The pandemic and the globalisation of the work force has created the need for more and more remote ways of working. This trend has forced many companies to re-think their strategies and technology roadmaps and publish their internal process and services over the internet to support their remote employees.
Thanks to the advances in coding frameworks (React, Laravel, Angular, etc.) and low-code/no-code tools, many companies can now easily translate their business processes into web applications while keeping their infrastructure internally hosted, causing minimal disruption to the “migration” process and reducing costs. However, several important considerations need to be made to guaranty the safety and effectiveness of these applications, as discovered in our last report for Malta security not all companies are taking this seriously and the repercussions can be significant.
Here are the top things you should consider before making your business web application available remotely:
Security:
This should be the top priority for any company when making a web application available remotely. Providing access to employees creates great benefits, but opens the door to malicious agents that can take the opportunity to make use of your data. Companies must ensure that applications are secured from potential threats, such as unauthorized access and data breaches.
To achieve this, consider implementing strong authentication mechanisms, data encryption, and regular security updates to ensure the safety of the data.
- Always implement encrypted communications using certificates and https.
- Use well established authentication mechanisms instead of building your own. Azure AD offers simple methods to implement both authentication and authorisations for nearly any web application.
- Always keep your server up-to-date.
Network Infrastructure:
A robust and reliable network infrastructure is critical to support remote access. Servers and network equipment like routers, firewalls and switches must be kept up to date and have sufficient capacity to handle the traffic. Also worth considering implementing load balancers, and intrusion detection systems to help protect the network against cyber-attacks.
- Two service providers with different routes should be considered when implementing your remote access solution
- Load-balancing or Active-Passive failover in your firewalls
- As already mentioned, security is critical to prevent DDoS attacks, intrusions and data leaks
Performance:
Ensuring that a web application can handle a potentially larger user load that comes with remote access is crucial. The performance of the application can significantly affect the user experience, so it’s important to make sure that it is optimized. Remote users may sign up from mobiles and tablets where signals and network performance could not be optimal, design your web with this in mind.
- Correctly size your servers and VMs, this will be limited by your locally available infrastructure
- Consider creating clustered and tired services to avoid performance bottle-necks, specially if you application needs to support big amounts of data or users
- Consider session persistency and local/remote execution policies
User Experience:
Companies need to make sure that their web applications are user-friendly and easy to navigate, especially for users who may not be tech-savvy. Consider providing training materials or tutorials to help users and employees navigate the application.
- Use reactive layouts and provide sufficient consideration to users on phones and tablets
- Work the applications with a process focus in mind when required
Legal and Regulatory Compliance:
It’s important to ensure that the web application is compliant with all relevant laws and regulations, such as data protection and privacy laws. Non-compliance with these laws can result in hefty fines and legal action, which can be costly for any business.
- Avoid having critical data on the same server or VM as a web server
- Make sure to keep all sensitive data securely encrypted at rest and while on traffic
Remote Access Policies:
Developing policies that govern remote access to web applications is essential. Taking into consideration factors such as who can access the application, from where, and what devices they can use. Implement two-factor authentication to ensure that only authorized users can access the application or critical parts of the systems and data.
- Use Azure AD and Azure AD MFA policies to further secure and limit access to your application
- Create Multi Factor Authentication policies for your employees
Support and Maintenance:
Businesses must consider WHO and HOW their web applications will be supported and maintained. Create and maintain plans to quickly address any issues that may arise. Having unplanned application downtimes may severely impact the company operations or the company image.
Conclusion
Making a business web application available remotely can be a great way to support remote workers and improve your business processes both, internally and externally, but it’s important to consider the potential risks to ensure the safety and effectiveness of them. By taking the necessary steps to secure your application, optimize its performance, and provide a good user experience, you can make remote access a success for your business.
2 Comments
Nuria · 10 May 2023 at 12:04 pm
Eres muy buen profesional.!
Adelante y mucho éxito
Javier Nevado · 10 May 2023 at 12:06 pm
Gracias Nuria!
Comments are closed.