Mobile App Security: Move Your Data Closer to the Edge
May 21, 2018 | Author: Kevin Fox, Chief Technology Officer, Blue Cedar
Many enterprises are moving much of their critical computing and storage to the cloud. But for some apps, performing data processing at the edge of the network, near the source of the data—called edge computing—offers improved performance, among other benefits. Enterprises are increasingly turning to powerful mobile devices that process, save, and transmit data for edge computing.
The benefits offered by edge computing, with its reliance on the use of mobile devices, means that apps are arriving at a critical juncture, where requirements for computing power, mobility, and security converge. How do you balance these requirements? Fortunately, the OWASP Mobile Security Project offers guidance, providing a list of the top 10 mobile security vulnerabilities that organizations should consider as they develop or deploy their mobile apps.
In this post, we'll look at the benefits of mobile edge computing. In succeeding posts, we'll describe how Blue Cedar can help enterprises ensure that they address key OWASP mobile security vulnerabilities as they plan their mobile app strategy. Also, as a reminder, you can learn more about our approach to edge computing in this Thursday's Webinar, A New Approach to Securing Mobile Apps, featuring Dr. Ed Amoroso and me.
Where Edge Computing Can Help
Moving computing and data to the edge via mobile apps makes a lot of sense for autonomous apps, those that can't tolerate latency, and those that require high bandwidth. Mobile devices are definitely up to the task. An astounding amount of processing power is available—and largely unused—on smart phones, tablets, and other mobile devices. Today, the Apple Watch has more floating operations per second (FLOPS)—3 billion—and speed than the Cray-2 supercomputer. A Samsung Galaxy S6 smart phone offers more than 30 billion FLOPS. By moving computational processes to mobile devices, organizations can take advantage of an overlooked computing resource located where data is created. Mobile apps can enhance business processes by processing this data independent of cloud connections improving both latency and security.
Edge computing can also alleviate some of the security and privacy concerns raised by having to move high volumes of sensitive data to the cloud. Organizations have more control over which data is shared and how it is shared. For example, health data that is delivered to a mobile app on a patient's smart phone is considered private information. All of this data does not need to be shared in the cloud; only the data required by a physician needs to be transmitted.
Mobile apps and edge computing also can increase efficiency. If a mobile app is designed to deliver a business service, it can process data where it is generated, providing real-time intelligence. For example, a smart security camera can collect monitoring data 24 hours a day. Instead of sending massive amounts of monitoring data to a cloud dashboard, the app can process it locally and only alert a customer's mobile device when it detects motion. Traffic sensors in retail stores can deliver data to the store manager's app to improve customer service and business outcomes. For example, the app can alert a manager when checkout lines grow too long or when a promotional item is not attracting the expected traffic.
The Security Challenge
Trusted edge computing can significantly reduce the demand on cloud resources and deliver higher app performance. It also requires that everything—the app, its data, and data transmissions from the app—be secure. Our next four blog posts will examine four of the OWASP top 10 mobile risks, including insecure data storage, insecure communication, code tampering, and insufficient cryptography. Don't miss them, and register today for this Thursday's Webinar: A New Approach to Securing Mobile Apps featuring Dr. Ed Amoroso.