Tuesday, February 10, 2009

Why RIA? Because it is too Risky Otherwise

Rich Internet Application is a new possibility many organizations and software vendors which have not yet made the transition to RIA are now considering.

Most of them are considering RIA namely for the trivial reason of enabling a wider distribution of their application with minimal costs. For needs for wider availability of the application by keeping the application management centralized and lean, RIA is definitely the obvious path to choose.

On the other hand, organizations that do not foresee any need for wide availability of their application, as all end-users are accessing the application from one location, tend to dismiss the RIA opportunity. Unfortunately such organization are missing one major value that RIA offers the, and that is SECURITY.

In early 2008 a research conducted by the US Computer Emergency Response Team (Cert) estimated that almost 40 percent of IT security breaches are perpetrated by people inside the company ("The top 5 Internal Security Threats" at ZDNet.co.uk).

This is quite alarming piece of information. Organizations need to realize that any information system they deploy can be used maliciously by the system's end-users. But what that has to do with RIA?

When deploying an application in a form of a locally running full client, the client machine is setup in a way that enables the local application to have direct access to various resources including the Database, users files, and templates. Accessing the sensitive information contained in such resources is expected to be controlled by the application security means, and usually, properly designed application provide very good means to allow only authorized users to view and manipulate restricted information.

Unfortunately, the direct access to the application resources is made available not only to the application itself. It is there for any malware to directly access the sensitive resources and bypass the security measures that are incorporated in the application.

RIA suggests not only an easily distributed desktop application but also offers an intrinsically multi-tiered architecture by which all application resources are placed far away from the end-users' direct reach. In RIA, the end-user accesses the application platform server only. The server already behind a firewall accesses the application resources. Not only that the end-user cannot directly access the database of the application, the end-user cannot even tell what sort of database is being used by the application.The increased security is often a trivial matter in a RIA architecture, therefore many overlook it, but the fact is that RIA is much more than just an Internet based application.

RIA is a highly secured Internet based application.

Check out uniPaaS RIA solution and see how easy it is for you to continue and develop dekstop applications to be deployed as highly secured Rich Internet Applications.