Five Security Issues To Consider In The Mobile Age

Secure Midleware Integration Hero Banner

Mobile applications are the new technology trend. As with any technology trend, there are exciting new business opportunities that emerge. But first, a bit about what exactly is a mobile application? Mobile applications are generally classified as one of three types:

Native Applications
Built using a device-specific software development kit (SDK) to exploit the capabilities of the device

Web-Browser Applications
Built using the fifth revision of Hypertext Markup Language (HTML5) enhancements for web applications

Hybrid Applications
Built using a library (often client-side JavaScript) to allow coding for a “generic” mobile function (that accesses device-specific capability) without the need to make different calls for each platform (such as native) and sometimes provide a runtime container

With these classifications in mind, here are the five major security issues to consider for the new Mobile Age.

1. Prepare Yourself For Success

Every environment now has a backup-and-restore plan in case of emergencies. But what most companies do not have is a success plan. SO it’s important to consider: What do you do if you do succeed? Some mobile apps go “viral” and a sudden wave of transactions may cause your network to become overloaded. But with broad technology offerings from IBM, including DataPower appliances and cloud services, you can build a plan for failover or fail-up.

2. Bring Your Own Device

Many employees already use personal phones for calls at night or for email while traveling. Why not extend this ability to other mobile applications and data? The security of mobile devices is a priority for business and IT leaders. Two challenges stand out: (1) The ability to terminate access to the server-side of the mobile app, and (2) The loss of information that may remain on the device when it “goes rogue.”

As an organization, if you don’t own the device that’s running the application, you may not be able to stop an application request from being generated on the mobile phone. That means you may receive a lot of traffic from clients that is no longer valid. If you have the technology to identify and correlate incoming requests from legitimate people, devices and applications, your strategy’s sound. However, the case is often different and you may need an application-level appliance at the application endpoint that’s capable correlating granular service-level agreements.

3. Adapt And Survive

Web-application-savvy business leaders are already prepared to filter web requests to provide differentiated quality of service. Gating traffic, however, may become more visible to your mobile users because mobile users are more aware of response time. Delays may lose the attention of the audience you’re looking to keep.

In application design, there must be the awareness of how to reduce the amount of “bad load” or “bad users” on your application, and at the same time respond quickly to validated traffic that’s driven to your businesses. This is where the defense and strategic use of DataPower appliances and IBM products can provide application efficiencies. Thea ability to differentiate, balance and distribute requests can truly yield operational advantages.

4. Mobile-First And Good Service Design

Mobile applications can help organizations enter new markets, retain and extend participation from current users of services and attract new users to services. If the goal of going mobile is to reach a larger audience and access new markets, user-interface design may be the most important aspect to consider. If you’re not trying to win over the eyes of the new market, but instead trying to get a core piece of information across to your mobile audience, then service design and the ability to deliver information quickly and securely may be the most important aspect for your company. Good service design includes understanding your own application-integration infrastructure and being able to leverage this infrastructure from a mobile device.

5. Location, Location, Location

Mobile access and mobile applications challenge the notion that there’s a boundary between the outside and the inside. Mobile employees need “unplugged” access as they travel. More customers need access to more information and they want this information faster than ever before. Mobile devices are great for providing information “on the go,” but because of their smaller screen size they’re limited in their abilities. Technology is evolving though, and there are now such things as “notifications” that can indicate when a message is incoming or that an application update is available.

The reality of life on the internet is that there are endless “moving parts.” The mobile user has a short attention span that demands an almost immediate response. It’s the job of the mobile-application developers and designers to catch and keep the attention of the customer. Applications must be more intelligent and must work with traditional IT security systems so that your operational staff can shut down access or rate-limit access

The world’s getting smarter: Join the world and learn more about WebSphere DataPower appliances and IBM Worklight. Contact TxMQ vice president Miles Roty at (716) 636-0070 x 228 or [email protected].

