Applications Services Blog
Get the latest thought leadership and information about the role of Applications Services in an increasingly interconnected world at the HP Blog Hub.

Application vs. Device—what can you trust?

By: Edward Urso, Program Manager, Federal Healthcare, HP Enterprise Services U.S. Public Sector

 

Handheld.jpgWhat should you trust, the device or the application? Ask the typical smartphone/tablet user this question and they’ll most likely shrug and have no clue what you’re asking them. But for companies offering more features, apps and access to enterprise networks, this is a huge risk. Just uttering the acronym “BYOD” (bring your own device) in front of an IT security person will leave them trembling. That’s because they don’t know what’s running on your personal mobile device. Think about it. You’re about to log into your banking account via a public wifi to transfer funds, or enter your credit card number to make a purchase, and you could having a rogue or malicious app running on your device.

 

As I make some points for you to evaluate, think about this: Your smartphone is most likely carrying more personal information than your wallet. How do you know? By answering this next question. “Which would you rather lose, your wallet or your smartphone?

 

So what does a trusted app or device really mean?

 

A trusted app means that the software company has secured the app by wrapping or containerization, which achieves the following security:

 

  • Isolated data at the app level, away from the device level, achieved by disallowing local data storage
  • Data encryption
  • VPN connectivity
  • Authentication 

These different security features are meant to keep the app isolated away from other malicious apps, viruses or infected hardware platforms, and to provide a secure and trusted connection between the app and network/server end point. But even with these safeguards in place, data can still be compromised from a “jailbroken” device or compromised operating system. (Jailbreaking is the process of removing limitations on iOS, Apple's operating system on devices, by running it through certain software and hardware exploits.) Even VPN doesn’t provide protection to the internal network, it only provides a mechanism to transmit data securely and can sometimes be the hole through the firewall for a rogue app or virus.

 

A trusted device is one in which a hardware’s platform (OS) is secured to ensure the device’s integrity, but even at this level the device can be compromised. Take for example the recent iPhone SSL “Goto Fail” and Samsung’s “back-door” incidents where there were flaws in the OS code.

 

So are you really ever safe? I think you can be, to a certain extent. Even if all device manufactures implement Trusted Computing, a technology developed and promoted by the Trusted Computing Group that implements a combination of hardware and software enhancements to resolve computer security problems, you should still take your own precautions. Let’s face it, your mobile device is now a necessity of how you live your life. Make sure you take these safeguards:

 

  • Never access banking, financial information or critical personal information using a public wifi!
  • Stay up to date on the device operating system patches
  • Read the reviews and ratings of an app before downloading
  • Be diligent with your research before downloading any app
  • Most importantly, read the permissions of any app you want to download and install. If you don’t understand what all the permissions mean, research them on the Internet. 

Lastly, you may want to obtain a secondary mobile device with the sole intention of using it only for games, surfing and letting the kids play on it. Never let your kids play on the main device you use for banking. 

 

About the Author

 

Eddie image.jpgEdward Urso, Program Manager, Federal Healthcare, HP Enterprise Services U.S. Public Sector

Edward is a program manager on HP’s Military Health/Veterans Affairs (MHVA) account. Over the course of 15 years with HP, he has spent 13 of them serving in multiple lead roles on various projects, with two years in the commercial healthcare sector as a Program Manager. In his current role, Edward is responsible for mobile applications development for the MHVA.  Edward holds a bachelor of science degree in medical technology from Florida Atlantic University and a master’s degree in enterprise management from the school of engineering at Southern Methodist University. He is Project Management Institute (PMI) certified as a Project Manager.

 

Previous blogs by Edward Urso: 

Related links:

Tags: App Dev| BYOD| hp| Mobility
Labels: HP Mobility
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation