Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.
For industries in need of a new method for content delivery, HTML5 is a necessary transition. Influential organizations and browsers such as Google, Facebook, PayPal and YouTube are already backing the move to HTML5 and the expansion into well-known media and browser outlets. The change is helping HTML5 revolutionize the underlying structure of the Web as well as how content is being processed and presented. The result is a wave of new functionalities delivering richer media, increasing online responsiveness and allowing for disconnected operation. Although it is a powerful tool for delivering and developing applications, however, HTML5 also presents a familiar IT headache: security.
Steve Jobs: “The world is moving to HTML5”
The release of HTML5 provides a rich, responsive and standardized Web application environment, enabling trends such as improved mobile access and dynamic cloud-based applications. As HTML5 expands the reach and versatility of the Web, new security challenges undoubtedly will arise. With existing defense systems unprepared for the new dynamics, the introduction of HTML5 opens the floodgates to new and unique malware channels using cross-site delivery/communication, broader JavaScript capabilities and WebSocket protocol as vehicles for delivery and infection.
Fundamentally safer than previous versions, the rapid adoption of HTML5 requires a security solution that addresses new content packaging, transmission protocols and the increased number of outlets that are used for malware delivery. Without an HTML5-aware network protection, an organization is vulnerable to malicious codes that are delivered through this new channel. According to Forrester Research, “firms are using more consumer-style Web applications … with 84% of firms increasing their use of Web applications.” Companies must regain control of the Internet and Web infrastructure with a scalable, real-time solution that offers advanced information scanning techniques and enables high network performance.
Preparation: Research appropriate solutions
To maintain network security without disabling the benefits presented by HTML5, organizations must adopt a solution capable of deep content inspection (DCI). These techniques scan and understand the intent of all Web content, from simple coded threats to advanced malware hidden in high volumes of traffic. This process ensures that security services remediate in-transit malware. A thorough DCI plan will mesh with the network and scan through content that is packed in both existing and new standards. Furthermore, an ideal solution with the capability of DCI will remove the end user from the security equation altogether, while being provided with full protection. As a result, no matter where the end user is, no matter what they click on, their computing devices are secured.
Recently, WebSocket has become an important and convenient feature for many organizations. With WebSocket, organizations can transmit data for any application using any payload without well-formed URL or HTTP headers. Unfortunately, the ease and convenience of WebSocket simultaneously creates a vector for malware transmission. By adopting solutions that can conduct DCI to WebSocket payload, users will be protected against malicious attacks. The appropriate solution will extract, scan and stop threats found in a WebSocket protocol, protecting the transmission of data for any application.
The most important step in choosing a security solution is usability. The selected security solution should allow high-performance scanning throughput, preventing bandwidth bottlenecks and end user latency. A lagging system is inefficient and unacceptable in the business world; a solution should solve problems, not create new ones.
