Posted on

Armour Comms continues strong y-on-y growth

Working from Home requirements and increased security awareness around the dangers of consumer-grade apps fuel demand for Armour Mobile  

London, 16 February 2021: Armour Comms, the leading provider of specialist, secure communications solutions, has seen continued year-on-year growth during 2020. The company has achieved an increase in license revenue with annual recurring revenue (ARR) up 28%. Having secured its first round of outside investment of £2million from external investors in late 2019, Armour made a range of key appointments across the business to fast-track product development and address new markets. Revenue generated has been evenly spread across the regions with 30% from the UK, 33% from the Middle East, and 37% from the rest of the world.

David Holman, Director and co-founder of Armour Comms commented; “2020 has been a year of continued growth for Armour, despite the pandemic. In part this has been due to an increased awareness of the security shortcomings of using consumer-grade apps, particularly as people were forced to work from home.  We have also invested in our expansion with an increase in head count of 20%, mainly in development, quality assurance and customer support. We maintain a strong focus to ensure we develop solutions that are highly intuitive as well as maintaining appropriate levels of security.”

During 2020 Armour agreed terms with a number of new partners in key geographic regions and signed up several significant new customers, as well as expanding the Armour user-base in the military/defence and government sectors.

2020 also saw an increase in demand from enterprises in non-regulated industries for SigNet by Armour, a secure comms app based on Signal. SigNet, which uses AES-256 bit encryption, has been toughened with more enterprise-grade security features such as an on-premises option for total privacy (a cloud option is also available), no auditability, secure groups, allow listing features, and a much improved, highly intuitive user interface.

Posted on

AES-128 and AES-256 encryption v Quantum Computing

How safe is your data?

A few years ago we posted a blog – AES-128 v AES-256 encryption – What’s the difference?

To date, it has been our most popular page.

In answer to the question “What’s the difference”, we stated – Practically nothing!

That is because 128 bit encryption is pretty strong, and being a magnitude stronger may not make you that much more secure, given that it is rarely the encryption that is the weakest link and therefore rarely the part that gets attacked.

Since we wrote the blog, quantum computing has come closer and is now a real possibility within the next few years. For this reason, we thought it was worthwhile revisiting our blog to see if this made any practical difference between 128 and 256 bit encryption

Our CTO and co-founder Dr. Andy Lilly explains the differences in this short podcast.

Available on:

YOUTUBE: https://youtu.be/Z463jy64fwo

 

Posted on

Armour Comms announces new rapid provisioning functionality for Enterprise roll out of SigNet by Armour

Signal-based secure communications app extends enterprise features to support organisations moving away from WhatsApp  

London, 26 January 2021: Armour® Comms, the leading provider of specialist, secure communications solutions, has announced the availability of SigNet by Armour® v2.1, which includes new features designed specifically for enterprises.  SigNet by Armour, provides secure voice, video, messaging, group chat, file attachments and MessageBurn (timed messages) with AES-256 bit encryption for iOS and Android devices, and for use with Windows 10, macOS and Linux. Based on the well respected Signal app, SigNet by Armour provides additional security features such as an on-premises option for total privacy and no auditability (as well as the choice of cloud installation), secure groups and allow listing features, and a much improved, highly intuitive user interface.

New with SigNet v2.1 is support for QR codes and deep links for one-click provisioning which streamlines on-boarding new users, and saves time and resource for IT departments.

David Holman, Director at Armour Comms commented; “SigNet by Armour has been specifically designed for use by non-regulated organisations that require enterprise-grade secure communications.  SigNet provides a great user experience, with the assurance of absolute privacy for data and meta-data, that stays completely within the control of the enterprise. At a time of heightened concern about new privacy policies of consumer-grade messaging apps SigNet is a better, more secure alternative that is GDPR compliant, specifically designed for professional use.”

SigNet has a range of built-in features ideal for mitigating security threats in an enterprise environment, such as;

  • centralised control of device access so only authorised users can connect to the secure communications service;
  • files and attachments are kept within the app and therefore remain encrypted at all times, even when stored on the device;
  • management of connectivity between users and groups to provide security segregation within the user space.
  • automatic alert sent to the sender of a message if a screenshot has been taken by the recipient;
  • peer to peer encryption, removing the need for a central key server;
  • no recording or auditability;

SigNet by Armour is available as a Software as a Service (SaaS) product hosted on Armour’s secure cloud, or as an on-premises installation, and uses a peer-to-peer key management system.

