Often when discussing the challenge of creating offline mobile
apps we jump right to the issue of the synchronization business logic. Let
today’s discussion serve as a reminder that offline mode presents important
security considerations that must be planned for by the developer as well.
The Magic xpa Application Platform is among the elite class of
application platforms that now provides capabilities for offline applications.
Nevertheless, intentional effort is required to assure that proper and unique security
measures are taken to protect offline apps and their data. Offline security requires technical
implementation measures, but beyond this it requires that developers apply
business logic to the architecture and workflow of an application to make it
secure. Even the most secure application platform can be misused to create
insecure apps, so be careful to approach offline business app logic very
carefully.
Security may indeed be the most significant challenge for
offline access to web services as opposed to using pure cloud services, because
while the same network, server and application security concerns apply, offline
access also requires storage on the device.
Therefore, malware, lost and stolen devices, and BYOD can all put your
organization at risk of losing data held offline. Malware could access the
local storage, lost or stolen devices could fall into the hands of data
thieves, and a disgruntled user with their own device could seek to divulge the
contents of their local storage after leaving the organization.
As with any mobile security
challenge, this requires security to be built in to the business processes on
several layers, from the device to the application and the user, as appropriate
for the data being stored. Securing
devices is typically achieved through software measures such as user
authentication and encryption while modern mobile device management (MDM)
vendors provide tools external to the apps themselves like geofencing, remote
wiping and device tracking to provide extra security and control over the
device.Magic Software now offers a Mobile Device Management (MDM) platform to
accompany its well known Magic xpa Application Platform and Magic xpi
Integration Platform.
MDM and mobile application management (MAM) tools as well as
modern application platforms help secure the applications, in particular
providing the organization with the ability to view and manage who can access
which applications, where, when and on which devices. Finally, the data itself can be secured by
requiring user authentication. A
combination of these layers should be used according to the data being stored.
For Magic xpa applications that require user authentication,
user credentials should be securely stored on the client, to allow for
operation without server authentication. To ensure validity, such credentials
should be re-checked when connected.
When using integrated security with Magic xpa Application Platform,
the user logon details and security credentials are automatically kept
encrypted in the client cache. When running the application without connecting
to the server, the last logon details (including rights) are used. Note that
when running the application without connecting to the server, the logon dialog
box will not appear. The logon credentials will be automatically synchronized
on initial connection and on subsequent connected application startups.
Developers of offline apps have the tools they need, so don’t
forget the security.
No comments:
Post a Comment