White Papers

A Future Vision for Secure Mobility

A Future Vision for Secure Mobility

What choices will you have in securing mobile apps as they proliferate on edge devices of all types? Will upcoming trends in mobility itself limit your options or expand them? Get the facts in an insightful report from industry expert Edward Amoroso.


Mobile App Security Methods

Mobile App Security Methods

One of the great tenets of modern cybersecurity is that protections work best when tailored to the specifics of the targeted resource. This white paper provides an overview of the various mobile app security methods including per-app VPN, containers, and micro-segmentation.


Healthcare Apps in the BYOD World

Healthcare Applications

Healthcare organizations increasingly recognize the role of mobile devices and applications in connecting clinicians with each other and their patients, as well as for consumers to track their personal health. The number of health apps is growing exponentially. Apps are becoming a necessity in implementing value-based, response and user-friendly care.


Mobile App Security via Code Injection

Mobile App Security via Code Injection

This white paper written by Dr. Ed Amoroso, CEO & Founder of TAG Cyber, provides an overview of a method for achieving mobile app security through the technique of code injection. You'll learn how to dynamically introduce military-grade security functions into new or existing software, without introducing new code.


Challenges of Mobile App Security Threats Whitepaper

Challenges of Mobile App Security Threats

Enterprises wanting to deploy mobile apps to staff, customers and other stakeholders face real security threats—especially as these apps address sensitive functions like banking and home security. How to mitigate these threats? Get answers in this insightful report from industry expert Edward Amoroso, Founder & CEO of TAG Cyber.


Mobile App Security Explained: The Evolution Whitepaper

Mobile App Security Explained: The Evolution

Written by Dr. Edward Amoroso, the former SVP & CSO of AT&T, this white paper is first in a five-part series that discusses mobile app security for IT professionals.



Managing Secure Apps

Watch this on-demand webinar to learn how enterprises can always retain control over their data, even on devices not managed by the enterprise.

Register to Watch


Blue Cedar and BlackBerry: Catalyzing Mobile App Security

Blue Cedar makes it easy to integrate the necessary security controls, including BlackBerry Dynamics, into enterprise mobile apps.

Watch the Video

Trends in Mobile App Security

Blue Cedar CEO John Aisien sits down with Information Security Media Group to discuss trends in mobile app security. 

Watch the Video

Case Studies


North American Bank

Leading bank is rapidly enabling a mobile-first transformation by driving digital adoption and providing secure access to sensitive backend systems without compromising user experience.




Lockheed Martin

Blue Cedar-secured apps enable secure communication from anywhere on government and militarily compliant networks using consumer devices without device agents.


Data Sheets & Solution Briefs


The Blue Cedar Platform

App developers and leading security service providers view Blue Cedar as the trusted bridge for adding security services into custom and popular third-party apps. 



Blue Cedar Accelerator for BlackBerry

The Blue Cedar Accelerator for BlackBerry, when used with the Blue Cedar platform, automatically embeds BlackBerry Dynamics into mobile apps.



Blue Cedar Accelerator for Arxan Data

The accelerator automatically embeds security to protect and control data stored locally in Arxan-enabled apps on the device.



Blue Cedar Accelerator for Arxan Connect

This accelerator embeds controls into mobile apps that allow organizations to determine how users are able to connect to enterprise networks from Arxan-enabled apps.



Blue Cedar Accelerator for Secure Edge Data

The Blue Cedar Accelerator for Secure Edge Data, when used with the Blue Cedar platform, automatically embeds security to protect and control app data stored locally on the device.



Blue Cedar Accelerator for Secure Edge Connect

This accelerator automatically configures apps to create transient app-level secure micro tunnels to backend services or applications.



Tapping the Power of Digital Transformation-Safely

Learn why computing is rapidly moving to the mobile edge and how Blue Cedar enables organizations to take on these challenges and win.


Frequently Asked Questions

Do all of the apps on a device share the same encryption key? +

No. Each app uses a unique key.

Can Blue Cedar securely connect managed apps to corporate data running on public clouds? +

Absolutely! The Blue Cedar gateway can be consumed in many ways, including on-premise, public cloud, private cloud, and hybrid cloud.

What is Blue Cedar? +

Blue Cedar is a mobile security company that was founded in 2016. We are enabling a fundamental shift from device-centric to data-centric security.

If malware or a vulnerability impacts the OS, is the app data at risk in our hardened app? +

User-level malware will not affect the security of an app protected by Blue Cedar.

How many simultaneous connections will the Blue Cedar Gateway handle? +

The Blue Cedar Gateway supports over 100,000 simultaneous connections.

Blue Cedar Overview
What happens if a device is stolen? +

Secured apps are protected by the app-specific pin. Revocation of user certificates by an administrator prevents apps on specific devices from connecting to the gateway, and from accessing data stored locally on the device. In this latter case, the encryption key is destroyed.