Armour Comms has published a White Paper: Why WhatsApp Is Not Suitable for the Workplace. For a copy please email: andreina@pra-ltd.co.uk,

or download from: HERE

Posted on

The Deadline for Ditching WhatsApp

Facebook has declared its intentions for WhatsApp – and it’s not great news for business users (or anyone else for that matter).

Data is moving West!

We are seeing a worrying trend where tech behemoths are moving data away from the EU and back to the US, possibly, to avoid stringent GDPR data regulations.  WhatsApp has recently introduced a new policy for users outside of the EU where users are forced to agree to share their personal information with other Facebook companies. Details here: https://www.theregister.com/2021/01/06/whatsapp_privacy_policy_demand/

The original deadline for providing this permission was 8 February, after which time dissenting users will no longer be able to use the app. Due to public outcry and a mass exodus to other messaging platforms, the deadline has now been postponed to later in the year, BUT, we can see the direction of travel.  Users who already have privacy settings blocking sharing of their information will retain that protection, but for anyone else they could be giving up personal info such as names, profile pictures, status updates, phone numbers, contacts lists, IP addresses, mobile device model, operating system, network carrier, etc. and – if you engage with businesses via the app – sensitive details such as shipping addresses and the amount of money spent on orders.

Facebook looking for ROI?

When Facebook acquired WhatsApp in 2014 they stated that they would not look to monetise the WhatsApp user base for 5 years.  Those 5 years are now passed, and it is to be expected that Facebook will look to recoup its investment (some $22bn).  They initiated this with their drive to get businesses taking orders and providing support to customers over WhatsApp, and all that information could end up stored on Facebook’s servers if businesses opt to store it there.  While WhatsApp currently states that contact details will not be shared with Facebook for advertising purposes, they could be in future.

Data fallout from Brexit

Just before Christmas we saw a story that Facebook is moving the responsibility and legal obligations for UK users from its operations in Dublin to the US, due to Brexit and the UK’s changing relationship with the EU, albeit they also regard the UK as still being part of their “EU region”.  https://www.reuters.com/article/us-britain-eu-facebook-exclusive/exclusive-facebook-to-move-uk-users-to-california-terms-avoiding-eu-privacy-rules-idUSKBN28P2HH  Google made a similar announcement earlier in the year.

GDPR still applies, WhatsApp is NOT suitable for Business Use

At the moment, the UK’s data protection laws mirror those of GDPR.  For this reason alone, WhatsApp, and some other consumer-grade, social media messaging platforms, are not suitable for business use – and never have been. Some industry bodies, such as the Finance Conduct Authority are warning against its use: https://www.ftadviser.com/regulation/2021/01/11/fca-warns-advisers-on-using-whatsapp-and-social-media/

This latest change to its Terms and Conditions indicates Facebook’s ongoing intention to monetise its users, potentially opening up its options for dealing with UK users’ data, particularly in the advent of a UK and US trade deal, that includes handling data.

Our White Paper: Why WhatsApp is Not Suitable for the Workplace explains.  Download a copy HERE

Posted on

Protecting your Digital Identity – Lessons from Jeremy Vine

It’s that time of year again, when everyone is making predictions for the year ahead.  One of the key themes being cited for 2021 is Digital Identity.  To be fair, digital identities have been around since there were online systems that required passwords or authentication of some form. And it’s certainly nothing new in the cybersecurity world.

BUT, there is an increasing awareness within the population at large, that protecting your digital identity matters.

