Nine23 – Securing Managed Mobility Services

Background

Mobile devices such as Windows, Apple and Android phones are needed by MoD and Government workers in a variety of scenarios to carry out day to day calendar and email tasks, and more specialised functions where in-house appstores are required. Mobile devices offer rich capability and are widely used in both the home and workplace, making them attractive as easy-entry technology with outstanding reliability as a given. There is no bespoke tech tie-in or end-user gripes – everybody can use them and there are no hidden costs.

But for routine use with data classified Official Sensitive, considerable expertise is required to counter the cyber-threat of cloud hosting, Wi-Fi and 3G communications, and ecosystem external connections such as web browsing and internet email.

Customer Profile

Nine23 excel in delivering cost-efficient managed mobility services utilising commercial cloud practices. Over the past few years, they have been presented with the challenge from MoD, Police and MoJ customers with providing this service accredited at Official Sensitive. In 2014, Nine23 chose BNSCyber to work with them across their Government customer-base to develop cloud-hosted managed mobility secure architectures, liaise with the Government’s IA community (Accreditors, SIROs etc.), and deliver cyber risk assessments and cyber risk treatment plans.

BNSCyber Meeting the Key Challenges

With over a decade of experience working exclusively to the UK MoD and Government sector, BNSCyber was able to use its NCSC Certified Practitioner – IA Architect (Lead Practitioner) to define a security architecture which mitigated cyber security risks while enabling the end-user to benefit from the rich capability associated with mobile devices such as web browsing, telephone calls (including secure voice) and email to external organisations.

BNSCyber’s extensive experience working with the SPF, JSP440 and NCSC’s portfolio of Architectural Patterns and Good Practice Guides, blended with extensive experience of selecting assured COTS products, enabled Nine23 to deliver and manage multiple cyber-secure and accredited managed mobility services.

Nine23 also realised that designing secure systems was only half the story. They needed an experienced security consultant to work with the MoD, Police and MoJ security stakeholders (Accreditors, SIROs etc.) to ensure cyber-security assurance and accreditation activities were embedded in the end-to-end project lifecycle and executed effectively. BNSCyber was able to use its NCSC Certified Practitioner – Security & Information Risk Advisor (Senior Practitioner) with over a decade of customer facing experience to MoD and HMG IA Stakeholders to provide this service. Bringing this experience to the table and gaining the IA stakeholder buy-in early in the project lifecycle meant potential ‘gotchas’ that could derail the project down the line were de-risked, and the necessary security accreditation to bring the systems into service was achieved.

Nine23’s BNSCyber Experience

“BNSCyber were a natural choice to partner with to deliver our enterprise mobility services. As a lead in the Information Assurance landscape for UK Government and Defence, and with a genuine empathy for front-line user needs; they worked closely with us to deliver tailored security for the cyber context we operate in while always being cognisant of the front-line user experience of our clients. We continue to work closely with BNSCyber to anticipate future cyber security challenges.”

- Chris Lenaghan, Nine23 Account Director