Enterprises that are developing mobile applications to engage consumers and enable staff need ways to differentiate their apps in the marketplace and provide an exceptional user experience (UX). For these enterprises, leveraging emerging protocols can be a great way to provide innovative functionality and optimize UX.
One powerful example is WebSocket, which was originally developed for bi-directional streaming on the Web as part of the HTML5 specification. WebSocket enables all sorts of exciting mobile functionality such as video chat and location awareness. Similarly, the XMPP protocol makes all manner of near-real-time messaging, multimedia and Internet of Things (IoT) use cases possible.
These protocols also present a unique set of security challenges because they create completely new attack surfaces that hackers could potentially exploit. For enterprises, this is a matter of particular concern in projects where APIs are used to open backend data and application functionality for reuse in mobile apps.
The new security risks created by emerging mobile streaming standards should not be underestimated. With WebSocket, for example, protecting against denial-of-service (DoS) attacks is unusually complex. Similarly, WebSocket requires a flexible security solution able to deal with non-standard message formats.
In enterprise mobile projects that leverage APIs to facilitate app development, a gateway-based API management solution can usually be deployed to secure the flow of data between apps and APIs. However, not all API management solutions are able to meet the complex requirements inherent in securing protocols like WebSocket and XMPP.
CA API Management delivers advanced security functionality for mobile protocols including WebSocket and XMPP via CA Mobile API Gateway. Furthermore, CA is dedicated to providing security solutions for the most innovative mobile projects by continuing to develop functionality for new protocols as and when they gain traction.
CA API Management has been recognized by Forrester Research, Inc. as one of the leading API management solutions on the market. At the core of this product is the CA API Gateway technology, which has achieved the industry’s highest security certifications, including FIPS 140-2, DoD STIG and Common Criteria Protection Profiles for Access Control and Policy Management.
CA Mobile API Gateway is the most advanced edition of CA API Gateway yet–with a range of advanced functionality specifically designed for enterprise mobility projects. CA Mobile API Gateway makes it possible for enterprises that publish mobile APIs to:
Enrich or filter the flow of data in real time (for auditing, blacklist filtering etc.).
Make API-based information sharing safe reliable and cost-effective.
Adopt a secure API architecture to counter API-specific threats.
Enable air travel innovation via APIs.