Security strategies for html5 enterprise mobile apps
1 like2,873 views
This document discusses building secure HTML5 business applications. It argues that HTML5 applications done right can be more secure than native apps for several reasons: the HTML5 security model provides sandboxing; they can be containerized for secure browsing; they integrate well with mobile device management; and HTML5 is ideal for BYOD environments. An HTML5 platform should integrate with enterprise access control, enable fine-grained security, support flexible deployment models, integrate with backend services, and allow development in a single language. The document promotes Gizmox as an enterprise HTML5 platform that delivers these capabilities.
Security strategies for html5 enterprise mobile apps
- 1. Building Secure HTML5 Business Applications Eugene Kuznetsov, CEO Itzik Spitzen, CTO
- 2. Eugene Kuznetsov Gizmox CEO Itzik Spitzen Gizmox CTO & Cofounder Abine, IBM, DataPower, CRV deltathree, FileNet
- 3. Poll Question Which mobile technology do you think of as being more secure? Native apps -or- HTML5 apps (select one)
- 4. Context HTML5 done right What’s in a platform? Gizmox
- 5. vs.
- 6. The future of enterprise applications
- 7. MDM Keychain MEAP application provisioning Cloud Services MVC PhoneGap Cross platform BYOD CSS3 MVVM Eclipse device emulators SDK AJAX OpenGL Push Notification Root (device) mobile-first application distribution Hybrid BaaS Universal Apps Java …is not without its challenges Objective C VPN app stores Touch User Interface Gestures JavaScript Object Notation PaaS Scalability Native App JQuery XML Monetization Unique Device Identifier (UDID) Mobile Fragmentation SOAP
- 8. Context HTML5 done right What’s in a platform? Gizmox
- 9. 4 Ways that HTML5 apps “done right” can be more secure than native apps
- 11. #1 HTML5 security model Your browser is a secure sand box
- 12. #1 HTML5 security model Thin clients are “secure-bydesign”
- 13. #1 HTML5 security model Nothing gets left behind
- 14. #2 Secure browsing / Containerization
- 16. #4 HTML5 is ideal for a BYOD world
- 17. Context HTML5 done right What’s in a platform? Gizmox
- 18. 5 Things You should expect from an enterprise HTML5 platform
- 19. #1 Integrate with enterprise access control
- 20. #2 Enable fine-grained security
- 21. #3 Provide the flexibility to implement in cloud or on premise
- 22. #4 Integrate with BaaS of your choice c
- 23. #5 Let you develop in a single language
- 24. Poll Question Are you required to deliver the same application to multiple form factors (e.g. desktop & mobile) Yes -or- No (select one)
- 25. Context HTML5 done right What’s in a platform? Gizmox
- 26. Gizmox provides an enterprise HTML5 platform for bringing business applications to web and mobile – quickly, securely, and with your existing skills. For new and existing apps, we deliver a native-quality user experience and enterprise-class deployment. Secure “Secure-by-design” apps integrated with enterprise security program Fast Rapid time to market. High performance solutions. Familiar Keep design in house by leveraging existing .NET and Visual Studio skills Build and deploy new HTML5 apps with C# and visual designer Convert existing desktop client-server apps to .NET and HTML5
- 27. Visual WebGui Technology Stack server design Theme Libraries and Designer Management console Web Server Control Libraries and Designer Client optimization (device, browser) Backend integrations Visual Design Environment Application logic Security Management C# / VB.NET support Form Factor Designer Patented protocol Development Server Device Client Thin HTML5 client (no install) Device Integration (optional) Client APIs
- 29. Managing legacy challenges <VB6> <ASP> <etc…> Learn More: gizmox.com/ebook <C#>
- 30. Poll Question Does your company still rely on custom developed, Microsoft desktop client-server apps? Yes -or- No (select one)
- 31. VB6 Vulnerability Status: Panic Status in effect until 2014-04-08 00:00:00.0 UTC What is happening on the desktop…
- 32. …may well happen in mobile.
- 33. Get your business apps to enterprise-class HTML5 quickly, securely, with your existing development team.
- 34. Bring your apps to mobile with native-quality HTML5 quickly, securely, with your existing development team.
- 35. The Safe Choice
Editor's Notes
- #6: HTML5 represents a revolutionary step for HTML-based browsers as the first truly cross-platform technology for rich, interactive applicationsEndorsed by all major IT vendors (Google, Microsoft, IBM, Oracle, et al)Enables functionality previously possible only in native appsResponsive design supports desktop and mobile simultaneouslyUndergoing rapid adoption for interactive B2C websites as well as B2B/B2E business apps
- #7: Lots of debate/ hype /sides out there on native v html5.. We are not here to take sides, but to talk about the relative strength of html5 for enterprise apps
- #8: HTML5 represents a revolutionary step for HTML-based browsers as the first truly cross-platform technology for rich, interactive applicationsEndorsed by all major IT vendors (Google, Microsoft, IBM, Oracle, et al)Enables functionality previously possible only in native appsResponsive design supports desktop and mobile simultaneouslyUndergoing rapid adoption for interactive B2C websites as well as B2B/B2E business apps
- #9: But not without its challenges:Many different frameworks and toolsNew set of programming languagesEarly solutions target open source/startup developers for B2C apps – enterprise needs unmetBack end performance issues for data-intensive operationsMissing functionality (e.g. control richness, UX quality, mobile device HW access)Lack of centralized management (“app” vs. “website” gap)Unclear security models
- #10: HTML5 represents a revolutionary step for HTML-based browsers as the first truly cross-platform technology for rich, interactive applicationsEndorsed by all major IT vendors (Google, Microsoft, IBM, Oracle, et al)Enables functionality previously possible only in native appsResponsive design supports desktop and mobile simultaneouslyUndergoing rapid adoption for interactive B2C websites as well as B2B/B2E business apps
- #12: Secure sandbox model – Browser model is more secure than nativeThin client – secure by design. Server based app logic protects sensitive IPNothing left behind – data security
- #14: Thin client – secure by design. Server based app logic protects sensitive IP
- #15: Nothing left behind – data security
- #17: Device and application inventory management control who gets access to what app on which device.Control software distribution through enterprise app store – hybrid apps or MDM-supported, secure browsers for accessing HTML5 appsImplement enterprise security standards – passwords, encryption, VPN, authentication, etc…Control who sees what by enforcing enterprise access control policies (integration with active directory)
- #30: On premise or cloud
- #31: Leverages patented compiler algorithms to rapidly move code from one platform to anotherDelivers new code (e.g. C# and HTML5), while mapping key dependencies and controls.Developer guides process using toolkit – refactoring and re-architecting as desired.New code is of highest quality – as if written from scratch for .NET
- #33: Increasingly important technology as desktop client server app inventory continues to age