Category: Blog

Armour recognised in the Tech200 – an annual list of the top 200 fastest-growing technology companies in the public sector

We love to receive an award, and we’ve won our fair share over the years.  However, this one is all the more exciting as we weren’t expecting it.  The first we knew about it was when we were contacted to check our address for the award  – which has just arrived in our mail room.

So not only has Armour Comms been listed in the Tech200, which is the top 200 fastest-growing technology companies in the public sector, we were ranked at 17^th.  The list, now in its second year,  is compiled by Tussell in association with techUK, and is based on data from Tussell’s market intelligence platform.  This means that the ranking is based on, according to Tussell: “…a purely fact-based, unbiased analysis of the fastest-growing tech firms – completely uninfluenced by any sponsors or the interests of individual companies or organisations.”

Read more here: https://www.tussell.com/insights/what-is-the-tussell-tech200-2022

We are naturally delighted to receive this award as recognition of our continued commitment and success in working with UK public sector, and helping to ensure that sensitive communications are kept secure and protected.

Growing markets for secure conferencing and archive and audit products gain traction for Armour Comms product portfolio

London, UK, 31 January 2023 – Armour Comms has completed another successful year which saw an increase in customer orders of 54%.  Armour also further developed relationships with key industry partners, most notably two new major defence contractors.

David Holman, Director at Armour Comms, stated: “Despite a challenging business environment, we have once again improved the financial standing of the company in 2022.
We have seen continued support from existing customers, as well as many new named contracts, including strategic investments from the defence sector.

“We are extremely positive for the coming year as our enhanced product portfolio is gaining traction and with several exciting new developments soon to be announced.  In addition, we have further cemented relationships with partners including two influential defence contractors which will make a significant impact on our ability to deliver large deployments.”

Plaudits for Armour Comms

As well as a financially successful year, Armour has continued to gain increased industry recognition with the following achievements:

• Unity by Armour was named Best Communications Security Solution in the SC Awards.

• Armour Comms was judged a ‘Leader’ in Secure Comms by a prominent industry analyst appearing in the top right hand corner of the analyst’s sector graph.

• Armour Comms was selected for the ‘Scale’ stream of the government-based Cyber Runway accelerator.

• Cyber Essentials Plus was added to Armour’s long list of industry best practice standards achieved

• ISO 27001 maintenance audit passed with flying colours

• Early in January 2023, Dr. Andy Lilly, CTO of Armour Comms was voted onto the techUK Cyber Management committee.

 

Product Innovations

Product innovation continued apace, with two significant product streams added to the Armour product portfolio:

• Unity by Armour – secure conferencing that confirms and safeguards user identity and protects against ‘uninvited’ attendees (zoom-bombing).

• Recall by Armour – archive and auditing capabilities for regulated industries that need to retain proof of communications/conversations, while ensuring that they remain highly secure.

Both Unity and Recall have gained significant traction within the client base.

In addition, major developments for the core products have continued throughout the year, enhancing Armour’s capabilities for large and complex deployments as well as providing a raft of end-user features that provide a truly superior user-experience when compared to consumer-grade alternatives.  Highlights include:

• Armour Core v5.x which includes Kubernetes capabilities and the ability to deploy remotely and at scale for large enterprise users (10,000+ users)

• A technology preview of the new Configuration Management System which provides management of data within the Armour ecosystem, even on BYOD phones, without the need for a MDM solution.

• SigNet v3.x which includes secure group video calls and increased capabilities for enrolling and managing users, making it even more useable for entry-level direct WhatsApp replacements in enterprise environments.

We are delighted to announce that our very own Dr. Andy Lilly has been appointed to the techUK Cyber Management Committee. Andy joins 25 others, all of whom were voted for by techUK company members.  This techUK committee will set the strategic vision and priorities for the Cyber Security Programme, helping the programme to engage with government and senior industry stakeholders over the next two years.

Andy said: “In a hyper-joined up world, effective cyber security relies on collaboration between government, vendors and end-users to provide a good user experience. I’m looking forward to working with the rest of the committee members to make a real difference in cyber security policies and developments that will have a positive impact across all areas of cyber use, in line with our UK National Cyber Strategy.”

For more information about techUK and the other committee members please visit: https://www.techuk.org/cyber-security-programme/cyber-security-management-committee.html

AWS has announced it has closed Wickr Me to new registrations and will phase out the service by the end of this year. AWS’ aim is to move users to a paid for platform. This is unsurprising as AWS will be looking to recoup its (undisclosed) investment in Wickr as it moves into the communications space.

As we’ve extolled many times in the past, free apps should have no place in enterprise communications.  If you want good security, without the risk of your data being mined for marketing purposes or sold on to third parties, then as a business, you should be prepared to pay to ensure you have control of your data.

