It's not often that UK organisations have banded together to create a security standard with global significance but that is what appears to be happening with a new GCHQ-backed initiative called Secure Chorus, announced on 15 February 2016 at the Mobile World Congress (MWC).
The website outlining Secure Chorus is still pretty sparse when it comes to technical explanation so we thought we'd look a little deeper at what it is being proposed and what influence it might come to have on
What is Secure Chorus?
Secure Chorus is intended to provide a foundation of interoperable standards for the emerging business market for secure voice, video, conferencing, IM and file transfer applications. Secure Chorus refers to the common protocols that will be adopted and developed by a non-profit consortium of the same name.
What applications will be affected?
In short, voice, video and (usually) email and text messaging. In the consumer space the market is served to varying levels of security by WhatsApp, Facetime, Skype, Telegram and many others. Businesses want similar end-to-end security but more suited to the need to manage security centrally and without the sort of uncertainty and security weaknesses that afflict consumer apps. It's early days for the business market but a range of mainly startup firms has started developing the often complex communications platforms required.
Why is Secure Chorus needed?
Currently, the small number of vendors offering this kind of software to enterprises develop within their own proprietary islands, which in time will start to hurt the market with inconvenience and higher costs. Businesses also need interoperability, which stops them being trapped with one vendor's technology, especially if that firm is later acquired. Not all platforms support all security features and can't offer a basic level of security when connecting to one another.
Who is backing it?
The release mentions Armour Communications, BT, CESG (GCHQ's security evaluation wing), Cryptify, Cyber Y, Finmeccanica UK, Samsung, SQR Systems and Vodafone. The unusual aspect of this list is that with the exception of Samsung and Cryptify, all of these names are UK organisations, including two startups. CESG is a wing of GCHQ, which gives the initiative weight in the UK government sector and in all likelihood far beyond. Other members are expected to join.
Why so UK-oriented?
The UK currently seems to have plenty of encrypted communications expertise on hand. The Government is not alone in thinking that UK firms, including those in its supply chain, should start using security communications platforms and CESG is pushing that as a requirement. The UK was also a leader in the development of mobile voice and data standards such as 3G and 4G.
Sign up for CIO Asia eNewsletters.