4 Questions To Ask About How You're Securing Mobile Apps
Kevin Fox | Jun 27, 2018
Edge devices—mobile phones & tables, IoT endpoints, wearables, sensors and more—are getting more plentiful. If you're not processing more data on the edge in addition to on the cloud, you likely soon will be.
But with all these necessarily unmanaged devices come real security challenges. Ones that can be met-if you’re asking the right questions about your current edge security methods and tools. Here are four questions to consider.
1. How much time (and how many resources) do I expend pen testing security features?
You can’t call it wasted time and energy—after all, you can't risk a successful attack against your app that could compromise data or privacy, or undermine trust in your brand.
But if you’re writing security code each time you create an app, you’ll have to pen test that app—and that will extend project duration, slow time-to-market, and expose your development process to human error.
If, instead, you could reliably “inject” proven, consistent, fully-tested security policy into every app you intend to distribute—whether written in-house or acquired elsewhere—you wouldn’t need to pen-test every app.
That’s precisely how Blue Cedar’s edge security solution works—and why Blue Cedar customers regularly report saving hours, days, and even weeks of time and effort by pen-testing only once, or with a random, spot test approach.
2. Can I be sure my mobile apps will only run where and when I want them to?
There are all sorts of reasons to limit where—and sometimes when—your apps will run. On popular mobile platforms, you might need a late-model OS—or, in a smart manufacturing environment, apps collecting data from sensors might need a specific processing window. Or maybe the presence of another app on a device makes it a non-starter for running your app.
Ideally, you want your app to be smart enough to police itself, refusing to run if the environment isn’t right—and this should occur whether or not the host device is online.
Dynamic access control—injected directly into your app and traveling with the app wherever it’s installed—is how Blue Cedar gives you this capability. Your security administrator simply chooses the appropriate environment-related security policies, and injects them into your app—no coding required—before it’s distributed via public or private app store. Even better: in many cases, adjustments to security policy can be made centrally, and Blue Cedar-secured apps will update their rules dynamically, with no need to re-distribute the apps.
3. Do I know that the right version of our mobile apps—the ones secured the way I want them, with no subsequent tampering—are running every time, on every device?
We’d better hope so. If an app gets altered we don’t want it running anywhere. But how can we be sure only the authorized versions of mobile apps are executed on thousands of devices, often not under our control?
Here’s how Blue Cedar’s anti-tampering feature manages this task. When a Blue Cedar-secured app is distributed (through public or private app stores, or via libraries), a Blue Cedar algorithm creates an encrypted key that uniquely identifies the app version. This key can be cloud managed or stored and protected within the app.
Then, whenever (and wherever) the app runs, it re-runs the algorithm to check the results against the stored key. If the keys don’t match, the app won’t run. With Blue Cedar, no one tampers with your app and gets away with it. (Also, you never had to write a line of security code—instead, you were able to stay focused on core functionality, confident your app, data and users would be protected.)
4. Can my mobile app safely run, access data, and protect that data—when the device running it is offline?
Here’s where conventional, device-centric security measures can really disappoint—because they assume a device won’t fall into the wrong hands, or, if they do, that the device security is infallible. But what if the worst happens? (It always does.)
Encrypting stored data is the answer—if it’s encrypted in a way that doesn’t threaten your control over that data. Put another way: you’ll need access to that encryption key, even if the device is lost. So it had better not be on the device.
Blue Cedar’s Secure Data Storage features handle this situation by using military-grade encryption on all device-stored data—and by managing all the encryption keys, too. Those keys are always available to the enterprise, so there’s never a loss of control. No matter what happens, you’ll be able to access enterprise data, even when stored at the edge.
And you’ll always know your data will be encrypted properly—all you had to do was select the appropriate encryption policy and inject it into the app before distribution. When the app runs, and stores data, it will be encrypted—and only you (and whatever apps you designate) will have the key.
Blue Cedar secures any kind of app, and any kind of data, on any kind of device—in a frictionless manner—while providing unparalleled control over and visibility of edge computing. Sign up today for a personalized demo of Blue Cedar to learn more.