Cyberattacks have doubled this year

With many more people working from home, with more distractions (home schooling, sharing workspaces with partners for example) and with heightened levels of stress, phishers, scammers and hackers have had an exceptional 2020.  It is widely reported that cyberattacks of all forms have doubled year-on-year during 2020 as criminals took advantage of the disruption caused by the pandemic.  We are all susceptible to a clever social engineering scam, as the recent experience of broadcaster Jeremy Vine demonstrates only too well when his WhatsApp account was hacked:   https://twitter.com/thejeremyvine/status/1327076111096958978?lang=en

Early in the summer news broke of several high-profile figures that had had their Twitter accounts hacked in a Bitcoin scam, https://www.itgovernance.co.uk/blog/catches-of-the-month-phishing-scams-august-2020, including Bill Gates, Elon Musk, Kanye West, Kim Kardashian West, Barack Obama, Mike Bloomberg and US president elect Joe Biden.  Even Apple’s official Twitter account endorsed Bitcoin with a message.

At the risk of sounding like a stuck record, the greatest cyber risk to business is from people and processes (the insider threat).

The dangers of free messaging apps  – again!

The Jeremy Vine example is worrying for the ordinary person and, to his credit, he has tried to draw as much attention to just how easy it is to be sucked in.  However, it should be doubly worrying for companies that still sanction (or at least turn a blind eye to) the use of WhatsApp by employees.  Even though people may not actually be using WhatsApp, or any other form of free, consumer grade messaging app for business communications, if their personal account is hacked, every contact in their address book could be compromised.

Have a think about who is in your contact list – would you want business colleagues, people you are negotiating sensitive deals with, prospects, customers, industry bodies, government officials, your CEO, to receive a message purportedly from you, when in fact it is a criminal pretending to be you?

Apart from the potential embarrassment, what about brand value and reputation?  It doesn’t give a good impression does it?  And once your account is hacked, what about the rest of the information you have on your phone?  How confident are you to share everything that is on your phone with the rest of the world?

Keep your contacts close

Keep your friends close and your enemies closer still, goes the old adage (actually from the Godfather II, but often attributed to Sun Tzu or Niccolo Machiavelli). This is really quite relevant to how we manage our connections today. Everyone’s contact details should be treated with the same  respect, not least as it is a requirement of GDPR (which still applies after Britain has left the EU).  However, it’s not just a problem for WhatsApp and its ilk, even well respected apps such as Signal have this problem when anyone can join a group.  Or to be more precise, everyone who installs the app is automatically in the amorphous, worldwide group of users, where anyone can contact anyone else.

Business communications, and that includes contacts directories, should be compartmentalised to avoid embarrassing phishing hacks at best, and data loss motivated by industrial espionage, or state-sponsored attacks on national security at its most serious.

With Armour Mobile organisations are able to centrally manage individual groups of users as well as to apply personnel changes, keeping contact directories for everyone up to date efficiently.  Armour Mobile has its own Contacts list into which users can add other users’ contact details, as well as import Contacts files. Users from different departments or groups can communicate if they are white-listed, which can be managed centrally.  With business contacts stored within Armour Mobile, if someone’s consumer-grade messaging account is hacked, their colleagues won’t receive compromising messages, nor will they be tricked into communicating with scammers and criminals, and all that that implies.

For more information on how to protect digital identities, and sensitive business contacts, contact us HERE

Posted on

Boutique Security goes Mainstream

Armour Mobile starts to scale!

At Armour we started out providing solutions to really quite specific security problems.  How to enable people that need to communicate via mobile phones to do so, in utmost privacy without danger that their conversation could be, intercepted, recorded, or hacked.

This is quite a bit more complex than it sounds, given that some parts of the mobile phone network relies on 40 year old technology, and large swathes of the internet is owned by multi-national social media companies who are far more interested in passing on their users’ details to advertisers than they are in user privacy.

What started out as a ‘boutique’ security solution for Government departments, defence contractors, specialist security services and other highly security-conscious organisations is now being adopted by a much broader user base.

We are pleased to report that Armour Mobile is no longer just the secure comms app of choice for a relatively small number of specialist individuals within organisations, Armour Mobile is now being deployed on a far wider scale.

This hasn’t happened overnight.  It’s long been our mission to bring truly secure mobile comms and collaborative working to the professional market.  With this in mind we’ve introduced some new features that make Armour Mobile more usable at scale.

Integration and Management

The integration and management elements of Armour Mobile are key aspects in any enterprise deployment. In any large organisation, be it commercial, government or not-for-profit, the number of software applications will be too many for it to be possible to manage each one individually. Learning the unique methods of getting the best out of each application would simply take too much time and so they need to be integrated into a set of industry standards to be managed efficiently.

