business use, and in our White Paper we outline exactly how Armour Mobile meets and exceeds those requirements.

To download your copy, please complete this form:

Posted on

Unity by Armour Secure Conferencing an SC Awards Finalist

We are delighted to announce that Unity by Armour has been shortlisted for an SC Award for Best Communications Security Solution.

Unity is the third Armour product to be a finalist, and it is the 5th year in a row that we have been shortlisted.  Armour Mobile won the award for Best Mobile Security Solution in 2019 and SigNet and Armour Mobile were Highly Commended in the same category in 2021.

 

Enterprise Conferencing that’s more secure and easier to use

Unity by Armour® delivers secure conferencing in an easy-to-use app for mobile and desktop use, with enterprise security features not provided by free-to-use consumer products including a choice of cloud or on-premises installation to ensure data sovereignty. Unity is available in several configurations to ensure the level of security matches the sensitivity of the conversation. Unity combats the issue of ghost callers that may eavesdrop on sensitive conversations by highlighting to all users whether a participant has joined the call via an app, or securely via a browser –browser options often increase vulnerabilities.

Unity extends the Armour ecosystem by working in conjunction with Armour Mobile to provide pre-defined or on-the-fly secure video conferencing, screen sharing and integration with secure chat groups and interconnectivity with trusted unified communications systems.

Unity delivers picture-in-picture and multiple screens, and offers a familiar video conferencing interface, making it easy and intuitive to use.

If your organisation needs a conferencing tool with enterprise capabilities and security credentials to match, call us today to find out more

Tel: +44(0)20 36 37 38 01

Posted on

Protecting Sensitive Comms on BYOD Devices without resorting to MDM

Managing corporate data on Bring Your Own Devices (BYOD) has been a thorny issue for years. Businesses and employees alike appreciate the convenience of people using their own devices, and in fact, the organisation probably doesn’t have much choice in the matter without taking draconian measures. However, protecting sensitive information that finds its way onto unmanaged devices can open organisations up to risk of industrial espionage and even threaten national security, quite apart from more mundane, but nevertheless serious data protection regulatory issues (GDPR being the most obvious).

 

Athletes advised to use burner phones for security reasons

To add to those threats, if people travel abroad they may find their devices compromised by lapses in local security. A recent case in point was athletes and teams taking part in the Winter Olympics in China. Many governments advised people to take burner phones and hire laptops once there, rather than risk their own devices becoming compromised. Full story here: https://www.bbc.co.uk/news/world-asia-china-60034013

Burner phones create additional security issues

This raises an important point, that of the additional complexity posed by the use of burner phones.  Typically they are bought in country, used and disposed of prior to return. These phones, usually Android, for cost reasons, should be considered unsafe because their provenance cannot be certain. Using apps on such phones can create undue risk and uncertainty as they may have been ‘jailbroken’ (modified to remove restrictions imposed by the manufacturer, to allow the installation of unauthorised software) or contain potentially malicious apps from local carriers or distributors.

 

Managing BYOD without MDM

True BYOD devices that are owned by the employee create a different challenge. Employees do not like the fact that their employer might wish to take control of their personal device with a Mobile Device Management (MDM) solution, and so have the ability to restrict the use of the capability of the device e.g. disable the camera. However, the concerns around corporate data being held on a device that is not owned or controlled by the business must still be addressed – something that Armour can do without the need for a full MDM solution.

 

How Armour helps

Armour Mobile and SigNet by Armour provide a mobile comms solution that completely isolates the communications and any associated data, metadata or files (attachments such as documents, images, video clips). All data is encrypted and secured within the app protecting contacts, messages and attachments from malware on the device or if the device is lost or stolen. The ultimate goal is to minimise the organisation’s risk by reducing the residual data held on the device. Armour’s products are Secure By Design, for example technology in the app requires sole use of the microphone ensuring rogue apps are not ‘listening’ in to voice or video calls.

In addition, before the app can be used, the Armour software checks to see if the device has been jailbroken, if so, the user will not be able to use the Armour app.

Armour provides its own viewers for certain types of attachments, so as not to share information with the operating system or third-party viewers, and preventing the user from sharing the attachment (and its sensitive information) outside of the Armour app, thus avoiding the potential for data leakage.

To avoid the use of the public internet and untrusted, insecure networks, the Armour apps can be installed in a variety of ways. Depending on the specific use case requirements this can include via SD card or via a completely closed VPN network (using additional technology from Armour technology partners).