So far, so good.  However, for many organisations, suddenly being faced with a bill for something that was previously ‘free’ is a catalyst for all sorts of budget and procurement conversations. If something is ‘free’ people are generally prepared to put up with issues, however, when paying for a service, you might as well get something that is as good as it can possibly be for the budget spent.

Analyst reviews indicate that AWS/Wickr Enterprise, while flexible, lags behind other comparable products for both manageability and features.

With published prices starting at $5 per user per month for a basic package, rising to $15 per user per month for a more comprehensive service, and a ‘please call for more details’ message for on-premises options, Wickr is no longer a cheap option.  Indeed, we have been approached by several organisations who have been quoted eye-watering amounts for continued use of the service.

Armour Mobile and SigNet by Armour provide a range of options suitable for most use cases, at about half the cost quoted to some security conscious organisations we’ve heard about, while still providing data sovereignty and supporting compliance with GDPR.

For more information about how to plan your organisations migration from Wickr contact us today.

How to make a standard mobile secure enough for business use even when handling sensitive information and intelligence.

As Dan Sabbagh rightly points out in his article in the Guardian on 30 October 22, “mobiles are inherently insecure”. He also opens with the very sensible line: “We may never know just what happened with Liz Truss’s mobile, but it’s clear that ministers need to up their security game.” https://www.theguardian.com/technology/2022/oct/30/liz-truss-mobile-inherently-insecure-surprise-british-politicians-ministers-security

Another security foul-up

This most recent high profile ‘security foul-up’ story is yet another reminder, if we needed any, that everyone relies on their mobile phones, and with familiarity comes contempt. Contempt for security and privacy, of our own data as well as business information, and in this example, information that could affect national security.

Furthermore, it has been widely reported, including by the BBC: https://www.bbc.co.uk/news/uk-politics-63442813, that something happened during the summer when Liz Truss was Foreign Secretary, necessitating a new phone number and a replacement government-issued handset. And if you’re a world leader who can’t be separated from your personal phone because you’re tweeting all the time, then the potential security concerns are pretty obvious, as we outline in this blog for a couple of years ago: https://www.armourcomms.com/2018/06/05/ss7-vulnerability-still-going-strong-near-the-white-house/

In fact, calls and other communications involving classified or sensitive data CAN be made safe on ordinary mobiles using appropriate software. Although, if the user is deliberately subverting security, or determined to leak data to malicious actors or commercial competitors, security has a much tougher job.

Securing comms on standard mobile phones – it CAN be done, quite simply

For everyone else, apps like Armour Mobile (or SigNet by Armour) can enable secure comms via a standard phone. Something that most business-people, and presumably most ministers/politicians would prefer, as it avoids the need to carry two phones.

Great user experience – fast to deploy

As well as providing a user experience every bit as engaging as a consumer-grade app, Armour Mobile is Secure by Design and Secure by Default, based on our many years of working with the UK’s National Cyber Security Centre (NCSC). It is easy to download from the appropriate app store, and user provisioning (set-up) is controlled centrally, so that only invited, known, trusted (or indeed, vetted) users can join a community.  This is in stark contrast to a consumer app, which anyone can use, and if you know someone’s mobile number, you can contact them – opening the doors wide for a whole range of phishing and social engineering attacks.

Be certain who you are talking to

All communications via Armour are protected within the app, and can only be shared with trusted colleagues in the same or a federated allow list (community of known users), ensuring that users are communicating only with who they intended to communicate with. (This blog explains just how easy it is to spoof a call, and what you can do to prevent it: https://www.armourcomms.com/2018/02/27/are-you-talking-to-me/)

Using Armour Mobile, people, including ministers, are able to share sensitive documents and have privileged discussions, safe in the knowledge that their conversations will remain private. Details of all communications, be they voice, video, message or attachment, including associated meta-data are stored securely, preserving data sovereignty.

Engaging bolt-ons – Secure collaboration

In addition, Armour Mobile also has some useful bolt-ons that enable secure collaboration, such as Unity by Armour for secure conferencing and Recall by Armour for audit and archive. Again, all data is held within the app and on designated servers either on a secure cloud, or on-premises, ensuring that you know where your sensitive data is held at all times.

There’s really no excuse for using insecure, easily hacked, easily spoofed consumer-grade apps for sensitive business communications. If people in your organisation are still using consumer communication apps for business, it’s time to contact us and start the clean-up operation.

