The Blue Cedar Data-at-Rest policy encrypts app data before saving it on the mobile device, shielding the data from malware, rogue apps, and hackers who attack the device’s stored information. To do this, Blue Cedar’s injectable security intercepts all file system I/O for the protected app, and uses FIPS-certified algorithms (AES-256 bit, XTS) to encrypt/decrypt sensitive information, including cookies, certificates, and app data.
Blue Cedar’s injectable security intercepts network calls from the app to ensure that data is encrypted while it traverses the network. Each app establishes its own dedicated, secure microtunnel using IPsec, making the secure connection completely transparent to the user. The secure microtunnel not only provides security for data-in-transit, it also provides seamless access to back-end resources– without the need for a device-level VPN.
The app authentication policies allow for rich and granular control over how the user authenticates locally to both the app and secure resources in the data center. This ensures that the app and its encapsulated data are secure, even when offline or if the device has been lost or stolen. Local app authentication also allows for PIN, passphrase, and biometric access controls - and enables customized password complexity and lockout rules.Learn more »
The device validation policy allows you to verify device posture attributes before allowing a secured app to launch or come to the foreground. Policies include minimum OS version, device screen lock, and jailbreak/rooting detection. This helps defend your app against some of today’s most common security risks.
For apps that handle sensitive data, the data sharing policy prevents data leakage by prohibiting the user from copying and pasting between a protected app and another app on the device. Blue Cedar’s app trust policy allows administrators to create app “trust groups” that allow for data sharing (cut, copy, paste), while restricting “open in” actions to other apps that are secure.Learn more »
With the branding policy, administrators can customize user-facing elements and screens used for enrollment, authentication, and end-user acceptance. This means Blue Cedar security becomes even more transparent to end users, while your apps represent your company well.