Category: View All

What is Kubernetes and why is the new Armour Core server-side platform based on it.

When IT pros start talking about containers, the term Kubernetes, or K8s, is often mentioned. Initially released in 2015, Kubernetes has only recently become more mainstream, and the latest tech speak buzz word.

But what is Kubernetes?  Why does it matter and more importantly what benefit can it deliver to your business?  Here we go under the covers of Kubernetes and explain why this platform is one of the fastest moving projects in the history of open source.

Building blocks

To understand why we need Kubernetes, we must first understand containers. A container is a unit of software that can be isolated for security or scalability, usually performing a specific task, with control over its access to the underlying OS and hardware resource. Multiple containers can be combined to build an application and because containers can be reused across different applications, new functionality can be developed more quickly.

Containers are lightweight and virtualise CPU, memory, storage and network resources at the operating system (OS) level, rather than hardware level. As containers are virtual environments that share the kernel of the host operating system, they can more easily be ported to run on a range of hardware platforms that support containerisation (compared to more traditional virtualization technologies such as Virtual Machines).

Scale and Management

Kubernetes was first developed by a team at Google and later donated to the Cloud Native Computing Foundation (CNCF). It is an open-source platform to manage containerised workloads and services. As Kubernetes is open-source, it has a vast ecosystem of contributors that find and fix bugs and vulnerabilities as well as improving and adding features and functionality.

In a nutshell, Kubernetes delivers a framework to run distributed systems. It automates the deployment, scaling and management of containers. In the case of Armour Mobile, we can define how we need the platform to operate; for example if hardware fails, or if traffic load is high, Kubernetes is configured to ensure resilience without the need for manual intervention. Additionally, Kubernetes is self-healing, restarting containers that fail and killing and replacing containers that fail to respond to defined health checks.

Security by design is the ethos by which we develop all Armour solutions. Security is achieved by the way in which we use Kubernetes and processes incorporated within Armour solutions. Kubernetes allows us to set policies at a cluster-level to prevent or restrict things which we might consider a security risk.

Resilience and reliability

Kubernetes is a proven technology that allows Armour to deliver in Armour Core v5.0 a platform that is more powerful, robust, and extensible. We can deliver features such as monitoring, load balancing, and failover, high availability and much more. This makes the provision of Armour Mobile more flexible, more resilient and more reliable for our customers. Even when under load from a high volume of concurrent users or high network traffic, Kubernetes can load balance and distribute the network traffic so that the deployment is stable.

Delivered to suit your needs

Armour customers will benefit from our use of Kubernetes, whatever their current choice of deployment, be it on premises, cloud, or hybrid. Using Kubernetes has delivered an array of improvements to our existing development cycle which will benefit our on premises customers.

Kubernetes also allows for a hybrid cloud approach for customers who require it. The Armour Mobile solution can be managed using Kubernetes tools, both in-house on bare metal and in the cloud.

For more information about how Armour Comms can help your organisation to adopt a more secure approach to communications and collaborative working, contact us today.

A Maritime Use Case

Requirement

A global shipping organisation needed to communicate sensitive, commercial information in a way that kept it completely secure both in transit and at rest. Owners, executive management and executive assistants, banks. lawyers and other third parties had been using consumer-grade apps such as WhatsApp, Signal, Telegram and Viber to communicate because messages are encrypted. However, such apps can be attacked with the very real danger that user identity can be spoofed or hacked. The nature of the information being shared was such that using email was not a suitable option.

Challenge

To share commercial information, documents and instructions with trusted colleagues and partners securely, ensuring there are no unmanaged copies of information held anywhere, either printed or electronic. Conversations would be extremely difficult to trace.

Solution

SigNet by Armour®, which is secure by design, was selected for its great user experience. Strong user adoption was a key differentiator for SigNet – people found it extremely easy to use, and are using it enthusiastically.

Key Benefits

SigNet provides secure comms for voice, text, messaging, video and attachments.  However, for this maritime organisation, the app is used mostly for messaging and sending documents securely.

Increasing Security Awareness – Using SigNet has encouraged a culture of heightened security awareness amongst employees while also protecting user anonymity and privacy.

One-step provisioning – users simply download the app, and they can start using it straight away.

Strong user adoption rates – the app is so easy to use, people like it.

Anonymity and protection of privacy – users do not need to reveal their mobile number, email address or even full name in order to use the app. This particular feature is much appreciated by the ship owners who value their privacy.

Use across multiple linked devices – the same instance of the app can be installed on desktop, laptop, tablet and mobile, so that information can be shared across devices securely, without ever using email.

Desktop instance – the app is used by Executive Assistants on their PCs and laptops.  The ability to cut and paste instructions from ship owners and share with other members of the management team via SigNet improves security.