Is Blue Cedar Mobile Device Management? What if I have an MDM? +

Mobile Device Management (MDM) is focused on securing a device. Blue Cedar focuses on securing an app and its data. These approaches are not contradictory, but complementary. We have many customers who use MDM for device security and functionality (for example, disabling the device camera, remote wipe, app distribution etc.) and simultaneously, on the same devices, secure corporate apps with Blue Cedar to enjoy the benefits only we can provide: seamless remote access, certificate-based single sign-on, etc. Blue Cedar doesn’t require an MDM, of course. Secured apps can be accessed on unmanaged devices when managing a device may be impossible or undesirable.

What OS does the virtual gateway run on? +

Both the physical and virtual gateways run on a customized, hardened Linux kernel.

Does Blue Cedar monitor my personal information or personal app usage? +

Never. One of the key benefits of app-centric security is that enterprises secure and control only those apps that are used for business purposes.

How is the encryption key derived? Where are encryption keys stored on the device? +

The encryption key is derived from user-supplied data (a PIN) using PBKDF2. Keys are stored within the app in a Blue Cedar encrypted keystore. Blue Cedar never uses the OS keystore.

Blue Cedar Gateway
Can Blue Cedar code injection be integrated into my secure DevOps flow? +

Yes, the console is exposed via RESTful API, so the process of securing an app with Blue Cedar may be automated.

Does the data-at-rest encryption key change if the user changes his or her PIN? +

Changing the PIN changes the derived key that is used to encrypt the keystore. The data-at-rest key itself, which is stored in the keystore, does not change.

Are any of Blue Cedar’s technologies patented? +

Yes. Blue Cedar holds 19 patents.

What types of devices does Blue Cedar support? +

One of the key benefits of an app-centric solution is that Blue Cedar security can run on any device that runs iOS or Android.

How can I distribute apps that have been secured with Blue Cedar? +

Apps can be distributed to users with existing enterprise or public app stores. Public app store support is unique to Blue Cedar, delivering a simple way to secure consumer-facing apps.

What is a secure microtunnel? Is it a VPN? Does it use reverse proxy? +
Our secure microtunnels are a full tunnel VPN based on IPsec and IKE, with a few proprietary extensions added to support certificate enrollment, advanced analytics, and other proprietary capabilities. When enabled, all app data, including data for all ports, destinations, and protocols, goes through the VPN tunnel that terminates on the Blue Cedar gateway, and then emerges, decrypted, inside your network with an internal IP address to proceed on to its destination.
Blue Cedar Security
What kinds of apps can Blue Cedar protect? +

Blue Cedar protects web apps, hybrid apps, and native apps. We currently support iOS and Android, including iOS 10 and Android N. We strive for “day of release” support for new OS versions, with Windows 10 support planned for the near future.

Do I have to write code to secure apps using Blue Cedar? +

No way. The Blue Cedar console allows apps to be secured with just a few clicks. There’s no code to write, ever. Simply upload an unsigned .ipa or .apk file to the Blue Cedar console, select policies, and the console returns a signed binary ready for deployment.

What form factors does the gateway support? +

The gateway is available as a 1U physical appliance and as a virtual appliance. The virtual appliance is identical in function to the physical appliance.

What policies does Blue Cedar support? +

For a complete list of policies, see our resources page for a data sheet. These policies control what data is encrypted, how data may be shared between apps, how users authenticate, and what devices are permitted to run Blue Cedar secured apps.

What makes Blue Cedar’s approach different from other mobile app security solutions? +

Blue Cedar secures individual mobile apps, not the device. This app-centric security means that no container or MDM agent is required on the device.

What data is encrypted with Blue Cedar? +
Blue Cedar encrypts app data that is stored on the device, and app data that is transmitted across the network.
Does Blue Cedar support Single-sign-on? (SSO) +

Yes, our Client Certificates policy allows you to use the certificate obtained during enrollment to login to a backend that supports client cert authentication. We can also support SAML when the IDP supports certificate authentication.

Does Blue Cedar change how my app works? +

No. Blue Cedar security is transparent to end users! Any user-facing prompts injected by Blue Cedar may be customized and branded for a seamless experience.

What reporting capabilities does Blue Cedar support? +

Blue Cedar provides granular visibility into each app-specific gateway connection, including: user, device, OS level, app. This information can be forwarded to event management system or SIEM.

Is Blue Cedar FIPS 140-2 compliant? +

Yes, Blue Cedar is certified for FIPS 140-2 compliance.

How does it work? +

Blue Cedar injects security code into an app after it has been compiled. This security enforces app-specific policy, including the ability to encrypt data at rest on the device and data in transit between the app and application server.  When combined with the Blue Cedar gateway, apps secured with Blue Cedar can connect securely using a per-app microtunnel to resources that sit behind a firewall.

Can Blue Cedar be used for consumer apps? +

Yes. Consumers simply download a Blue Cedar protected app from a public app store, either Apple’s App Store or Google Play. No pre-configuration or installation of container apps or MDM profiles is required.

How does your Data-at-Rest encryption work? +

Blue Cedar intercepts reads and writes to disk, performing decryption and encryption automatically for any type of data. Encryption is performed using AES 256 bit encryption in XTS mode.

What is Blue Cedar’s mission? +

At Blue Cedar, we believe that security should enable mobility, not get in the way of it. We founded Blue Cedar on the principle that the app is the optimal security control point for the modern organization. Our mission is to make mobility secure, simple, and seamless.