Data Policies
The first security feature of all MOOVPAD Apps are the data policies. Minimal and temporary, encrypted and (where possible) de-identified server-side storage, focus on client-side data storage for downloaded apps (different for the web app version, since client-side storage not possible), and a range of other policies will help to minimise the risks to users.
Cloud-Based Gateway
At this stage, I'm considering using a service like Cloudflare to help safeguard against things like DDoS and other threats. This will help add an additional layer of security even before the app-based features come into play. In addition, there are other services I'm also learning more about at the moment, and these may also be implemented when the MOOVPAD Web App goes live for the first time.
Authentication & Authorisation
MOOVPAD apps will use a combination of both well-known and custom authentication and authorisation approaches. Some of these include things like token-based authentication, as well as specifically tailored authorisation policies to suit the particular user, system, and application contexts. These will be implemented across all MOOVPAD API's and apps.
In-House Custom Backend
I am also developing a back-end MOOVPAD systems-management application, with both automated and user-driven event monitoring, logging and alert methods for security threat prevention, detection and elimination strategies. I can't talk too much about these here, or the management system itself, in order to protect the methods used. However what I can say is that all traffic through MOOVPAD systems will be monitored for data integrity and security through the entire pipeline.
Server-Side Security
There are also a range of measures that will be taken at the software and hardware levels when it comes to server-side systems. Depending on the long-term hosting approach, as opposed to initial testing and security "dry-run" pre-launch, there are a wide range of options and systems available to achieve secure server-side operations.
...And More Still To Come
As mentioned above, there are also more things I continue to learn about, as well as some things I can't talk about here. I of course want to do whatever I can to minimise security risks to MOOVPAD app users. And so my goal is to have a specialised team handling all of these tasks eventually, once the apps launch and I can afford to have suchprofessionals on board.
For now though... E brain brrrrr going 🙂
Stay awesome,
EMH
HOW MOOVPAD IS BEING BUILT
For the overview of how MOOVPAD apps are being developed, the reasoning behind particular decisions during development, policies, and more in relation to all the technical things, please see the link to the left.
This will be an ongoing work in progress, and will always be linked to the bottom of each upcoming Blog post.