Mobile Protocol Security

Leverage emerging protocols for competitive mobile apps.

Enterprises that are developing mobile applications to engage consumers and enable staff need ways to differentiate their apps in the marketplace and provide an exceptional user experience (UX). For these enterprises, leveraging emerging protocols can be a great way to provide innovative functionality and optimize UX.

One powerful example is WebSocket, which was originally developed for bi-directional streaming on the Web as part of the HTML5 specification. WebSocket enables all sorts of exciting mobile functionality such as video chat and location awareness. Similarly, the XMPP protocol makes all manner of near-real-time messaging, multimedia and Internet of Things (IoT) use cases possible.

These protocols also present a unique set of security challenges because they create completely new attack surfaces that hackers could potentially exploit. For enterprises, this is a matter of particular concern in projects where APIs are used to open backend data and application functionality for reuse in mobile apps.

Read the EBook: It’s All About the App – Mobile Security That Helps Enable the Business

Deploy API management for cutting-edge mobile projects.

The new security risks created by emerging mobile streaming standards should not be underestimated. With WebSocket, for example, protecting against denial-of-service (DoS) attacks is unusually complex. Similarly, WebSocket requires a flexible security solution able to deal with non-standard message formats.

In enterprise mobile projects that leverage APIs to facilitate app development, a gateway-based API management solution can usually be deployed to secure the flow of data between apps and APIs. However, not all API management solutions are able to meet the complex requirements inherent in securing protocols like WebSocket and XMPP.

The CA API Management Suite delivers advanced security functionality for mobile protocols including WebSocket and XMPP via CA Mobile API Gateway. Furthermore, CA is dedicated to providing security solutions for the most innovative mobile projects by continuing to develop functionality for new protocols as and when they gain traction.

Watch Video: CA API Management Overview

Enterprise-grade security for mobile streaming protocols

The CA API Management Suite has been recognized by Forrester Research, Inc. as one of the leading API management solutions on the market. At the core of this product suite is the CA API Gateway technology, which has achieved the industry’s highest security certifications, including FIPS 140-2, DoD STIG and Common Criteria Protection Profiles for Access Control and Policy Management.

CA Mobile API Gateway is the most advanced edition of CA API Gateway yet–with a range of advanced functionality specifically designed for enterprise mobility projects. CA Mobile API Gateway makes it possible for enterprises that publish mobile APIs to:

  • Proxy the flow of data between APIs and mobile apps that use WebSocket and XMPP.
  • Customize security policies in order to deal with non-standard message formats.
  • Limit the number of connection requests to guard against DoS attacks.
  • Protect against payload injection attacks.
  • Deploy strong authentication via OAuth, PKI and OpenID Connnect.
  • Enforce secure sockets layer (SSL) handshakes.

Enrich or filter the flow of data in real time (for auditing, blacklist filtering etc.).

Read the Data Sheet: CA Mobile API Gateway

Learn more about this solution

Visit the CA Mobile API Gateway page >

Data Sheet

CA API Management Suite

Make API-based information sharing safe reliable and cost-effective.

CA API Management Suite

eBook

5 Simple Strategies for Securing Your APIs

Adopt a secure API architecture to counter API-specific threats.

5 Simple Strategies for Securing Your APIs

Success Story

Alaska Airlines: Secure Mobile API Publishing

Enable air travel innovation via APIs.

Alaska Airlines: Secure Mobile API Publishing