Apple INDIGO

Native data protection with iPhone and iPad

Data security is mandatory for companies

Cyber attacks are a threat to companies of all sizes, as cyber criminals operate without borders. Companies must therefore be aware of the risks and threats of cyber attacks and take appropriate measures to ensure that their own data is protected both at the company headquarters and when accessing it via mobile devices.

For the use of iPhones and iPads, Apple offers INDIGO, a native option for data backup without requirement of any additional software, third-party apps or hardware.

The effective security mechanisms enable secure release and processing of classified data up to classification level VS-NfD.
Aufgrund dieser leistungsfähigen Absicherung wurde der Einsatz von Apple INDIGO durch das Bundesamt für Sicherheit in der Informationstechnik im staatlichen Umfeld empfohlen.

What is Apple INDIGO?

INDIGO stands for iOS Native Device In Government Operation and is a hardened operating system configuration from Apple for iOS (from version 15.1) and iPadOS (from version 15.6.1), with which highly secure and ultra-mobile working can be realized.

Thanks to native integration at device level, the security solution is without additional software, apps or hardware. This simplifies implementation and reduces ongoing maintenance and support costs.

Another key advantage of using INDIGO is that Apple, as the manufacturer, guarantees highly secure use in accordance with the VS-NfD standard for Apple iPhone and iPad devices for up to 6 years.

This technological planning security enables companies and public authorities to plan the use of their mobile devices for longer periods of time and thus realize major savings.

Advantages of Apple INDIGO for organizations with special protection needs

  1. Native security solution for iPhone and iPads at device level
  2. Ideal for solutions of highly secure and ultra-mobile working
  3. No additional apps or third-party software required
  4. Meets the VS-NfD classification level for high security of classified data
  5. Solution is suitable for NIS2 EU directive
  6. DSGVO compliant
  7. Planning security thanks to 6-year manufacturer’s warranty for INDIGO
  8. High savings potential through longer use of appliances
  9. Private use of end devices possible
  10. Working in a modern and familiar (device) environment

VS-NfD provides maximum data security

In response to increasing cybersecurity threats, security solutions used for all types of end devices must be continuously made more capable in order to offer sufficient protection.

The VS-NfD classification level required by public authorities enables secure connections to IT networks via VPN. VS-NfD is also used in the civilian sector when maximum data security must be guaranteed – for example, in the government environment, at private companies that are subject to secrecy protection and by emergency services such as the THW or DRK.

Which industries or sectors will benefit from Apple INDIGO as a security solution?

Private sector

  • Energy suppliers
  • Defense industry
  • Critical infrastructure
  • Banking
  • Healthcare
  • Companies with high protection requirements

Public sector

  • Authorities
  • Administration (federal government, federal states, municipalities)
  • Police
  • Relief units
  • DRK, THW, etc.

Requirements for VS-NfD classified data processing

In order to correctly implement a secure solution with INDIGO, it is necessary to comply exactly and completely with the procedural guidelines and specifications for the VS-NfD confidentiality level.

Technical prerequisite for fulfilling the INDIGO requirements

There are two key prerequisites for this:

  • an approved VPN from a certified provider, and
  • a darksite MDM that makes the communication of end devices on the Internet invisible to third parties.
Thanks to the strategic partnership, agilimo Consulting Rohde Schwarz Cybersecurity can cover all customer requirements for VS-NfDfrom a single source.
Schema for MDM Darksite implementation, (c) agilimo Consulting

Three components are required to fulfill the VSA requirements of the BSI:

  • an Apple end device
  • a VS-NfD-approved VPN gateway
  • a MDM Darksite (optionally Brightsite, if approved by BSI)

MDM systems that enable pure darksite operation and already meet the VSA requirements can be used for darksite implementation.

To meet the VSA requirements, a Brightsite MDM must be certified by the BSI to EAL 4+ or higher. There are currently no Brightsite MDMs available that meet the VSA requirements.

Schema for MDM Brightsite implementation, (c) agilimo Consulting

BSI recommends Apple INDIGO release

The German Federal Office for Information Security (BSI) has examined the INDIGO platform and issued its recommendation for the release of INDIGO for the processing of VS-NfD-classified data in government use on commercially available iPhones and iPads.

For the upcoming NIS2 EU directive to improve cyber security in organizations and companies, INDIGO offers a tested, practical and, above all, native solution for implementation, in which commercially available iPhones or iPads can be used for highly secure mobile working. INDIGO is the first US product to be included on the list of BSI approval recommendations.

One-stop service: agilimo realizes your Apple INDIGO project

As strategic partners, agilimo Consulting and Rohde Schwarz Cybersecurity implement highly secure and ultra-mobile security solutions from a single source thatfully meet all VS-NfD requirements . Our customers thus receive all the required services of their INDIGO solution centrally:

  • Compliance with all VS-NfD specifications incl. advice and devices
  • Actual state analysis and security audit
  • Purchase, registration and staging of mobile devices (iPhones / iPads)
  • Implementation, rollout and support of your INDIGO project

Combined expertise - certified encryption meets highly secure mobile working

IT security expert Rohde Schwarz Cybersecurity offers encryption solutions approved by the German Federal Office for Information Security (BSI) and is one of the leading security companies for endpoint and network security. Together with agilimo, the security expertise is also being extended to mobile devices.

For many years, agilimo Consulting has been one of the top specialists in Germany for highly secure working with mobile devices and supports not only private companies but also numerous government-related organizations.
In order to be able to implement solutions with VS-NfD standard, our security specialists have been successfully working with technology from Rohde Schwarz Cybersecurity, such as RS Trusted VPN Gateway or RS Trusted Disk, in their projects for several years.

Managed Security Service Provider with German SOC

As a Managed Security Service Provider (MSSP) , agilimo Consulting also offers outsourced monitoring and management of security devices and systems.

With our highly available German Security Operation Center (SOC), we provide tailored services for your company around the clock on request.

Here we fulfill the criteria of the TeleTrusT trust mark “IT Security Made in Germany“.