Recently, Sencha and Forrester held a joint webinar to discuss key trends and best practices in web application management and deployment. During this session, Forrester Principal Analyst for Application Development and Delivery Michael Facemire and I reflected on the evolution of application development practices and technology. In addition, we identified best practices that organizations can use to create cost-effective, successful, long-term application strategies.
Check out the webinar recording here.
In particular, we explored how web applications are expected to run on mobile devices, tablets, and on the desktop. Additionally, employees are becoming increasingly resistant to heavy-handed MDM approaches to management and security. Progressive IT teams are beginning to respond to these changing attitudes by refactoring application strategies to emphasize the management of web apps and end-to-end security of sensitive data.
“Progressive IT teams are beginning to respond to these changing attitudes by refactoring application strategies to emphasize the management of web apps and end-to-end security of sensitive data.
They have realized that maintaining control over their apps and data over their entire lifecycle is more important than micro-managing employees’ personal devices. Many have also realized that for the increasingly common scenario in which third-party collaborators — partners, contractors, and consultants — require access to critical apps and data, MDM does not handle this use case effectively.
We outlined a few best practices, along with compelling supporting data. These recommendations include:
- Choose an application platform with integrated management and security — Don’t reinvent the wheel on management and security. Your time will be better spent using a solution that includes these capabilities out of the box.
- Ditch the siloed approach to apps — Organizations must deliver apps on desktops, tablets, and smart phones. Creating a false distinction between the desktop and mobile versions of your apps is inefficient and wastes your organization’s money.
We wrapped up the session with a lively round of Q&A. We weren’t able to address everyone’s questions in the allotted time, so I’ve answered the remaining questions below:
Table of Contents
Q: How does sandboxing work for Sencha Space on the desktop? Is it just a webkit-based browser wrapped into the Sencha Desktop app?
A: We have ported the Space management and security features to the desktop and package them with a web runtime based on the latest version of Chromium. As with all of the other Space clients, Space for Desktop provisions individual sandboxed environments for each application, so local storage, cookies, etc. from one application are never commingled with those of another app.
Q: Does the consistent runtime environment approach across mobile devices include the device-specific UX/UI that users are expecting?
A: “Consistent runtime environment” in this context means running on a stable version and minimal distinct versions of a modern web runtime. We have built appropriate UX on top of that foundation which manages the tradeoffs between the cross-platform requirements of the solution and the idioms of a particular device type and platform.
Q: Regarding the encrypted local relational db and file system: What is the performance penalty for encryption? Do apps have access to the data at runtime from memory?
A: For bulk data transactions in either the file system or database, we have implemented optimized routines in portable C to maximize the performance; the solution performs very well in side-by-side comparisons. For individual row or file operations, the performance penalty is negligible.
During runtime, we decrypt and load needed files and records into volatile memory where the app can make use of them. As soon as the app is done, that memory is freed for use by other processes. If the Space client goes into the background, resident memory is cleared, so the security exposure during this time is minimal. An adversary would have to know your authentication credentials and device-specific PIN to unlock the device and access memory registers during this time.
Q: What would you recommend to streamline the workflow during the development life cycle?
A: Avoid point solutions. Many application technologies provide narrowly focused solutions that address a small problem in the workflow, but do not account for a holistic view of the application lifecycle. Consequently, they frequently create integration problems moving from one stage of the development/test/deployment/maintenance process to the next.
Come hear more from Michael Facemire at SenchaCon 2015, April 7-9, 2015. Register today for early bird pricing.
Learn more about Sencha Space and how you can easily and securely manage and deploy web apps.