designsoliman - Fotolia

What is the right way for IT to manage mobile web apps?

Mobile web applications are a convenient way for organizations to offer business apps, but they come with their own set of management issues for IT to tackle.

Organizations that turn to mobile web apps rather than developing native apps for business tasks might assume web apps are lower maintenance for IT, but that's not necessarily the case.

Web apps can work on any mobile platform, live in an internet browser and not on a device itself, and, unlike native apps, are free from the confines of device storage. That doesn't mean mobile web apps are immune to security threats, though.

Many threats come from the lack of input validation (SQL injection, cross-site scripting or open redirects), authentication (identity spoofing and password cracking) and authorization (access to restricted data). With the ever-increasing use of web services, threats may come from malicious strings.

For IT, managing mobile web apps involves creating user profiles, allowing or denying new features within the app and integrating services from third parties.

IT should start by developing the app correctly from the ground up.

IT should start by developing the app correctly from the ground up. That includes creating the right security policies that enable proper access to the network and limiting the company data that is necessary to complete tasks within the web app; it also involves determining the right network infrastructure. Admins will also have to determine whether or not to keep apps internal or to allow them out on the public internet.

For many companies, securing mobile web apps starts and ends with creating a web application firewall (WAF). A WAF protects apps from many types of attacks, including injection attacks and application layer denial-of-service.

Put your API building know-how to the test

What does it take to properly build and maintain an API? Here are some questions that will test your knowledge of API frameworks, naming conventions, eating dog food and more.

Companies such as Imperva, F5 Networks, Citrix, Barracuda Networks, Fortinet and Akamai Technologies all provide leading WAF tools. For internal applications, many enterprise mobility management (EMM) or networking vendors provide a secure browser option through the use of a virtual private network or network tunnel, which allows traffic and company data to stay inside the network.

Perhaps the easiest best practice IT can implement to secure mobile web apps, though, is to constrain the input to only allow the correct data types.

Most EMM tools today also allow IT to manage web apps for user profile creation, new features and the integration of services. Once admins have determined who has access to the right web apps, the correct data and the services needed, and that the network architecture and policies are written, the majority of their effort, once a web app is deployed, is managing the content.

Web content management (WCM) tools such as Adobe WCM and SDL Tridion allow the proper workflow for IT to add and remove new content while adhering to proper policies and making sure that pages and content are compliant. 

Next Steps

Why web apps are here to stay

How to switch from web to mobile apps

Pick the right mobile app dev method

Dig Deeper on Enterprise mobile app strategy