Rising use of Web-based programs: Tips for building secure cloud apps

In the current business and technology environment, employees are more heavily relying on their mobile devices for access to resources that will help them do their jobs. As these users increasingly leverage their handheld hardware, it is becoming even more critical to provide enterprise apps and cloud-based programs to prevent shadow IT practices.

According to eWEEK contributor Robert Lemos, while companies now use an average of 21 percent more cloud applications than they did in the previous quarter, many of these resources are not vetted by administrators.

"Consistently across every organization, the number of unapproved services is 10 to 12 times the number of approved services," said Kamal Shah, Skyhigh​ Networks co-founder and vice president. "So now companies have to figure out what services employees are demanding, and find ways to make those services securely available."

Many groups choose to develop their own Web-based applications to make sure secure, approved resources are available for employees. In this way, staff members will leverage the enterprise apps instead of consumer-level services with less data protection measures.

When developing an app, however, there is more to the equation than choosing the component suites and deciding between HTML5 or a native coding language. Program creators must include security measures every step of the way to adequately protect business data.

Bytes Cravings contributor Ajitesh Kumar suggested that developers utilize a number of security measures in their programs to ensure the safety of mobile devices and cloud users. This can include encryption to safeguard sensitive content, as well as access control strategies like two-factor authentication.

Dark Reading contributor Mathew Schwartz also advised understanding the security implications and controls that come along with the language being used to support the program.

"Each has its nuances, and some will offer better out-of-the-box security, but the important step is to ensure that everyone involved in building and approving a Web application understands how to stop exploits such as SQL injection and cross-site scripting attacks, and has the right development or code-checking tools to help," Schwartz wrote.