Armour Mobile and SigNet also include many security features within the app to protect against data leakage.  This includes the Message Burn and Disappearing Messages features, where the sender of a message can set it to automatically delete at a set time, either after it has been read, or after it has been sent.  This feature can be deployed as a standard setting across chat groups or communities of users.

In the coming months we will deliver the capability to remote wipe any data held within the Armour app on devices that have been lost, stolen or otherwise compromised and in addition will have the ability to centrally control the length of time messages are available to be accessed on phones.

For more information about how Armour can help you to ensure secure communications even when using BYOD devices, contact us today: sales@armourcomms.com

Posted on

SigNet by Armour v3.3 introduces secure group video calls and upgrades enterprise features to improve licencing and usability

Latest release of Armour’s WhatsApp replacement product extends user management capabilities for easier enterprise deployments and a raft of features for greater user adoption

London, UK, 25 April 2022Armour Comms has announced the latest version of SigNet by Armour®, its enterprise-grade WhatsApp replacement platform. SigNet v3.3 includes enhancements to streamline the administration of enrolling new users, license management and managing groups, saving time for IT and security. The new version also includes many end-user improvements designed to boost user-adoption which in turn increases security around communication of sensitive information. SigNet now supports up to 8 participants on a group secure video call.

David Holman, Director at Armour Comms said; “SigNet by Armour was developed for enterprises looking to increase security around the use of informal messaging and communications apps, and to provide a replacement solution for consumer-grade apps, that staff will be highly motivated to use. The extension of secure video capabilities for up to eight people that can be used from a mobile device or desktop is a significant enhancement that will enable enterprises to mandate the use of SigNet for all business conversations.”

“Every organisation has sensitive commercial information to protect, and this can now be shared securely, and conveniently, with colleagues using SigNet without ever using an email service or consumer app. Users love the ease of use and anonymity of SigNet, where there is no requirement to provide their mobile phone number as their unique identifier.”

Group Management:

Chat groups within SigNet v3.3 have admin account capabilities for configuring and managing the group by adding and removing users, permission control, and appointing new admins.

Licensing

SigNet v3.3 strengthens enterprise licensing, with license expiry messaging and multiple licence support and management. If an employee leaves or is no longer required to use SigNet the license can be redeployed to a new user, similarly if a device is lost or stolen, the license is rescinded and can be re-used. This new feature enables enterprises to more tightly control licenses and the associated costs, particularly for an on-premises implementation.

A new ‘last seen’ facility indicates if a contact is currently online or displays the last time the contact used the application. This is helpful for end-users and enables administrators to identify where licenses are not being used, and therefore not required.

Group Calling

Group audio and video calls are now supported for up to 8 people to be involved in the same call/video at any one time. When first using the feature users are prompted to grant camera and microphone permissions. With three or more participants, users have the option of a grid layout or a view that focuses on the active speaker by simply swiping up or down whilst in a group call.

@Mentions

The @Mentions feature is now supported, simply typing “@” and selecting the name from the picker allows the user to get someone’s attention. People mentioned in this way can quickly jump to the message at the click of a button. Users can set their notifications if they wish to receive an alert when they are mentioned.

Enterprise Benefits of SigNet by Armour

SigNet provides secure comms for voice, text, messaging, video and attachments, with Disappearing Messages (timed deletion of messages sent). All communications including attachments are encrypted using 256-bit AES encryption.

Increasing Security Awareness – Using SigNet encourages a culture of heightened security awareness amongst employees while also protecting user anonymity and privacy.

One-step provisioning – end-users simply download the app, and they can start using it straight away once provisioned by IT using a one-time use QR code.

Strong user adoption rates – the app is so easy and intuitive to use, people like it and are happy to use it.

Anonymity and protection of privacy – users do not need to reveal their mobile number, email address or even full name in order to use the app.

Use across multiple linked devices – the same instance of the app can be installed on desktop, laptop, tablet and mobile, so that information can be shared across devices securely, without the need to use email.

Desktop instance – the app can be used by desk-based employees on PCs and laptops, which is often more convenient than using a mobile device.

Note to Self facility – voice-to-text notes and reminders are held within the app, and can be shared with linked devices.

Ultra secure sharing of information – documents for signature, instructions or commercial details can be shared via SigNet, meaning that the use of email systems or printed sensitive documents can be avoided. Users receive a timestamp when a screenshot is taken of a message they have sent, ensuring they retain full visibility of exactly where information and data has gone.

