The Gospel of MBaaS- According to Anypresence Co-Founder (Part 1 of 2)
Anypresence cofounder and CMO (Chief Marketing Officer) Richard Mendis (RM) claims that their method of MBaaS delivery and execution "is completely unique in the market." Mobile developers design their apps in the clouds with de-coupled design-time and run-time architecture. They are able to define their own data sources, object layers and user interfaces (UI’s) to avoid the dreaded phenomenon known as ‘vendor platform lock-in’.
No platform lock-in. Given the dynamic nature of the mobile development space, we wanted to build a solution that customers could select without worrying about being locked into our platform, and could co-exist along side development best practices using native tools from Apple and Google.
One of the things that Anypresence did to accomplish that is to (RM):
Generate human-readable, editable source code that customers can customize and maintain on their own. This enables advanced customization and additional post-processing to secure apps, such as including MDM wrappers and adding tamper detection mechanisms.
Once a developer designs an app, Anypresence generates the run-time component source code, the backend server, mobile SDK’s and UI prototypes. Anypresence then pushes the source code to private Git repositories. This leaves devs in control of their stack at all times.
Anypresence’s cloud based deployment will default to Heroku and Amazon. But for those developers that prefer a more hands on control, they can, unlike most or even all other MBaaS providers, utilize their own server, cloud and data centers.
For the enterprise that demands more flexibility and possess’ the technical prowess to program their own servers, this approach can be indispensible. Like those in the defense industry who desire unique protocols to attain the utmost in security precautions-
From a security perspective, we handle security across six primary categories in the following manner:
1. User authentication: support for built-in or third-party authentication from the mobile app to backend identity management frameworks (LDAP, AD, SAML, OpenID, etc.).
2. Data visibility: support for role-based visibility and operations on data within the mobile app. In the case of “composite apps” that connect to multiple data sources, this may require the use of a mobile-specific role-based access control mechanism, which AnyPresence provides out-of-the-box.
3. Access Control: support for role-based access control to specific user interface functions and object-level operations, such as visibility of specific screens or buttons, and ability to create, update, read, or delete data.
4. Communications: AnyPresence follows best practices with respect to securing communications channels between mobile client and server components, using 256-bit SSL certificates. Because AnyPresence generates editable client-side code, support for secure application wrappers from MDM or MAM vendors is also available.
5. Server level: AnyPresence follows best practices for mobile backend server components, such as checks for cross-site scripting, SQL injection, and other common exploits. We monitor for security patches from third party vendors and inform customers if apps need to be re-generated to reduce vulnerabilities.
6. Compliance: Because AnyPresence run-time components can be edited outside the platform or deployed anywhere, formal or informal adherence to specific compliance requirements such as PCI, HIPAA, or other standards can be supported as needed. We will work with customers to determine requirements and cost for additional compliance needs.
(Anypresence)…is the only enterprise mobile development platform vendor I am aware of that can serve up a cloud-based HIPAA-compliant solution, and will actually sign a business associate agreement (BAA) taking on shared liability. We have signed a business associate agreement (BAA) for all of our healthcare delivery (hospital) clients, which includes statements regarding compliance with HIPAA privacy and security requirements.
Be sure to check out Part 2 of Infoq’s exclusive virtual interview with Anypresence cofounder Richard Mendis. Where the CMO weighs in on Facebook’s acquisition of competitor Parse and provides intel on the pricing structure of Anypresence.
Here is the link to Part 2 of this Anypresence interview
Srini Penchikala Aug 21, 2014