Sales@armourcomms.com

Part of TechUK Cyber Security Week

Dr. Andy Lilly, CTO of Armour Comms, explains how secure comms is vital for proving identity when exchanging sensitive / valuable information

The first few weeks of a new prime minister has shown the importance of getting communications right, be that the message, the media or the timing. In business, the speed that negatively received messages can go viral has been supercharged by social media. Now think of the potential issues if those communications could be hacked, tampered with, or faked.

The rise of deepfake technologies capable of manipulating video and audio into totally believable corporate communications means it is increasingly critical to know that you are communicating with the person you think you are.

Deepfake fraud is here, now

There are an increasing number of real-world examples of ID fraud and deepfake scams. Over three years ago the Head of a UK subsidiary was tricked into transferring €200,000 to a Hungarian supplier on the instructions of the CEO of the German parent company. In reality, the conversation took place with an artificial intelligence (AI) equipped criminal gang using deepfake software to mimic the German Chief Executive’s voice patterns.

The software was able to perfectly impersonate the voice, including tone, punctuation and German accent, completely fooling the head of the UK subsidiary. The call was also accompanied by an email, supposedly from the CEO reiterating the payment instructions.

It’s no longer enough for organisations to protect sensitive corporate information and intellectual property, such as pricing, product formulas, research, customer lists, etc. It is vital that identities are also safeguarded and remain trustworthy.

Can you really trust video and audio?

Although we have seen deepfakes imitate celebrities and public figures in video format, it’s an endeavour that still takes hours of footage to achieve. Being able to fake voices convincingly takes fewer recordings to produce and with greater computing power will become easier to create. It begs the question can voice recognition be relied on as an accurate form of identity verification?

In the future, deepfake audio fraud is likely to be highly exploited in criminal activity. As the technology continues to evolve, it will become increasingly difficult to distinguish real audio from fake. If you want to ensure authentication of identity you need to use a seriously secure mobile comms service.

Help is out there

Solutions such as Armour Mobile use MIKEY-SAKKE identity-based encryption to secure multimedia services. This enables secure voice and video calls, voice and video conference calls, one-to-one and group messaging, and sending file attachments. The solution ensures that the parties exchanging calls and data are who they claim to be (hence the term “identity-based”). Armour offers several secure communications products with closed user groups, protecting you against fake contacts from external hackers (these systems can run on your own servers for total sovereignty for data and metadata).

The MIKEY-SAKKE protocol uses identity-based cryptography and is designed to enable secure, cross-platform communications by identifying and authenticating the end points. It is an efficient, effective and NCSC-accredited protocol for building a wide range of secure multimedia services for government and enterprises.

Get prepared… now

Deepfake scams may well have arrived but there are proven tools to identify the real from the fake. These help prevent fraudulent activity by enabling secure collaboration between trusted colleagues. Communications can be conducted within a closed user group and only trusted parties added to the system can call and message others. So, when discussing commercially sensitive information such as corporate intellectual property, financial transactions, and customer details, you need to know you can trust your communications.

Prepare your organisation now. The fakes will only become better as AI advances. If trust evaporates, business will become untenable.

For more information about MIKEY-SAKKE visit:  https://www.ncsc.gov.uk/articles/using-mikey-sakke-building-secure-multimedia-services or: https://www.armourcomms.com/

Part of TechUK Cyber Security Week

David Holman, Director of Armour Comms explains why an independent secure comms channel is particularly crucial when recovering from a cyber attack

Cyber threats are wide ranging

Every enterprise, great or small; every public sector organisation, national or local has sensitive information crucial to operations. It is imperative that this is protected. From customer lists, to employee data, corporate intellectual property and commercial secrets, a cyber breach could prove catastrophic.

The UK Government’s Cyber Security Breaches Survey 2022 updated in July provides a snapshot of the cyber threats faced by UK organisations each year. 39% of organisations identified a cyber attack, and of these 83% were phishing attempts. One fifth were sophisticated attacks including denial of service (DDOS), malware, ransomware etc. A third of businesses are attacked every week. One ray of sunshine is that 80% of boards recognise that cyber security is an important issue.

Are your communications about attacks secure?

Secure mobile communications play an increasingly important role in protecting sensitive data every day. Less well understood is their role in effectively responding to, and recovering from, cyber attacks. It is imperative that a secure comms channel can be used for the organisation to communicate without the hackers potentially eavesdropping. Don’t rely on the very channels that have just been hacked, because your adversaries will be monitoring them.

Are the hackers listening in?

It is very common when hackers have compromised a system for them to watch for the responses from the IT resources tasked with countering their attack. Typically this includes monitoring and subverting any communications channels the IT team are using, including voice calls, email or messaging apps. It is not unusual for hackers to send spoof messages to try to assess just how well the IT team understands the nature of the attack, to capture updated passwords or other changes to security, and prevent key security messages from being delivered.

