Enterprise Services
Showing results for 
Search instead for 
Do you mean 

Application vs. Device—what can you trust?

‎08-25-2014 07:26 AM - edited ‎09-30-2015 07:06 AM

By: Edward Urso, Program Manager, Federal Healthcare, HP Enterprise Services U.S. Public Sector


Handheld.jpgWhat should you trust, the device or the application? Ask the typical smartphone/tablet user this question and they’ll most likely shrug and have no clue what you’re asking them. But for companies offering more features, apps and access to enterprise networks, this is a huge risk. Just uttering the acronym “BYOD” (bring your own device) in front of an IT security person will leave them trembling. That’s because they don’t know what’s running on your personal mobile device. Think about it. You’re about to log into your banking account via a public wifi to transfer funds, or enter your credit card number to make a purchase, and you could having a rogue or malicious app running on your device.


As I make some points for you to evaluate, think about this: Your smartphone is most likely carrying more personal information than your wallet. How do you know? By answering this next question. “Which would you rather lose, your wallet or your smartphone?


So what does a trusted app or device really mean?


A trusted app means that the software company has secured the app by wrapping or containerization, which achieves the following security:


  • Isolated data at the app level, away from the device level, achieved by disallowing local data storage
  • Data encryption
  • VPN connectivity
  • Authentication 

These different security features are meant to keep the app isolated away from other malicious apps, viruses or infected hardware platforms, and to provide a secure and trusted connection between the app and network/server end point. But even with these safeguards in place, data can still be compromised from a “jailbroken” device or compromised operating system. (Jailbreaking is the process of removing limitations on iOS, Apple's operating system on devices, by running it through certain software and hardware exploits.) Even VPN doesn’t provide protection to the internal network, it only provides a mechanism to transmit data securely and can sometimes be the hole through the firewall for a rogue app or virus.


A trusted device is one in which a hardware’s platform (OS) is secured to ensure the device’s integrity, but even at this level the device can be compromised. Take for example the recent iPhone SSL “Goto Fail” and Samsung’s “back-door” incidents where there were flaws in the OS code.


So are you really ever safe? I think you can be, to a certain extent. Even if all device manufactures implement Trusted Computing, a technology developed and promoted by the Trusted Computing Group that implements a combination of hardware and software enhancements to resolve computer security problems, you should still take your own precautions. Let’s face it, your mobile device is now a necessity of how you live your life. Make sure you take these safeguards:


  • Never access banking, financial information or critical personal information using a public wifi!
  • Stay up to date on the device operating system patches
  • Read the reviews and ratings of an app before downloading
  • Be diligent with your research before downloading any app
  • Most importantly, read the permissions of any app you want to download and install. If you don’t understand what all the permissions mean, research them on the Internet. 

Lastly, you may want to obtain a secondary mobile device with the sole intention of using it only for games, surfing and letting the kids play on it. Never let your kids play on the main device you use for banking. 


About the Author


Eddie image.jpgEdward Urso, Program Manager, Federal Healthcare, HP Enterprise Services U.S. Public Sector

Edward is a program manager on HP’s Military Health/Veterans Affairs (MHVA) account. Over the course of 15 years with HP, he has spent 13 of them serving in multiple lead roles on various projects, with two years in the commercial healthcare sector as a Program Manager. In his current role, Edward is responsible for mobile applications development for the MHVA.  Edward holds a bachelor of science degree in medical technology from Florida Atlantic University and a master’s degree in enterprise management from the school of engineering at Southern Methodist University. He is Project Management Institute (PMI) certified as a Project Manager.


Previous blogs by Edward Urso: 

Related links:

0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all