Part 3: Putting Mobile Applications & Data Security In Perspective – LANSA Blog

Live Demo Using Code Generator to Publish APIs

Low-Code Mobile App Development and Data Integration - LANSA Skip to content

Low-Code >> High Control

Build web and mobile apps faster, easier and more affordably

"We wouldn’t have considered making this online reservation solution ourselves without LANSA."

-VP, Software & Services, Agilysys

Learn More About How Agilysys Powers Vegas Bookings With LANSA >

Business Innovation Without Limitation

Low-Code Platform

LANSA's low-code development platform accelerates and simplifies the creation of enterprise apps while making your development team more productive. LANSA puts you back in control.

IBM i Modernization

LANSA is the only low-code development platform to natively support IBM i. You can build new apps and modernize existing ones - with native web and mobile support

Mobile Development

LANSA makes it easier than ever to take your apps mobile. Build mobile-first apps as easily as web apps using a single platform.

Enterprise Integration

LANSA offers powerful integration choices for your web and mobile apps. We support a range of options to make integration fast and easy.

Digital Transformation Through New Apps

LANSA’s low-code development platform impacts every area of the business, delivering company-wide innovation, productivity and control.

For IT Managers

LANSA lets your team create apps up to 10x faster than usual, reducing the time- to- market for new apps and helping clear your application backlog.

For CxOs

LANSA equips your IT team to innovate and deliver new apps in the time frame the business needs. Your team becomes more productive and responsive.

For Developers

LANSA’s low-code platform allows you to become a full-stack developer delivering web and mobile apps faster and easier than ever before.

For ISVs/SIs

LANSA’s low-code platform helps build easy-to-maintain apps for your customers, reduces time-to-market, and makes your team more productive.

“With LANSA we can help our customers be more agile and responsive to new business requirements. That's extremely important in the transportation industry. Enhancements and customization are now simple and fast, meaning that we can respond quicker to customer requests.”

“With LANSA we can help our customers be more agile and responsive to new business requirements. That's extremely important in the transportation industry. Enhancements and customization are now simple and fast, meaning that we can respond quicker to customer requests.”

“With LANSA we can help our customers be more agile and responsive to new business requirements. That's extremely important in the transportation industry. Enhancements and customization are now simple and fast, meaning that we can respond quicker to customer requests.”

Glenn Gundermann, Application Development Manager, Nulogx

“Our ERP system happens to run on IBM i, which is often and mistakenly earmarked as a legacy platform. Using LANSA and with a renewed focus on our existing ERP system, we have proven to be more flexible and productive than a packaged ERP like SAP ever could be.”

“Our ERP system happens to run on IBM i, which is often and mistakenly earmarked as a legacy platform. Using LANSA and with a renewed focus on our existing ERP system, we have proven to be more flexible and productive than a packaged ERP like SAP ever could be.”

“Our ERP system happens to run on IBM i, which is often and mistakenly earmarked as a legacy platform. Using LANSA and with a renewed focus on our existing ERP system, we have proven to be more flexible and productive than a packaged ERP like SAP ever could be.”

Arnold Hendriks, Application Development Manager, Bidfood

“The LANSA portal is a crucial part of our digital strategy and plays an important role in remaining competitive. It offers a new way to add value to our services, above and beyond just selling a product.”

Michael Hall, Head of Digital, Elders Rural

previous arrow
next arrow
Slider

Trusted by thousands of organizations worldwide

Go Faster with LANSA

LANSA has been speeding the productivity of professional developers for over 30 years. We help you deliver enterprise-grade applications faster than before because you can build mobile, web, cloud, and desktop apps from one powerful platform.

Metaphor of planet digitizing. Tablet PC Computer with Digital Screen over Earth.

Part 3: Putting Mobile Applications & Data Security In Perspective

This week concludes my series on Mobile Applications & Data Security. I’ll leave you with tactics on how to secure application access to data and provide insight on how to secure communication between a mobile device and server. Ready? Let’s dive in.

One of the challenges when building mobile applications is to make sure users are only given access to information that they are authorized to view and that sensitive data is never stored on the device itself.  One way to secure application access to business data on corporate servers is to develop a solid framework that will handle all aspects of data security and access on the server.