IBM® MessageSight: The appliance for Mobile Messaging and M2M

On April 23, 2013 IBM® announced MessageSight that delivers massive scale communication within and beyond the enterprise.
As many people have come to realize, the Internet is no longer just for web browsing. Consumers and application owners expect near, real-time interactions between mobile phones, sensors, machines and applications.
IBM MessageSight is a messaging platform that delivers the performance, scalability, and value organizations required to meet the demands of the hyper-connected world. IBM MessageSight allows organizations to expand their applications beyond the data to provide a truly interactive experience.

IBM MessageSight delivers:

  • High-performance, reliable and scalable messaging
  • Security
  • Simple deployment
  • Extension of existing enterprise messaging
  • Developer friendly design

With IBM MessageSight you can sit at the edge of your enterprise and can extend your existing messaging infrastructure or use MessageSight as a standalone.

IBM MessageSight allows organizations to implement a variety of use cases:

  • Connected vehicles
  • Event-driven sensor networks
  • Interactive mobile applications including notifications
  • WebSocket HTML5-based web applications
  • Near, real-time date collection for Big Data analytics
  • Scalable alerting and notification systems
  • High-scale asynchronous publish and subscribe for service-oriented architectures

IBM MessageSight Features:

One appliance can handle:

    • 1M Concurrent Connection
              • One appliance can handle all the car circulating in Manhattan in a day
    • 13M non-persistent msg/sec
              • Allows massive fan-out streaming of data
    • 400K persistent msg/sec
              • When assured delivery matters
    • Predictable latency in the microseconds under load

MessageSight has efficient MQTT messaging protocol that is faster, requires less bandwidth and less battery than traditional https. In addition to this, it’s event oriented paradigm allows for better customer experience. It has support for JavaScript, C and Java APIs and apps can be HTML5 web apps, native or hybrid. MessageSight also integrates easily with IBM Worklight.

Hardened appliance form factor ensure that there is secure firmware (signed and encrypted by IBM) and no user-visible, general purpose OS. There are also fine-grained messaging policies with SSL/TLS (including FIPS 140-2), authentication and deny-based access control. MessageSight is highly available (without shared resources) and there are various options for Quality of Service including Assured delivery.

    • Simple yet powerful API’s consistent across multiple platforms
              • Simple paradigm: connect, subscribe, publish
              • Promotes loosely coupled and scalable applications
    • Protocols:
              • MQTT protocol – efficient pub/sub protocol designed for M2M
              • Java Messaging over high speed protocol
    • Active development community on developer Works
    • Could-based demo systems for rapid prototyping


MessageSight is compatible with a variety of environments such as; JMS support for Java Standard Edition (JSE) environments, WebSockets support for Rich Internet Applications and MQTT protocol with many open source clients. There is built-in connectivity with WebSphere MQ and one appliance can connect to multiple WebSphere MQ queue managers. Lastly there is IBM Integration Bus support through the JMS nodes.

MessageSight’s goal is to be up and running within 30 minutes. They use task oriented UI guides to administrate through the first steps and implement simple and scalable management through policies.

Implementing the IBM MessageSight allows your business to scale to the demands of the mobile and m2m use cases. It easily extends your existing messaging infrastructure across the Internet and it is easy to develop applications with simple programming interfaces.
IBM MessageSight is the best way to implement the event driven architecture at the edge of the network. It delivers unprecedented level of scale, it is secrue and reliable and yet remains simple to use.

High-level architecture of the demo:

The all-new IBM MessageSight appliance is a secure, easy-to-deploy messaging server that is optimized to address the massive scale requirements of the machine to machine and mobile use cases. It can handle a million connections, and millions of messages per second. MessageSight is designed to sit at the edge of the enterprise and can extend your existing messaging infrastructure or be used as a standalone. MessageSight extends and complements the existing IBM Connectivity and Integration portfolio.


Appliance Connectivity: