DSD certification confirms sandboxing is Good for mobile security
- 12 September, 2013 10:20
The certification of a mobile-security sandboxing platform from Good Technology to EAL4+ standards will pave the way for the use of application-isolation techniques to secure mobile and bring your own device (BYOD) rollouts across Australian businesses and government organisations.
Mobile vendor Good Technology announced this week that its Good for Enterprise (GFE) mobile device management (MDM) platform – which allows the creation of virtual ‘containers’ that enable users of mobile devices to securely access networked applications and devices – had achieved Common Criteria Evaluation Assurance Level 4 Augmented (EAL4+) certification that permits its use across a broad range of high-security applications.
GFE, which is now listed on the Defence Signals Directorate’s Evaluated Products List (EPL), runs on both iOS and Android and includes mobile client, MDM and a secure messaging exchange server through the Good Mobile Control, Good Mobile Messaging, and Good Mobile Access elements.
"The EAL4+ certification for Good for Enterprise confirms the security integrity of the solution and gives us the confidence to roll out deployment across our government department,” said Al Blake, chief information officer of the Department of Sustainability, Environment, Water, Population and Communities, in a statement.
“We have already seen vast productivity and efficiency improvements with the use of Good for Enterprise as it allows end-users to bring their preferred device, minimises the ICT support overhead and still maintains the strong security boundary we require around government information. The deployment has been an overwhelming success and has significantly increased staff connectivity and workplace flexibility.”
GFE is built on AES-192 bit encryption and securely tunnels data during every hop. The certification report for the platform notes that its design counters security threats including eavesdropping, theft of data, tampering, spoofing of mobile identity, and root or other unauthorised access to mobile devices.