Mobile Security

The array of tablets, smart phones, TVs, and other devices together with all the platforms (e.g., iOS, Android, Blackberry, and Windows) makes mobile application development very challenging. This disparity, however, is only the beginning. Will you create native apps for each of these or will you use HTML 5? Are you prepared to debug cache manifest file issues, deal with synchronization of off-line changes, create cross-browser CSS themes, and graceful degrade on older browsers? What about the APIs that your mobile applications will use?

These issues along are challenging enough, but what about security? If your CSS is wrong and your app isn't pixel perfect, it's not the end of the world. If, on the other hand, you have a security issue in your design or your implementation, you could have a class action lawsuit on your hands. Mobile app security requires implementers to think about many different things. For instance, how will users authenticate to your app? Will you use social login or will you use OpenID? Will you allow the employees that work for your customers to use their cooperate credentials when signing into your app? This requires federated SSO. What about account linking, provisioning, authorization? How will you protect the APIs that the mobile apps depend on from DDoS, SQL injection, and other automated attacks that putting an endpoint on the Internet will inevitably open you up to?

Mobile application development is difficult, and these types of identity management and security issues make it even harder. This is why we co-founded an entire series of conferences related to the topic. Nordic APIs, is a series of events held throughout Scandinavia and is designed to help organizations become more efficient, automated, and programmable. It is the only all-API-related series of events held in the region. We arrange numerous seminars in cities throughout the region all year long, and bring together many international speakers and sponsors to one of the Nordic capitals each year for a multi-day event. People attend to hear more about best practices for developing and launching a successful API, to get a glimpse into the future of APIs, and to get suggestions about tools and best practices.

While these events run quite frequently, we are available in the meantime to discuss how we can help you securely launch a mobile app and safely expose APIs. We can help you form a mobile strategy that can cope with the security challenges associated with this new computing paradigm, and in cooperation with our partners, we can also help you execute on that plan to successfully bring secure mobile applications to the market more quickly.