As an example, to meet resilience and redundancy most modern software products are now using or are moving to using Kubernetes to provide automation of deployment, scaling and management for applications. Put simply, Kubernetes allows products to be handled consistently and efficiently without the need for detailed understanding of each product. We are developing Kubernetes support in our Armour Core for a future release to enable it to scale.

One-Click provisioning

One-click provisioning, as the name suggests makes it much easier for end users to get up and running with Armour Mobile, and if it’s easier to use, then users are more likely to use it, without question, or introducing workarounds that negate the inbuilt security.  With one-click provisioning there are now different ways to receive the provisioning information including a printed card, text, email with deep links or secure (one time use) QR codes.  Users simply download the App, receive the provisioning information via the preferred means, and click. For the IT department and Security Officer this means better user adoption and less chance of support calls because the process is so simple. The secure ‘one time use only’ means that disposal of this data once used is easy and removes the need for secure disposal.

Contacts Management

In response to larger customers we’ve addressed the need to be able to integrate Armour Mobile with an organisation’s existing Directory Servers (LDAP or Microsoft Active Directory).  Currently Armour Mobile has its own Contacts list into which users can add other users’ contact details, as well as import Contacts files containing multiple users’ details.  While this works well for smaller groups of users, it does mean that additions/deletions/changes don’t get automatically replicated across all users, which in larger organisations and enterprises can be a daily occurrence.

Armour Mobile Contacts Directory will enable users to more efficiently keep up to date with all the personnel changes that occur in a large organisation.  From a user experience perspective things will look very similar in that a user simply types the name, or the first part of a name, and the system will automatically reference the Contacts Directory in addition to the user’s local Contacts List looking for names matched to what has been typed. The user is given a list of search matches that can then be used to form a new message, or make a call.

Benefits of Scale

The benefits to user organisations of scaling our solutions are many and include the following:

Resilience – the ability to maintain a service 24/7 no matter what, for example, from hacking attacks or natural disaster. Resilience is measured and designed on three basic principles, Confidentiality, Integrity and Availability. Depending on which of these are most important then the design of the infrastructure and its protection can change.

Redundancy – preparing for the fact that modules of the infrastructure will fail and ensuring that when it happens another part of the infrastructure takes over (ideally this would be automatic).

Monitoring – knowing what is happening at any given time and being able to send alerts to people when certain capacities are reached, for example, so that action can be taken if required.

Logging – knowing that you have the data to decipher what has happened when something goes  wrong.  Many cyber security solutions rely heavily on logging (and monitoring) to warn of a potential attack.

Reporting – understanding who is using the solution enables organisations to ensure that everyone that should be using it for business communications, is using it. In addition, an audit module provides full audit trail capabilities for regulated industries.

In 2020 we’ve seen a huge move towards many more people working from home, outside of the usual enterprise security infrastructure. As we’ve discussed in other blogs, this has brought the use of consumer-grade apps and their suitability for use in business communications into sharp focus. As working remotely is set to become the new normal for many more workers, even after the pandemic is over, providing employees with suitably secure tools for the job is now a priority for many enterprises.

Posted on

Insider trading, a Russian banker and WhatsApp – the case for Audit

Nothing grabs the headlines like a story of a Russian banker that avoided being prosecuted for insider trading, with links to the polonium poisoning case in 2006 for good measure.  The banker in question deleted WhatsApp software from his phone before he handed it over to the investigators for the Financial Conduct Authority (FCA).  He said he deleted it to hide his friendship with a Russian politician, which would cause embarrassment if it were widely known.

Enterprise Apps for Business Communications

It got us thinking, this is a stark reminder not to mix business and personal communications – better to have an entirely different app for each.  Financial services business communications should be conducted using a suitable, commercial platform, that provides audit capabilities as standard. When all calls/messages/videos are audited, there can be no question over who said what to whom and when.  Even if the app is deleted from the phone, the audit log is still held centrally.