Below I have outlined common techniques that can ensure secure application access to data on a server:

  • Role-based security to control user access and visibility to business data. This will allow you to easily manage and administer access and also turn “off” access to information on the server if required.
  • Do not store passwords or PINs on the device  and always perform all application security checks on the server.
  • Encrypt all sensitive information on the server and only send the required amount of information to the mobile application.
  • Log all application activity on the server from all devices and restrict access to applications and data based on the unique device identifier.
  • Prompt for additional PIN number to access critical paths of the server and re-validate and verify the login information on subsequent requests after the initial login to the application has been verified.
  • Implement a Firewall and DMZ (Demilitarized Zone)  that contains and exposes your organization’s external facing servers to the outside world. This provides an additional layer of security to an organization’s network, applications and data.
  • Provide VPN access for added security that can be easily enabled or disabled on the server side.
  • Leverage remote monitoring capabilities that provide the ability to remote wipe a device if it gets lost or stolen.
  • Educate and manage employee behavior and usage of mobile applications in order to keep security intact. Provide them with regular updates and make them aware of your security policies.

The IBM i platform hosts some of the biggest mission-critical businessTablet computer and Earth applications on the planet and has always had a built-in Object-based and User-profile management system that is not only simple to setup and leverage but very powerful. Reducing the steps required to configure user profiles and manage access to your programs/files on the server, using the standard IBM i user profile security with authorization Lists, makes the IBM i a compelling choice for businesses.

Even the most secure platform on the planet needs protection from threats and breaches when dealing with business data. The IBM i platform provides the necessary tools required to secure the infrastructure and access to the information, helping businesses lower risks and costs.

Secure Communication Between a Mobile Device and Server

Another important component to building mobile apps is to secure communication between the device and server. Most applications connect to information being stored on the server using standard web protocol (HTTP) and pass data back and forth using standard data formats like XML or JSON. Using public Wi-Fi or cellular signal from anywhere in the world and connecting to data on the server can allow hackers to intercept and view information being transferred over the wire using sniffing tools and man-in-the-middle attacks. Since the World Wide Web is the number one source of information for most people these days, and the web uses the HTTP protocol to communicate between the web browser and server, it is easy to see why a connection can be easily intercepted and hacked.

One of the easiest ways to secure communication is to simply use HTTPs instead of HTTP protocol when building business applications and accessingAttractive young woman using her smartphone data on the server. Using SSL connection to the webserver automatically means that the data is being encrypted with a digital certificate that can be setup and configured on the webserver. Typically, digital certificates provide a minimum 128-bit encryption all the way up to 4096-bit encryption which ensures the data being transmitted over the wire is secure and not available to hackers.

Using IBM i backend as the server for building mobile applications provides many benefits.  With the latest advancements in Cryptography and Digital Certificates built into the Apache Webserver and the IBM i OS to provide a reliable and proven platform, the IBM i platform has proven to be one of the most secure platforms to run your mission critical business applications.

In Summary

Application and data security has always been and will continue to be a cat and mouse game between the good guys and the bad guys. Whereby new threats and vulnerabilities are being found and exploited by the bad guys, while the good guys try to fix the vulnerabilities by putting in place appropriate measures (both hardware and software to thwart the new-age cyber criminals).

The great news for all of us building mobile applications is that both software and hardware mobile ecosystems are not only evolving at a rapid pace, it is also constantly being improved to support the latest in encryption and cryptography as well as making mobile device operating systems smarter in detecting and dealing with threats in real-time.

At the end of the day, mobile applications need to be secured. It’s not a question of “if” but “when” attacks will occur. From an application development perspective, it is important to understand and be mindful of security issues when building enterprise applications for mobile devices.

Visit the blog next week for a 12-Point Mobile Application and Data Security Checklist.

Author:

Since joining LANSA in 1997, Madan has acquired extensive knowledge in all LANSA products. His experience includes .NET, Java, web, and mobile expertise. Initially, he worked at the LANSA Product Center in Sydney, Australia, helping design and develop the LANSA product suite, including LongRange for building intuitive mobile applications. Currently, Madan is involved with LANSA Training, Technical Support, Pre-sales, Services and Product Development, as well as keeping abreast of market and technology trends. He has also presented at numerous IBM Conferences and user groups on broad topics covering IBM i, mobility, web development, and application architecture and design and is an active member of the IBM ISV Advisory Council.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.