The arrival of web technology on the desktop, outside of the browser, compounds the already complex challenge of desktop security. Unsecured applications can expose your company to risks such as:
✘ Unauthorized access to sensitive data
✘ Malicious use of resources
✘ Hijacking of an account or computer
Finsemble takes the hard work out of realizing application interoperability without putting your company at risk.
The Smart Desktop Solution
This new way of integrating applications requires a solution that allows web technology to safely operate outside of the browser. Further, some solutions require both web and native applications to work together. Finsemble allows for these combinations to be both safe and fast to deploy.
✔ Leverage the Browser
Through its use of Electron, and in turn Chromium, Finsemble takes advantage of the world’s most trusted technology to bring web applications to the desktop. Finsemble sandboxes applications in the same way as the browser. Applications from different sources remain isolated from one another.
✔ Defend the Operating System
To allow for a native-like desktop experience Electron relaxes some security constraints imposed by the browser. This needs to be carefully managed, so we provide a firewall between applications and the Electron API, isolating them and thus securing Electron for enterprise use. Finsemble brokers OS access, such that applications safely retain their ability to meet your users’ expectations.
✔ Establish Trust
Of course, you can’t have interoperability if nothing can talk—but talking breaches the sandbox. Finsemble provides a model for setting a component’s privilege level. It is restrictive by design. Developers can build large systems with hundreds of components and not worry that they missed a permission.
When it comes to security, it’s a bad practice to build your own from scratch. We use Electron and Chromium, trusted by the largest, most innovative companies worldwide. See who is building on Electron.
Because we don’t fork Electron, and we provide access to our source code, you can see all the code at every layer. Go ahead, take a look. Smart companies trust but verify their vendors.
We went the extra step of having our thinking challenged by the experts. Bishop Fox, a leader in security consulting, has given Finsemble a clean bill of health. Learn more about Bishop Fox application penetration testing here.
Securing the Smart Desktop: Web Security, Electron and Node.js, and Safe Application Communication
Smart desktop technology is changing the way we work, but bringing web technology to the desktop creates security issues that must be mitigated. In this white paper, Cosaic CTO Terry Thorsen discusses the architecture of desktop interoperability.
“The assessment team combined automated application vulnerability scanning, code review, and manual penetration testing techniques in order to rapidly locate attack vectors and simulate real-world exploitation. The Bishop Fox team did not identify any critical-, high-, medium-, or low-risk findings during the assessment.”
—Bishop Fox, globally recognized security firm