designsoliman - Fotolia
Organizations that turn to mobile web apps rather than developing native apps for business tasks might assume web apps are lower maintenance for IT, but that's not necessarily the case.
Web apps can work on any mobile platform, live in an internet browser and not on a device itself, and, unlike native apps, are free from the confines of device storage. That doesn't mean mobile web apps are immune to security threats, though.
Many threats come from the lack of input validation (SQL injection, cross-site scripting or open redirects), authentication (identity spoofing and password cracking) and authorization (access to restricted data). With the ever-increasing use of web services, threats may come from malicious strings.
For IT, managing mobile web apps involves creating user profiles, allowing or denying new features within the app and integrating services from third parties.
IT should start by developing the app correctly from the ground up. That includes creating the right security policies that enable proper access to the network and limiting the company data that is necessary to complete tasks within the web app; it also involves determining the right network infrastructure. Admins will also have to determine whether or not to keep apps internal or to allow them out on the public internet.
For many companies, securing mobile web apps starts and ends with creating a web application firewall (WAF). A WAF protects apps from many types of attacks, including injection attacks and application layer denial-of-service.
Put your API building know-how to the test
What does it take to properly build and maintain an API? Here are some questions that will test your knowledge of API frameworks, naming conventions, eating dog food and more.
Companies such as Imperva, F5 Networks, Citrix, Barracuda Networks, Fortinet and Akamai Technologies all provide leading WAF tools. For internal applications, many enterprise mobility management (EMM) or networking vendors provide a secure browser option through the use of a virtual private network or network tunnel, which allows traffic and company data to stay inside the network.
Perhaps the easiest best practice IT can implement to secure mobile web apps, though, is to constrain the input to only allow the correct data types.
Most EMM tools today also allow IT to manage web apps for user profile creation, new features and the integration of services. Once admins have determined who has access to the right web apps, the correct data and the services needed, and that the network architecture and policies are written, the majority of their effort, once a web app is deployed, is managing the content.
Web content management (WCM) tools such as Adobe WCM and SDL Tridion allow the proper workflow for IT to add and remove new content while adhering to proper policies and making sure that pages and content are compliant.
Why web apps are here to stay
How to switch from web to mobile apps
Pick the right mobile app dev method
Dig Deeper on Enterprise mobile app strategy
Related Q&A from Matt Schulz
Users may not hesitate to connect to a mobile hotspot, but that doesn't mean IT should always allow it. Learn the threats these hotspots pose and how... Continue Reading
Learn about the history of OAuth and Apple and how iOS 12 changed the game for authorization. There are a few things to be wary of, too. Continue Reading
There are a variety of factors to evaluate when determining the true cost of mobile devices in an organization. Unpack these factors to find the TCO. Continue Reading