SigNet by Armour supports IPv6, the latest network communications protocol, enabling calls to seamlessly transition between modern networks.

SigNet is available as a Software as a Service (SaaS) product hosted on Armour’s secure cloud, or as an on-premises installation, and uses a peer-to-peer key management system.

Posted on

Armour achieves Cyber Essentials Plus

Cyber Essentials Plus 

As a cyber security vendor, and an advocate for a Secure by Design approach to developing products and services, we believe that validation by independent third parties is an important process, and one that generates many benefits, not just for ourselves but our customers too.  We are committed to continually improving our internal processes to ensure that they are of the highest quality and stand up to external scrutiny.  We are therefore delighted to announce that we have now achieved Cyber Essentials Plus certification for our whole organisation.

Cyber Essentials is a government backed scheme that helps organisations to protect themselves from a whole range of cyber attacks. There are two levels of certification:

Cyber Essentials, which is a self assessment framework (which we’ve held since 2017)

Cyber Essentials Plus, the higher level of certification which includes additional external technical verification.

More details here: https://www.ncsc.gov.uk/cyberessentials/overview.

We undertook this extra level of certification to provide additional peace of mind to our customers that our internal standards of cyber security comply with industry best practice. In submitting to a thorough and rigorous external verification, we also received feedback, which is a highly valuable part of the process.

Cyber Essentials Plus (CE+) certification is completed annually, and as such, demonstrates our continual commitment to ensure our processes are constantly evolving and improving.  CE+ complements our ISO27001 certification – a proven methodology for ensuring processes are security focused – achieved in March 2021.

Secure by Default is in our DNA

At Armour, Secure by Design and Secure by Default principles are in our very DNA.  We’ve been working with the NCSC for many years to ensure that our products conform to the appropriate industry standards, and are designed with the end user in mind. If a security product isn’t easy to use, then it isn’t a security product (because the end user will simply find something that is easy to use instead).

Cyber Essentials Plus is the latest milestone in our mission to demonstrate that we practice what we preach – our internal processes have been validated as cyber secure. This focus on external certification fosters a cyber-aware environment for our employees so that they are able to deliver great products that are Secure by Design, directly address the real-world challenges of secure communications, and that people enjoy using.

For more about Secure by Default, Secure by Design and the NCSC’s Principles Based Assurance read our blog: The Future of Technical Assurance

Posted on

Market remains strong for Secure Collaboration Tools says Armour Comms

Revenues up 25% year on year as both government and enterprise organisations look to secure mobile comms  

London, UK, 11 February 2022Armour Comms saw strong growth during 2021 with revenues up 25% year on year. Increased sales have been made up of additional orders from existing customers as well as a significant number of new named customers. Channel business has also increased strongly with several new resellers signed during 2021, and relationships strengthened with existing partners such as Samsung, Bittium, Qinetiq, and AmioSec. During the year Armour® achieved ISO27001 certification and a Queens Award for Enterprise: International Trade 2021. At DSEI in September Armour received much interest in the technical preview for its latest innovation, Unity for Armour, a conferencing solution that has many more security features than free-to-use consumer products such as Zoom and Teams, and is easier to use.

David Holman, Director at Armour Comms said; “In 2021 we’ve seen the maturing of the work-from-anywhere (WFX), hybrid working economy. Organisations know that they have cobbled together consumer-grade technology and processes to enable people to work somewhat securely from home.  We are now seeing a groundswell of demand for more permanent, truly secure communications apps that enable people to collaborate securely from any location, including via unknown and untrusted networks.”

In 2021, the company continued to develop its flagship product line Armour Mobile with several new innovations including Unity by Armour, which works in conjunction with Armour Mobile extending its capabilities with secure video conferencing calls. Unity introduces new security features to combat the issues of ‘zoom-bombing’ and ghost (ie. uninvited) callers that may eavesdrop on sensitive conversations. For example, it highlights to all users whether a participant has joined the call via an app, or via a browser – the browser option being far easier to hack/spoof and therefore considerably less secure.

2021 also saw a significant upgrade to Armour Core which now includes support for IPv6, enabling calls to seamlessly transition between modern networks. Many of the enhancements have been incorporated as a result of customer feedback, to make the app easier for users including; migrating to a new device, searching for contacts across all communities within the app, identifying whether the call is video or audio (enhancing security) and the option to mute chat pings when on a call or conference. Armour Core v4 also provides simplified access to call logs for auditors.