During the initial investigation phase of a cyber attack it is difficult to know what systems have been compromised, so it is best not to rely on any of them, if possible.

Safeguard your comms with an independent secure channel

By protecting the communications of the IT and digital forensics team, you are blocking a very useful source of information from being intercepted or modified by the hackers. In addition, by using a secure communications platform, such as Armour Mobile or SigNet by Armour, and having the secure comms hosted by a third party, you are further isolating the IT team’s comms from the potentially compromised systems that they are trying to recover.

Even on BYOD devices

In addition, enterprise-grade secure communications apps like those provided by Armour Comms can also be used on BYOD devices. All information is sandboxed within the Armour app, meaning it can’t be shared, deliberately or otherwise, with anyone other than trusted colleagues in the same secure group, keeping sensitive information protected. After the incident has been dealt with, information can be securely wiped.

For third party ‘blue teams’ brought in to handle such hacking situations it makes perfect sense for them to bring their own secure comms solution with them – and this is a question that you should be asking any would-be supplier when tendering for such services.

Armour is now working with a number of organisations that can provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance, to incident management and response, and technical security research.

Of course, Armour’s apps can also protect all your organisation’s sensitive communications, from the board room to protecting your teams when travelling overseas.

 

Regulated industries need to introduce secure comms with audit and archive to reduce risk of fines and take back control of data

Eleven of the most powerful financial services businesses have been fined nearly $2bn for failing to meet record keeping regulations due to communications using unauthorised and unmonitored channels. The fines were levied by the US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC).

As well as the fines, the firms involved are also subject to cease and desist orders. Read the full story here:  https://www.bbc.co.uk/news/business-63056677   

“Finance, ultimately, depends on trust. By failing to honour their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust,” said SEC chair Gary Gensler.

Bankers are losing their jobs

The investigations, which have been ongoing, and first made public last year, rocked Wall Street when some bankers lost their jobs (see our previous post about JPMorgan Chase). The regulators concluded that the use of off-channel communications, using personal mobile devices and apps such as WhatsApp and Signal, were widespread.

And that’s not all – using consumer apps for business typically contravenes GDPR

In the UK and Europe, any organisation found to be using consumer-grade apps for business are likely to be in contravention of GDPR because under the regulations personal details cannot be shared without the owners’ express permission.

The inherent functionality of typical consumer apps include sharing contacts between users (and with the service provider) as well as storing documents or pictures in unprotected locations on a device with no protection against these being shared onwards to any other user of that service (outside the originating organisation). The Terms & Conditions of such apps have ‘cop out’ clauses such as “You will not use (or assist others in using) our Services in ways that […] involve any non-personal use of our Services unless otherwise authorized by us.” which is legalese for “You can’t use this app for any business purpose”.

 

Significantly reduce the risk of regulatory fines

Taking back control of mobile communications by providing a viable alternative to consumer apps will enable financial institutions to prove they are taking appropriate steps to ensure staff compliance and so significantly reduce the risk of fines or data leakage, and the negative publicity associated with non-compliance.

Armour Comms has been positioned as a leader in the Secure Communications, Q3 2022 – The 12 Providers that Matter Most and How They Stack Up report by a major industry analyst.  Our flagship Armour Mobile together with Recall by Armour delivers a highly usable solution to replace the ‘shadow IT’ of consumer-grade apps.

Available as on on-premises solution to provide data sovereignty, Armour Mobile and Recall provide all of the security, monitoring and archiving features required by regulated industries. What’s more, its enterprise-grade capabilities mean that Armour Mobile can be deployed at pace with one-click provisioning, making it quick and easy for users to be up and running with an approved channel for business communications within minutes, even on BYOD and un-managed devices.

With Armour Mobile, employees have the tools they need to communicate even the most sensitive of market intelligence safely and efficiently.

Recall by Armour – How it works

Armour Mobile and Desktop support an integrated and secure audit capability enabling communications (text, audio) to be captured in their entirety within the centralised audit log, allowing detailed retrospective analysis of all conversations.   Each entry within the audit log is encrypted using keys unique to the user to whom the entry relates, and access to the decrypted content can only be gained by an Administrator with access rights to the audit tools to securely retrieve the key material and perform the necessary decryption tasks.

With Recall, all communications via Armour Mobile are protected and preserved automatically, the user doesn’t need to do anything extra. This supports the NCSC ethos of Secure by Design, making security easy for the end user.

For more information about how Armour Comms can help your organisation preserve, check and interrogate secure and sensitive conversations, ensure compliance, protect brand reputation (and avoid hefty fines), contact us today. sales@armourcomms.com