Discover Performance

HP Software's community for IT leaders // September 2012

Building mobile apps means a focus on cloud security

The rapidly growing number of cloud-based services for mobile apps is a godsend to developers. But what are the security ramifications? Here are four things to consider.
Mobile apps represent a kind of gateway drug to the cloud. This is due to developers increasingly leveraging cloud-based services for tasks such as logging, notifications, and billing and payments, allowing them to focus on the app client logic and leave the server-side features to the cloud. The result is faster delivery of a better app, and one that puts the richest available functionality into users’ hands.
But what makes it faster and cheaper may also make it riskier: Mobile apps are increasingly dependent on cloud services that the apps team didn’t build, the organization doesn’t own, and the ops team doesn’t even know about. Meaning that to create effective mobile apps, you must have confidence in the cloud.

Given the increasing breadth of the mobile ecosystem, it’s crucial to understand where the weak security links exist. Essentially, there is a threat in every layer: the mobile client, the network and the server. When you use cloud services in a shared environment, you’re at risk from weaker adjacent apps. Many third-party components and web services aren’t secure and perhaps haven’t even been tested. Plus, you may be trusting highly sensitive data—customers’ PINs, passwords, messages, account numbers, photos and documents—to services that you don’t own.
Apps teams can’t roll the dice on mobile security. Here’s how to make your own luck when using third-party services in the cloud.

1. Realign priorities around security.

Before you can consider the quality of someone else’s security, you must get your own house in order. Organizations are accustomed to asking, “Will the application work in production?” and “Will it scale and perform well under load?” But now they must ask a third question: “Will it be secure?”

2. Address the application fundamentals.

Now that you’re asking questions about your applications’ security, you’d do well to actively improve it. Ensure that your developers are coding with security in mind, starting before they ever write that first line of code. Aside from the security benefit, you will also increase development productivity, because you’ll avoid the rework that inevitably comes when you add in security after the fact. And with the time you save, you can spend valuable development resources and time on innovation instead of firefighting, troubleshooting and fixing vulnerabilities.
Also, developers must pay attention to security when selecting and consuming external services. Understand your IT team’s policies on third-party procurement, particularly as they relate to security, and ask your vendors to prove they provide the security you need.

3. Secure the stack.

Next, you’ll want to ensure that you’ve secured the entire mobile stack, from the mobile device to the server, including the communications between the two. Know where you’re using credentials and sensitive data; track them through the device, network and back end; then test all of those components for security.
Use software that can help you pinpoint with line-of-code precision the root cause of potential vulnerabilities in apps developed for the most commonly used smartphone platforms. Use static analysis tools during development, and run dynamic security analyses to security-test the web services that will interact with your mobile apps.

4. Don’t leave it up to someone else.

As your developers continue to take advantage of cloud services for mobile apps, you might wonder how you can be certain that it’s OK to trust a particular cloud service. The answer is simple: You can’t be certain. That’s why you have to do what you can on your side.
For more on security in the cloud, learn about HP’s cloud management and security solutions, and for more on securing mobile applications, visit Fortify’s mobile security page.


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Faster dev, better apps

The authors of the Capgemini-Sogeti World Quality Report discuss emerging trends in testing, including shifting roles and techniques.

DevOps: Teams, not silos

Discover Performance’s Paul Muller and DevOps guru Damon Edwards discuss what DevOps brings to a business’s bottom line, and how to get your people out of their silos. Feb. 24.

Enterprise 20/20

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Security 20/20

Preparing today for tomorrow’s threats.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPITperformance