Cyber security standards for enterprise-grade mobile apps

Elisabetta Zaccaria, Secure Chorus’ Chairman of the board said: “Two years ago, the development of an ecosystem of different brands enterprise grade mobile apps that are interoperable, secure and regulatory compliant was seen as a fantasy. With the completion of this first set of interoperability standards for voice communication, the ecosystem has become a reality within a very short time.

“We would like to thank the Secure Chorus standards committee for its hard work in advising on these standards, including the National Cyber Security Centre, Vodafone, O2, Leonardo, BAE Systems Applied Intelligence, Sepura, ISARA Corporation, Cryptify, SQR Systems, Armour Communications, Serbus and Nine23.”

Phone call hacking is a risk frequently overlooked by business. With the threat of faked caller ID and unauthorised network access, enterprise users can’t guarantee the identity of incoming calls, or be sure outgoing calls reach their intended recipients. Neither can they be certain that third parties accessing the enterprise networks are who they say they are.

This risk is set to escalate as digital transformation trends call for security to be pushed beyond the walls of a business’ IT premises. The requirement for secure communication is no longer simply about communication between employees. It now extends beyond the enterprise security perimeter to clients, suppliers and other third parties.

Despite enterprise grade secure voice apps already existing in the marketplace, these have failed to realise widespread adoption in enterprise. This is mainly due to the way secure voice apps have been built to date, which often makes them incompatible with other similar products. This gives rise to a scenario in which, unless the entire enterprise market adopts the same brand of voice application, users will resort to compromise solutions in order to bridge the gap created by the current mainstream ‘vendor lock-in’ approach.

The completion of this first set of interoperability standards for secure voice apps specifically aimed at enterprise users has created a much-needed breakthrough in the market. These standards will make single-vendor lock-in applications obsolete, by ensuring that call security can be established between different product brands.

Secure Chorus has achieved this milestone through a strategy of government-industry collaboration. Secure Chorus’ industry members have developed a number of secure voice apps that use the same enterprise-grade cryptographic open standard: MIKEY-SAKKE.

MIKEY- SAKKE was developed by the CESG, now part of the National Cyber Security Centre (NCSC), the UK’s authority in cyber security. MIKEY-SAKKE has received endorsement at global level, standardised by the Internet Engineering Task Force (IEFT) and approved by the 3rd Generation Partnership Project (3GPP), the body responsible for standardising mobile communications for use in mission-critical applications.

With interoperability standards based on MIKEY-SAKKE now available, organisations will be able to adopt secure voice apps with a number of common benefits. These include strong end-to-end encryption of voice calls together with centralised management, giving a domain manager full control of the security of the system. These technologies are also highly scalable, requiring no prior setup between users or distribution of user certificates. This new generation of voice applications achieves four key requirements in enterprise use: security, auditability, scale and simplicity of deployment.

The Secure Chorus multi-year strategic plan includes instant messaging, group calls, video calls, document sharing and many others. Secure Chorus continues to work with its members through its government-industry collaboration approach, to promote the growth of an ecosystem of interoperable products while developing further features focused on the enterprise user.

Dr Andy Lilly, Secure Chorus’ Chair of the standards committee added: “Active contributors from a diverse cross section of the Secure Chorus’ members community have been working hard over the past 12 months to bring these interoperability standards for secure voice communication to life.

“Where common standards exist, innovation is driven, and disruptive technologies emerge. Common standards foster a broad selection of products and vendors for end-users to choose from. At the end of the day, the end-user wins by not being locked into one large company’s method of doing business.”