Technology organisations are realising that government security certification can open doors to the wider business world.
Typically, certification by the Australian government's intelligence agency Defence Signals Directorate is used to enable suppliers to work with top-level government agencies, but some are also using it as a marketing tool to build trust and increase sales to the private sector.
DSD is a part of the Department of Defence that stringently evaluates and certifies technology secure enough to be used by government. It produces the Australian Government Information Security Manual (ISM), the standard governing the security of government ICT systems, and maintains an online database of evaluated products. The notoriously difficult certification process took mobility software company Good Technology two years. It recently obtained certification for its secure mobile application, Good for Enterprise, which allows iOS devices to communicate and store classified information up to "protected" level.
Four levels of security classification - protected, confidential, secret and top secret - reflect the consequences of unauthorised disclosure of information, from damaging the Australian government [protected] to potentially causing exceptionally grave damage to national security [top secret].
BlackBerrys have long had the DSD stamp of approval and almost a year ago government-owned iPads and iPhones (iOS5) were certified to protected level. Accreditation involves several meetings with DSD, says Chris Roberts, vice-president of Good Technology's worldwide public sector. "We showed them everything we had. They looked at our product documentation and architecture. We gave them our source code and access to our [development] team."
The company wants to have a continuing relationship with DSD, but is also interested in the marketing opportunities: "It's an investment against cyber crime [and] we hope to increase sales."
Security accreditation is the Holy Grail of technology products, according to Kevin Noonan, public sector research director at Ovum.
"Protected-level security is about as high as you want to go for doing business with government. Going higher is in the realm of specialist security."
He says suppliers want accreditation to prove they "can jump through a hoop" and to increase the trust factor. "Certification is a powerful marketing weapon in a new area of technology where standards are settling down. It's also an indication of the company's confidence in the product if they are prepared to go through the time and expense to achieve DSD certification."
For Peter Alexander, chief information officer at the Australian Treasury, using DSD certified products and services means his department has the confidence to share classified information internally and with equally classified partners.
IT service provider Emantra also has the coveted DSD certification. The gateways at its three production data centres are certified Protected. "It is a complex and expensive technical process, subject to annual audit. It opens up our ability to sell services at a high level of government mandate, and (differentiates us) when dealing with larger commercial clients," said managing director Ross Dewar.