The Department of Homeland Security wants to improve the cybersecurity of mobile devices that staffers use to access both business and personal content by adding cloud-based, root-of-trust (CRoT) technology, the agency announced Tuesday.
Cybersecurity company BlueRISC is working on the software with support from the DHS Science and Technology Directorate. The goal is to allow government employees to use personal email on agency-issued devices while avoiding common security pitfalls like choosing convenience over strong security controls or accidentally sharing sensitive information.
The email software, an enhanced version the company’s EPRIVO product, will separate business from personal assets and enforce data security policies to prevent those mistakes. Adding CRoT technology will increase the control that administrators have remotely over the device.
“The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections,” said Kris Carver, technical director at Massachusetts-based BlueRISC, in the announcement. “Users can specify controls for the emails they send, including recalling messages or preventing the receiver from forwarding a message.”
BlueRISC integrated CRoT technology into its private email application so iOS and Android users can securely access government and personal Gmail, Yahoo and Hotmail accounts. The app can also be used on macOS and Windows computers.
Security administrators can use their own console to set the security policy for each user’s agency email account. Users retain full control of personal email accounts on the device and can add security protections using the app.