As the Scottish Government hits global headlines for its announcement of a ban on the use of the consumer messaging app WhatsApp for official business, we ask, what next? What should they be using for secure communications?
The Scottish government is not the first to take such measures, the French government made a similar ban on the use of WhatsApp, Signal and Telegram by ministers and their teams, as have NatWest Bank, and several years ago now, the German company Continental AG
This latest ban will be applied to all Scottish government devices and takes effect from Spring 2025. This was announced in the wake of an external review of the use of messaging apps after it was revealed by the COVID enquiry that huge swathes of messages that took place during the pandemic had been deleted by ministers (as discussed in our previous blog: Scottish Covid inquiry finds that Nicola Sturgeon appears to have deleted ALL her WhatsApp messages.)
Deputy first minister Kate Forbes said “Government business should happen on government systems which are secure, searchable and allow the appropriate sharing of information, in line with our statutory duties.”
While the use of Teams will still be allowed in Scotland, in revelations earlier this year by Computer Weekly, Microsoft admitted that it cannot guarantee the sovereignty of UK data hosted on its hyperscale public cloud infrastructure. In the detailed article Computer Weekly explains that under Part 3 of the Data Protection Act (DPA) 2018, law enforcement data must be kept within the UK, as must all public sector data under the G-Cloud 14 framework regulations.
With all this in mind, what should organisations be doing to protect sensitive their communications?
NCSC approved alternative to consumer apps
As we have stated many times before, there is really no excuse for the use of consumer apps by those in public office when there is an NCSC approved alternative that is every bit as engaging and easy to use. Not only do consumer apps, such as WhatsApp and many others, lack enterprise-grade security features, such as identity-based authentication (which tackles the issues of impersonation-based attacks/spoofs/AI deepfakes, etc.), but as we are reminded yet again, such apps lack any central management of messages and conversations, and therefore do not protect the public record.
Award-winning Armour secure communications
The Armour® Secure Communications Platform (multiple recipient of the SC Awards Best Communications Security Solution) provides an alternative to consumer grade applications. The platform brings together a quick-to-deploy, easy-to-use solution that can be used on both mobile devices and desktops, with enterprise security features not provided by mass-adoption collaboration products or free-to-use consumer apps. It protects data throughout its lifecycle, providing all elements of mobile communications/collaboration including voice, instant messaging, and video conferencing, encrypting data both at-rest and over-the-air.
Suitable for higher assurance video conferencing
Security conscious organisations such as government departments, law enforcement, military, defence contractors and public sector bodies all need products designed with their specific requirements in mind. The Armour Secure Communications platform is built to give organisations control of where they deploy and where their data resides, with both secure hosted and on-premises options available. It addresses issues such as GDPR and industry-specific regulations including DPA 2018 Part 3 as cloud-based providers often cannot satisfy sovereign needs.
Armour Recall™ captures, retains and archives data to ensure organisations keep control of their data and can review at a later date to prove compliance and as a matter of public record.
Armour Unity™ delivers secure conferencing in an easy-to-use app for mobile use and is available in several configurations to ensure the level of security matches the sensitivity of the conversation.
Strict security measures within Armour give the organisation total control over data. For example, constraining message retention, Message Burn (automatically deleting messages after a set time), controlling features like forwarding/sharing data, erasing all data in the event of device (or user) compromise.
Users and call groups are centrally managed, people can only join and use the app by invitation. Identity-based authentication (using NCSC’s MIKEY-SAKKE protocol) means that users can be confident when using the platform that they are communicating with who they think they are. In this way Armour addresses the issue of identity-spoofing and ghost-callers, including AI-generated deepfakes.
For more information about what your organisation should be looking for when considering a secure communications solution read our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/
