Resources

No. Each app uses a unique key.

Absolutely! The Blue Cedar gateway can be consumed in many ways, including on-premise, public cloud, private cloud, and hybrid cloud.

Blue Cedar is a mobile security company that was founded in 2016. We are enabling a fundamental shift from device-centric to data-centric security.

User-level malware will not affect the security of an app protected by Blue Cedar.

The Blue Cedar Gateway supports over 100,000 simultaneous connections.

Secured apps are protected by the app-specific pin. Revocation of user certificates by an administrator prevents apps on specific devices from connecting to the gateway, and from accessing data stored locally on the device. In this latter case, the encryption key is destroyed.

Mobile Device Management (MDM) is focused on securing a device. Blue Cedar focuses on securing an app and its data. These approaches are not contradictory, but complementary. We have many customers who use MDM for device security and functionality (for example, disabling the device camera, remote wipe, app distribution etc.) and simultaneously, on the same devices, secure corporate apps with Blue Cedar to enjoy the benefits only we can provide: seamless remote access, certificate-based single sign-on, etc. Blue Cedar doesn’t require an MDM, of course. Secured apps can be accessed on unmanaged devices when managing a device may be impossible or undesirable.

Both the physical and virtual gateways run on a customized, hardened Linux kernel.

Never. One of the key benefits of app-centric security is that enterprises secure and control only those apps that are used for business purposes.

The encryption key is derived from user-supplied data (a PIN) using PBKDF2. Keys are stored within the app in a Blue Cedar encrypted keystore. Blue Cedar never uses the OS keystore.

Yes, the console is exposed via RESTful API, so the process of securing an app with Blue Cedar may be automated.

Changing the PIN changes the derived key that is used to encrypt the keystore. The data-at-rest key itself, which is stored in the keystore, does not change.

Yes. Blue Cedar holds 19 patents.

One of the key benefits of an app-centric solution is that Blue Cedar security can run on any device that runs iOS or Android.

Apps can be distributed to users with existing enterprise or public app stores. Public app store support is unique to Blue Cedar, delivering a simple way to secure consumer-facing apps.

Our secure microtunnels are a full tunnel VPN based on IPsec and IKE, with a few proprietary extensions added to support certificate enrollment, advanced analytics, and other proprietary capabilities. When enabled, all app data, including data for all ports, destinations, and protocols, goes through the VPN tunnel that terminates on the Blue Cedar gateway, and then emerges, decrypted, inside your network with an internal IP address to proceed on to its destination.

Blue Cedar protects web apps, hybrid apps, and native apps. We currently support iOS and Android, including iOS 10 and Android N. We strive for “day of release” support for new OS versions, with Windows 10 support planned for the near future.

No way. The Blue Cedar console allows apps to be secured with just a few clicks. There’s no code to write, ever. Simply upload an unsigned .ipa or .apk file to the Blue Cedar console, select policies, and the console returns a signed binary ready for deployment.

The gateway is available as a 1U physical appliance and as a virtual appliance. The virtual appliance is identical in function to the physical appliance.

For a complete list of policies, see our resources page for a data sheet. These policies control what data is encrypted, how data may be shared between apps, how users authenticate, and what devices are permitted to run Blue Cedar secured apps.

Blue Cedar secures individual mobile apps, not the device. This app-centric security means that no container or MDM agent is required on the device.

Blue Cedar encrypts app data that is stored on the device, and app data that is transmitted across the network.

Yes, our Client Certificates policy allows you to use the certificate obtained during enrollment to login to a backend that supports client cert authentication. We can also support SAML when the IDP supports certificate authentication.

No. Blue Cedar security is transparent to end users! Any user-facing prompts injected by Blue Cedar may be customized and branded for a seamless experience.

Blue Cedar provides granular visibility into each app-specific gateway connection, including: user, device, OS level, app. This information can be forwarded to event management system or SIEM.

Yes, Blue Cedar is certified for FIPS 140-2 compliance.

Blue Cedar injects security code into an app after it has been compiled. This security enforces app-specific policy, including the ability to encrypt data at rest on the device and data in transit between the app and application server.  When combined with the Blue Cedar gateway, apps secured with Blue Cedar can connect securely using a per-app microtunnel to resources that sit behind a firewall.

Yes. Consumers simply download a Blue Cedar protected app from a public app store, either Apple’s App Store or Google Play. No pre-configuration or installation of container apps or MDM profiles is required.

Blue Cedar intercepts reads and writes to disk, performing decryption and encryption automatically for any type of data. Encryption is performed using AES 256 bit encryption in XTS mode.

At Blue Cedar, we believe that security should enable mobility, not get in the way of it. We founded Blue Cedar on the principle that the app is the optimal security control point for the modern organization. Our mission is to make mobility secure, simple, and seamless.