email article printer friendly more resources

Security and the Custom Client
Learn what you can do to secure your corporate applications and critical customer data more effectively
by Ted Goddard

February 2, 2005

The security threats to network-based applications and client data are greater than ever before today, and they are forcing enterprises to re-evaluate their options. To combat security threats, large and small corporations alike are now turning to custom client technology. Let's look at the security challenges facing conventional application deployment and how many enterprises are combating the threat by using unconventional means.

With the Internet boom of the late 1990s, the nature of application development migrated from a client-based application model to a centralized network-based model, in which applications are accessed through a Web browser. The motivation behind the migration was the huge cost savings associated with the development, distribution, and support of Web-based applications over the earlier client-based model. Web-based applications now permeate the market.

In recent years, however, security threats have emerged that jeopardize the integrity of this model and place at risk corporate intellectual property and customer data. Each year, billions of dollars are being spent developing strategies and technologies to combat these threats. Despite these expenditures, corporations are at best holding their own and at worst find themselves victims of malicious cyber attacks.

Conventional Security Challenges
In the present model, applications typically reside on the server and are accessed by a consumer Web browser on the client machine. With over 93 percent global share, Microsoft Internet Explorer holds a monopoly on the client browser market.

The principal sources of risk to the application and to the transactional data that is transmitted between the client and the server are:

• Unregulated client access: The primary tool used to interact with the network-based application is the client-based consumer browser. However, the application provider has little control over the browser. That same tool may have complete and unregulated access to the Internet and is therefore exposed to the risks of viruses, spyware, and Trojan applications. In this environment, the security of the network-based application and its transactional data depend on the level of security on the client. A poorly secured client increases the exposure and risk to the network-based application and its data.
• Nature of browser technology: Internet Explorer is the primary browser used to access network-based applications and the Internet. While Microsoft has made great strides to address the security holes in Internet Explorer, the overall risk remains significant. A main contributor to the problem lies in the nature of ActiveX and the ability for third parties to plug-in their own technology. From a security perspective, this capability turns an asset into a potential liability.
• Profile of the target: As a victim of its own success, Microsoft has become a highly visible target for hackers and cyber-terrorists. Cyber attacks are typically engineered for maximum distribution and effectiveness, which means they usually target the infrastructure of the market leader, Microsoft. Because of this situation, applications that rely on Microsoft technology are at greater risk than applications that rely on lower profile technologies.