Note to Self facility – voice to text notes and reminders that are held within the app, and can be shared with linked devices.

Ultra secure sharing of information – documents for signature, instructions or commercial details are shared via SigNet, meaning that the use of email systems is completely avoided, and there is no need to print copies.

COVID-19 – the company is even using the app to enable employees to share COVID test results and vaccine details.

Results

Details of competitive commercial discussions, documents for signature, instructions from ship  owners, and even sensitive medical information can now be shared across an ultra secure platform. Documents and information shared using SigNet are not accessible by any other system. Documents no longer have to shared via an email system, which could be subject to surveillance or hacking, nor do they ever need to be printed.

Users’ identities are protected and privacy maintained, which is important for ship owners.  People like using SigNet, secretaries and executive assistants are able to use the solution from their desktops.  As people become more used to SigNet they are finding more reasons to use the app, including the Note to Self feature as a quick and easy way to share confidential information across devices.

Contact us today to discuss how your organisation can keep sensitive commercial communications completely private

Armour Mobile in use at the MoD

Recently the UK Government published Industry Security Notice 2022/04 Secure by Design Requirements, which informs the UK Defence Supply Base of the Secure by Design policy and approach which has been set out to ensure cyber secure delivery of capabilities for the MoD.

Before we outline just how closely Armour complies, we address the issue; What is the difference between Secure by Design and Secure by Default?  The National Cyber Security Centre (NCSC) uses both terms in different contexts.

Secure by Design

Broadly speaking, Secure by Design means that software products and services are designed to be secure from the ground up.  Every layer is considered from a security and privacy standpoint and starts with a robust architecture design.  Secure by Design incorporates strategies such as forcing patterns of behaviour, for example, strong authentication, and the use of best practice protocols such as least privilege access.

More specifically, Secure by Design is part of the Government’s National Cyber Security Strategy. The Department for Digital, Culture, Media & Sport (DCMS) and the NCSC conducted a review into how to improve the cyber security of consumer Internet of Things (IoT) products and associated services, and as a result published various documents regarding the security of smart devices.

Secure by Default

Secure by Default builds on the premise of Secure by Design.  According to NCSC Secure by Default is about taking a holistic approach to solving security problems at the root cause rather than treating the symptoms. It covers the long-term technical effort to ensure that the right security attributes are built into software and hardware. As well as ensuring that security is considered at every stage when developing products and services, it also includes ensuring that products are delivered to the end-user in such a way that the default settings enforce good security practices, while balancing usability with security. After all, if a product is too difficult to use, people will simply find a workaround, meaning that security ends up being compromised anyway.

Secure by Default principles prescribed by NCSC are:

• • • security should be built into products from the beginning, it can’t be added in later;
    • security should be added to treat the root cause of a problem, not its symptoms;
    • security is never a goal in and of itself, it is a process – and it must continue throughout the lifetime of the product;
    • security should never compromise usability – products need to be secure enough, then maximise usability;
    • security should not require extensive configuration to work, and should just work reliably where implemented;
    • security should constantly evolve to meet and defeat the latest threats – new security features should take longer to defeat than they take to build;
    • security through obscurity should be avoided;
    • security should not require specific technical understanding or non-obvious behaviour from the user.

Armour Mobile complies with Secure by Design AND Secure by Default

At Armour Comms we have been working with NCSC since our inception a number of years ago to ensure that our products are designed with Best Practice security protocols in place. Our initial products were CPA certified to demonstrate they adhered to these security principles; when that scheme finished (for all products with the exception of smart meters) we focused on ISO27001 and Cyber Essentials Plus certification as externally audited proof of our strong security practices.

Our products are approved for use up to OFFICIAL-SENSITIVE, NATO Restricted and for Higher Assurance requirements and are already deployed at these levels. Our innovative developers work hard to deliver products that strike the balance between providing a user experience that mimics consumer-grade apps, while delivering the security credentials required for higher assurance use.  Armour Mobile is in use in many Government departments as well as having been deployed for numerous use cases across the MoD.

Armour Mobile and MoD Secure by Design Requirements

One of the key principles within the ISN 2022/04 Secure by Design Requirements is to Define Security Controls, and within that, the requirement is that: “Existing processes, knowledge, standards and technologies should be identified, assessed and reused where possible to avoid duplication of effort.”  With this in mind, and our track record of working with NCSC and the MoD, Armour Mobile is the obvious choice for any secure comms requirement within the Defence sector.

For a more detailed look at the NCSC Secure by Default principles read our blog: The future of NCSC Technical Assurance: https://www.armourcomms.com/2022/01/25/the-future-of-ncsc-technical-assurance/  and for more information about the NCSC Secure by Default principles please read: https://www.ncsc.gov.uk/information/secure-default

Watch this space for future articles describing in more detail how Armour Mobile meets the Secure by Design requirements.

