Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Industry Interview Series: Robert Hansen, Founder, Smartphone Exec

SimonLeech

This is the sixth in a series of videos and blogs speaking with both HPE and external subject matter experts on various aspects of hybrid cloud security. Today we speak with Robert Hansen, Founder at Smartphone Exec, about the importance of security when developing cloud-based mobile applications. Other videos in the series can be found by searching for the tag cloudsecinterviews.

Cloud provides the perfect architecture for a flexible mobile application, providing resources and scalability on demand. But where there is a perfect architecture, there is perfect security problem to be solved, and application developers need to embrace security into the software development lifecycle in order to ensure potential security risks are identified early on in the product lifecycle. Recently I spent some time talking with Robert Hansen, Founder of Smartphone Exec, to find out his thoughts around security when developing mobile applications in the cloud.

Robert had some good advice for organizations building applications for smartphones, but it can equally be applied to any application development, so it’s well worth watching the video. A couple of main points that came out of the discussion:

  • Application development frameworks certainly help developers to think about security in the development phase, but in some ways they also have a negative impact since they make it harder to update individual application components.
  • The decision to introduce security into the SDLC for new applications often comes from the developers themselves, but in order to make the program a success, they need management buy-in and support
  • The position of encryption in applications is being helped by a number of factors. Firstly, Google will soon begin notifying users when they try to visit websites that only use HTTP, encouraging web site developers to use SSL. Secondly, organizations like Let’s Encrypt have made it easy and free for people to request SSL certificates for websites, overcoming the financial barrier faced by small websites. Thirdly, many modern smartphones are beginning to use SSL by default.

We ended the discussion with Robert offering some advice for organizations looking to build secure mobile applications – assume a breach and use compartmentalization to restrict the impact, implement strong authentication wherever possible, and focus on appropriate forensic capabilities to be able to quickly perform incident triage. To watch the discussion in full, please click the video below.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. For information about application security and Devops, and to download the recently released white paper on the state of security in DevOps, please visit this page. Other videos in the series can be found by searching for the tag cloudsecinterviews.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all