Most recently Armour has launched Recall by Armour, which provides an archive and audit function for enterprises in regulated industries such as financial services, legal and healthcare.

SigNet by Armour®, the company’s WhatsApp replacement solution has seen enthusiastic adoption, and has been upgraded to include new features designed specifically for enterprises such as support for QR codes and deep links for one-click provisioning, streamlining the on-boarding of new users, saving time and resource for IT departments.   Based on the well-respected Signal app, SigNet by Armour provides additional security features such as an on-premises option for total privacy and no auditability (as well as the choice of cloud installation), secure groups and allow listing features, and a much improved, highly intuitive user interface.

David Holman concluded; “Despite concerns about the impact of the global pandemic, 2021 has been another strong year for Armour Comms and we expect implementations to ramp up again in 2022 as we fulfil some large government orders. Our channel operations are also going from strength to strength with several partners that operate in specific industry sectors bringing Armour into some interesting and lucrative sectors such as shipping and Ultra High Net Worth (UHNW) families.”

Posted on

The Future of NCSC Technical Assurance

ncsc assurance

The NCSC has now unveiled its vision for the future of assuring high technology products including secure communications systems such as Armour Mobile.  In its recently published white paper NCSC has announced its Principles Based Assurance (PBA).

In a fast-moving, more connected world, assurance needs to cope with the ever-evolving landscape of threats and technologies.  The NCSC has developed a methodology that is more flexible and agile than the previous stance – which focused on specific product versions mitigating each defined threat by a defined means.

Principles Based Assurance enables a very practical approach that aims to set the basic tenets, by stipulating the outcomes – the ‘what’ – and then leave the ‘how’ to be devised by the vendors and suppliers who have expertise in their particular niche.  A pertinent example of this cited in the white paper is that ‘technology cannot silently default to operate insecurely’ – something we’ve seen time and again with consumer-grade communications apps.  By leaving the ‘how’ to the vendor community, the NCSC fosters innovation, a key point highlighted in the UK’s Integrated Review of Security, Defence, Development and Foreign Policy 2021.  It discusses the ambition of equipping our armed forces with cutting-edge cyber capability, which Armour Comms is already involved with through our work with the MOD.

The phrase ‘Secure by Default’ is central to this thinking, where security is designed into the product, without compromising the user experience.  Secure by Default is about taking a holistic approach to solving security problems at their root rather than treating the symptoms – this approach is embedded in every aspect of Armour’s development and service delivery.

Assurance in context

The new Principles aim to provide an assurance framework that takes account of the threats and risks that a given technology is looking to mitigate.  For example, Armour Mobile can be hosted within the Armour secure cloud, or can be delivered as an on-premises solution giving the end-user organisation total control over every aspect of the deployment and usage.  The decision would be made based on the customer’s level of risk appetite.

The principles will cover three key areas:

  • Product design and functionality principles – describing the features a product needs to implement
  • Product development principles – describing how a product should be designed, implemented and tested
  • Through-life principles – describing the security measures that need to happen beyond development

 

The Secure by Default principles as prescribed by NCSC are:

  • security should be built into products from the beginning, it can’t be added in later
  • security should be added to treat the root cause of a problem, not its symptoms
  • security is never a goal in and of itself, it is a process – and it must continue throughout the lifetime of the product
  • security should never compromise usability – products need to be secure enough, then maximise usability
  • security should not require extensive configuration to work, and should just work reliably where implemented
  • security should constantly evolve to meet and defeat the latest threats – new security features should take longer to defeat than they take to build
  • security through obscurity should be avoided
  • security should not require specific technical understanding or non-obvious behaviour from the user.

 

Secure by Default is in our DNA

We’ve been working with NCSC for many years, indeed, our products were CPA certified while that scheme was applicable.  The Secure by Default principle is one that we’ve subscribed to since the early days of developing our Armour Mobile products (based on NCSC’s MIKEY-SAKKE key management) and our SigNet products (using alternative, leading edge cryptography).  With this in mind, we’ve achieved ISO27001 certification – a proven methodology for ensuring processes are security focused.  As well as a security-first approach to ensure that our products meet the requirements of our customers, they are also designed with the end user in mind, since usability is important to ensuring user engagement.  Feedback from our users is that people enjoy using the Armour secure collaboration products and find many more use cases for it than we originally imagined.

 

For more information about how Armour Comms can help your organisation to adopt a more secure approach to communications and collaborative working, contact us today