We are delighted to announce that Unity by Armour has been shortlisted for an SC Award for Best Communications Security Solution.

Unity is the third Armour product to be a finalist, and it is the 5^th year in a row that we have been shortlisted.  Armour Mobile won the award for Best Mobile Security Solution in 2019 and SigNet and Armour Mobile were Highly Commended in the same category in 2021.

Enterprise Conferencing that’s more secure and easier to use

Unity by Armour® delivers secure conferencing in an easy-to-use app for mobile and desktop use, with enterprise security features not provided by free-to-use consumer products including a choice of cloud or on-premises installation to ensure data sovereignty. Unity is available in several configurations to ensure the level of security matches the sensitivity of the conversation. Unity combats the issue of ghost callers that may eavesdrop on sensitive conversations by highlighting to all users whether a participant has joined the call via an app, or securely via a browser –browser options often increase vulnerabilities.

Unity extends the Armour ecosystem by working in conjunction with Armour Mobile to provide pre-defined or on-the-fly secure video conferencing, screen sharing and integration with secure chat groups and interconnectivity with trusted unified communications systems.

Unity delivers picture-in-picture and multiple screens, and offers a familiar video conferencing interface, making it easy and intuitive to use.

If your organisation needs a conferencing tool with enterprise capabilities and security credentials to match, call us today to find out more

Tel: +44(0)20 36 37 38 01

Managing corporate data on Bring Your Own Devices (BYOD) has been a thorny issue for years. Businesses and employees alike appreciate the convenience of people using their own devices, and in fact, the organisation probably doesn’t have much choice in the matter without taking draconian measures. However, protecting sensitive information that finds its way onto unmanaged devices can open organisations up to risk of industrial espionage and even threaten national security, quite apart from more mundane, but nevertheless serious data protection regulatory issues (GDPR being the most obvious).

Athletes advised to use burner phones for security reasons

To add to those threats, if people travel abroad they may find their devices compromised by lapses in local security. A recent case in point was athletes and teams taking part in the Winter Olympics in China. Many governments advised people to take burner phones and hire laptops once there, rather than risk their own devices becoming compromised. Full story here: https://www.bbc.co.uk/news/world-asia-china-60034013

Burner phones create additional security issues

This raises an important point, that of the additional complexity posed by the use of burner phones.  Typically they are bought in country, used and disposed of prior to return. These phones, usually Android, for cost reasons, should be considered unsafe because their provenance cannot be certain. Using apps on such phones can create undue risk and uncertainty as they may have been ‘jailbroken’ (modified to remove restrictions imposed by the manufacturer, to allow the installation of unauthorised software) or contain potentially malicious apps from local carriers or distributors.

Managing BYOD without MDM

True BYOD devices that are owned by the employee create a different challenge. Employees do not like the fact that their employer might wish to take control of their personal device with a Mobile Device Management (MDM) solution, and so have the ability to restrict the use of the capability of the device e.g. disable the camera. However, the concerns around corporate data being held on a device that is not owned or controlled by the business must still be addressed – something that Armour can do without the need for a full MDM solution.

How Armour helps

Armour Mobile and SigNet by Armour provide a mobile comms solution that completely isolates the communications and any associated data, metadata or files (attachments such as documents, images, video clips). All data is encrypted and secured within the app protecting contacts, messages and attachments from malware on the device or if the device is lost or stolen. The ultimate goal is to minimise the organisation’s risk by reducing the residual data held on the device. Armour’s products are Secure By Design, for example technology in the app requires sole use of the microphone ensuring rogue apps are not ‘listening’ in to voice or video calls.

In addition, before the app can be used, the Armour software checks to see if the device has been jailbroken, if so, the user will not be able to use the Armour app.

Armour provides its own viewers for certain types of attachments, so as not to share information with the operating system or third-party viewers, and preventing the user from sharing the attachment (and its sensitive information) outside of the Armour app, thus avoiding the potential for data leakage.

To avoid the use of the public internet and untrusted, insecure networks, the Armour apps can be installed in a variety of ways. Depending on the specific use case requirements this can include via SD card or via a completely closed VPN network (using additional technology from Armour technology partners).

Armour Mobile and SigNet also include many security features within the app to protect against data leakage.  This includes the Message Burn and Disappearing Messages features, where the sender of a message can set it to automatically delete at a set time, either after it has been read, or after it has been sent.  This feature can be deployed as a standard setting across chat groups or communities of users.

In the coming months we will deliver the capability to remote wipe any data held within the Armour app on devices that have been lost, stolen or otherwise compromised and in addition will have the ability to centrally control the length of time messages are available to be accessed on phones.

For more information about how Armour can help you to ensure secure communications even when using BYOD devices, contact us today: sales@armourcomms.com