Home working increases the risks

With many more people now working from home, keeping sensitive commercial information secure is more important than ever. www.finextra.com recently ran a story explaining why the increasing numbers of people working remotely could lead to an increase in the instance of insider trading.

https://www.finextra.com/blogposting/19184/why-monitoring-news-to-detect-insider-trading-is-now-essential

“As a result of Covid-19, both the FCA and FICC Markets Standards Board (FMSB) have said they expect the combination of financial service employees working from non-office locations, alongside high levels of crisis-driven corporate fundraising, to create a perfect storm of conditions for potential insider trading. At the height of the lockdown, the majority of traders were working remotely – one survey showed that almost 60% of FX traders were working from home. Both the FCA and FMSB have raised concerns about the possibility that in such circumstances material non-public information (MNPI) could be overheard or inadvertently disclosed in other ways.”

In the same publication, Jonathan Pagett, acting CISO at the Bank of England observes that while the central bank already had strong remote access solutions in place including softphones on laptops, the challenge has been a shift in reliance on those core systems. He notes that there is the potential for an erosion of a strong security culture, and that there is a risk of people using unsanctioned shadow IT. https://www.finextra.com/newsarticle/36709/sibos-2020-is-ransomware-as-a-service-a-symptom-of-innovation/crime

Don’t Mix Business and Personal

There are many reasons to ensure that employees use the appropriate software during business communications with colleagues. While there may always be rotten apples, providing suitable mobile communication solutions to employees helps the rest to stay vigilant, and is a reminder to stick to company security best practice.

And on a slightly different note, if you don’t feel you need some of the advanced features of Armour Mobile but still want to keep complete control over your communications, your meta-data, and your contact lists, SigNet by Armour is just the job!! 

With or without audit, Armour Comms can help.

Contact us 

Posted on

How secure are your communications with your Supply Chain?

How secure are your communications with your Supply Chain?

The pandemic, and for that matter, Brexit, have recently brought into sharp focus the role of the supply chain, and just how crucial it is to the running of many traditional businesses, including UK plc.  Thanks largely to Brexit planning, certainly most manufacturing businesses were holding reasonably high levels of stock and so were better able to cope with the issues raised by the restrictions of lockdown.  However, one area that gets discussed less often, is the security of communications with the supply chain.

Supply chain due diligence

Risks within the supply chain are many, and not least is the reputational damage to your own brand should something go wrong with one of your suppliers. Best practice due diligence is a standard part of risk mitigation for dealing with suppliers.  For example, most organisations have policies concerning the environment, modern slavery, bribery and corruption and corporate social responsibility, which suppliers are expected to comply with as part of commercial agreements.  However, despite all of these policies designed to protect the company, most organisations do not have procedures in place for communicating with partners and suppliers around sensitive or confidential issues, for example, product, pricing details, orders and contracts, formulae/recipes, logistics and warehousing arrangements. Any of these details could provide valuable information to your competitors, so communications should be secured.

This is particularly important because the very act of communicating with your supply chain has the potential to open up your organisation to much greater security risks. As the NCSC points out In its Secure Communications Principles document, published earlier this year (https://www.ncsc.gov.uk/guidance/secure-communication-principles-alpha-release), “Many organisations will wish to communicate securely with contacts outside of their own organisation. If a communications service does not allow this, then their members may revert to using an insecure service that does not meet these principles.”  People will always find a workaround to; a) get the job done, and; b) make their own lives easier.  For these reasons, it is imperative that a secure comms solution can be extended for use by trusted contacts outside of the organisation.

Consumer apps are not the answer

In the current climate consumer apps, like WhatsApp and Zoom, have been adopted by many, as the means of communication. However, both have their drawbacks. As well as the question over what happens to metadata when you are using an app owned and controlled by a global social media company, in the case of WhatsApp there is also its inability to provide GDPR compliance.  The security flaws in services such as Zoom (and MS Teams for that matter) have already been well documented https://www.bbc.co.uk/news/technology-52133349  with the new phenomenon of Zoombombing where miscreants join calls uninvited to listen in or hurl abuse. Consumer-grade apps, whether on the desktop or mobile devices, give no control of users on the system and no constraints on where confidential messages and attachments can be forwarded to.

