Schedule a demo to see how Blue Cedar protects against Insecure Data Storage
We promised, in our last post on the benefits of edge computing, to explore the accompanying risks (and how Blue Cedar addresses them). Today we’ll examine Number 2 on the OWASP Mobile Risk list: Insecure Data Storage.
While processing on the edge can, itself, be a more secure and efficient way of getting things done—at least, there’s less data in transit to worry about—it also means we store and process more data on mobile and other edge devices, and that introduces other, substantial risks:
Imagine a financial services app that stores transaction data in a SQL database row—as plain text—on the device. This data is vulnerable, and, if stolen, might be used to gain unauthorized access to high-value enterprise resources. And, even when the mobile device encrypts data before storing, the data is typically not controllable by the enterprise.
Mitigating risk for edge computing
To mitigate these risks, app developers must assume their app will run in an unmanaged, or at least, a dynamic environment, and so must encrypt all data stored locally, on a device. This raises a range of issues:
Blue Cedar addresses all these issues, by eliminating the distraction and risk of writing and managing security code, expertly handling encryption for any data type, and managing encryption keys in a way that preserves access to those keys—and, therefore, to the underlying data—for the enterprise.
Once administrators select security policies for an app—including those for encryption key management. Examples? Certainly, authentication rules for accessing the keys, but also usage restrictions, expiration periods and other rules.
Next, the Blue Cedar security injection process scans the app’s code for data I/O and sets up military-grade encryption for each data type, without coding. Meanwhile, the cloud-based Blue Cedar key management service allocates and provides access to encryption keys, based on enterprise policies—enabling organizations to retain complete control over the data used locally by a Blue Cedar-hardened app.
Finally, the now-secured app, complete with encryption functionality, is distributed to mobile and edge devices, which have no choice but to execute the app’s policies. Sensitive data? Encrypted. Available data? Yes—to the enterprise, which, alone, has access to the encryption keys.
Meanwhile, the app developers saved days, even weeks of time, excused from the chores of writing encryption-related code. They can focus on the app’s core functionality, because Blue Cedar took care of securing the app. Learn more by signing up for a personalized demo of Blue Cedar today. Now that we’ve prevented insecure data storage, well move on. Tune in next time and we’ll cover another Top 10 OWASP mobile security risk: Insecure Communication.