There are many questions about consumer apps overall handling of personal data and metadata, and other security concerns, meaning these apps are simply not suitable for corporate communications. See our previous blog which explains why in more detail: https://www.armourcomms.com/2020/02/06/using-consumer-apps-for-business-use-is-illegal/?cat-slug=10  Despite this many people admit to using them  for business use: https://gdpr.report/news/2020/02/14/privacy-almost-half-of-whatsapp-usage-breaches-legal-terms/

A reliance on these apps could potentially leave businesses with significant vulnerabilities in their communications  So how can you communicate with trusted third parties within your supply chain securely?

Secure comms apps support white-listing and groups

Both Armour Mobile and SigNet by Armour provide the facility, subject to certain controls, for different groups or communities to communicate.

Setting up distinct groups and communities within Armour Mobile and SigNet is particularly easy using our Desktop admin module.  It ensures that those that need to communicate with supply chain contacts and external third parties are able to do so easily and securely.

Our client QuoStar, an IT support and consultancy provider that specialises in businesses going through growth and change has used Armour technology to:

  • Provide secure conferencing for numerous participants
  • Secure intra-company and company to company communications
  • Ensure calls and associated metadata are kept private
  • Protect data sent in messages, text or as attachments

 

At Sparten, a consultancy that provides discrete intelligence-led, unconflicted advice to high net worth families, corporates and their advisors, they use a range of enhanced security features from Armour that have proven particularly valuable when communicating with third parties:

  • Secure Conference Calls for voice and video – the microphone is isolated so no other app can eavesdrop
  • White Listing and Groups ensure the sharing of contact details is controlled
  • MessageBurn or Audit Trail – some operatives prefer to burn messages once read while others from a legal perspective prefer to keep a record for audit purposes.

 

For more information about how Armour solutions could help you to communicate more securely with your supply chain, read our case studies:

Sparten deploys Armour Mobile to strengthen intelligence led approach

https://www.armourcomms.com/2020/01/06/sparten-deploys-armour-mobile-to-strengthen-intelligence-led-approach/?cat-slug=10

QuoStar safeguards communications and prevents hostile interception of sensitive IP with Armour Mobile

https://www.armourcomms.com/2019/07/24/quostar-safeguards-communications-and-prevents-hostile-interception-of-sensitive-ip-with-armour-mobile/?cat-slug=10

Posted on

Medicomms by Armour selected for first NHSX Clinical Communications Procurement Framework

Secure mobile comms safeguard sensitive patient data and provide a more user friendly alternative to paging

 

London, 2nd September 2020: Armour Comms, the leading provider of specialist, secure communications solutions, has successfully tendered and been accepted on to the first ever edition of the NHSX Clinical Communications Procurement Framework, with its Medicomms by Armour solution.  Medicomms is designed specifically for use by health care professionals and patients.  It is an all-in-one mobile app that converges secure internal communications to help with the collection and sharing of sensitive patient data.  Medicomms is also an alternative to paging and has the ability to provide a medium for secure video consultations and time limited patient aftercare communications.

Medicomms is now available to all NHS Trusts via the new NHSX procurement framework, as a managed & hosted solution via Armour partner Nine23 using the NHS accredited FLEX platform, which can handle information up to OFFICIAL-SENSITIVE, enabling healthcare professionals to securely use Medicomms via mobile, tablet, and laptop devices from any operating system including iOS, Android and Windows10.

David Holman, Director at Armour Comms said; “We are delighted to have been included in this first iteration of the NHSX Clinical Communications Procurement Framework. Healthcare is a key market for Armour and our partner Nine23, the product is evolving fast to provide additional services and added value to healthcare users, such as integration with patient records and task management apps.”

Stuart McKean, CEO of Nine23 said; “Being awarded a contract on this NHSX framework demonstrates both Armour and Nine23’s commitment to enable front line users in the NHS to officially use today’s technology. The NHS front line should be able to use technology and between us we can replace those outdated systems with much better secure solutions.”

The NHSX Clinical Services Procurement Framework aims to support NHS organisations with dedicated clinical facing communication and tasks management tools, to accelerate the adoption of proven technologies and to phase out pagers by the end of 2021. The suppliers on the framework have been assessed to ensure that they meet all legislative requirements; therefore no formal tendering is required, saving valuable time and money in the procurement process.

 


Nine23