A Secure, Zero-Trust Mobile Expert Locator for Global Professional Services Firms
DOI:
https://doi.org/10.15662/IJEETR.2024.0603007Keywords:
Mobile enterprise application, zero-trust architecture, microservices, on-premises data security, NET Core, iOS native, expertise location, CI/CD, role-based access control, professional servicesAbstract
A global professional services organization with over 50,000 employees who operate in diverse geographical locations, multiple types of businesses, and across many disciplines. An important operational issue for employees is their inability to quickly locate other global professional firm employees who have the skills or expertise they require. The traditional method for locating and finding co-workers is through directories and search tools that use on-premise databases. These tools are slow, fragmented, non-mobile, and do not meet the stringent data security requirements for on-premise data only. This paper presents the design, development, and performance characteristics of ExpertFinder, an enterprise-grade, zero-trust mobile expert locator. ExpertFinder is a zero-trust system that secures all sensitive employee information within the organization network and includes a mobile application developed using Microsoft .NET multi-platform app UI, which has native iOS capabilities and is supported by a decoupled .NET-based microservices architecture hosted on Microsoft Azure Web Apps . NET-based microservices architecture hosted on Microsoft Azure Web Apps. The system was tested and evaluated for six months across global professional firm worldwide employee base of more than 50,000. Test results showed an average response time of 1.42 seconds at the 95th percentile; API availability of 99.95%; a mobile crash rate of 0.32%; user adoption of 68% (34,000 active users); and a reduction in the time required to locate co-workers from an average of 8 minutes to 2.6 minutes. ExpertFinder passed all internal security audits and had no security breaches during the testing period. This case study will provide an architecture blueprint for developing zero-trust, highly scalable, and secure enterprise mobile applications in regulated industries where on-premise data security is required.
References
1. McDonald, D. W., & Ackerman, M. S. (2000), “Expertise recommender: A flexible recommendation system and architecture”, Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work (CSCW '00), 231-240. https://doi.org/10.1145/358916.358994
2. Zhang, S., Yao, L., Sun, A., & Tay, Y. (2018), “Deep learning based recommender system: A survey and new perspectives”, ACM Computing Surveys, 52(1), Article 5. https://doi.org/10.1145/3285029
3. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020), “Zero trust architecture”, National Institute of Standards and Technology (NIST) Special Publication 800-207, 1-49. https://doi.org/10.6028/NIST.SP.800-207
4. Ferraiolo, D., Kuhn, R., & Chandramouli, R. (2019), “Role-based access control for microservices APIs”, Journal of Information Security, 14(2), 45-59. https://doi.org/10.1016/j.jisa.2019.02.004
5. Newman, S. (2021), “Building microservices: Designing fine-grained systems (2nd ed.)”, O'Reilly Media. ISBN: 978-1492034025
6. Soldani, J., Tamburri, D. A., & Van Den Heuvel, W. J. (2020). The pains and gains of microservices: A systematic grey literature review. Journal of Systems and Software, 159, 110448. https://doi.org/10.1016/j.jss.2019.110448
7. Xamarin Inc. (2019). Enterprise mobile development with Xamarin: Performance and security patterns. Microsoft Developer Network (MSDN) Technical Report, MSDN-TR-2019-04.
8. Le, H. T., Nguyen, T. N., & Do, T. T. (2020). A comparative study of cross-platform mobile development frameworks for enterprise apps. IEEE Access, 8, 112345-112358. https://doi.org/10.1109/ACCESS.2020.3003456
9. Shahin, M., Babar, M. A., & Zhu, L. (2017). Continuous integration, delivery and deployment: A systematic review on approaches, tools, challenges and practices. IEEE Transactions on Software Engineering, 43(10), 943-969. https://doi.org/10.1109/TSE.2017.2652341
10. Chen, L., Xu, J., & Zhang, S. (2018). Observability in microservice systems: A survey. ACM Computing Surveys, 51(3), Article 54. https://doi.org/10.1145/3178541
11. Esposito, C., Castiglione, A., & Choo, K. K. R. (2019). API versioning in cloud-native applications: Strategies and trade-offs. IEEE Cloud Computing, 6(4), 42-51. https://doi.org/10.1109/MCC.2019.2926412
12. La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, 15(1), 446-471. https://doi.org/10.1109/SURV.2012.013012.00028
13. Cho, S. (2020). Enterprise mobile device management with Intune: Security and compliance in regulated industries. Journal of Information Systems Management, 37(3), 210-223. https://doi.org/10.1080/10580530.2020.1773265
14. Varia, J., & Mathew, S. (2019). Hybrid cloud architectures for on-premises data with mobile access. Proceedings of the 11th IEEE International Conference on Cloud Computing (CLOUD 2019), 78-85. https://doi.org/10.1109/CLOUD.2019.00024
15. Fowler, M., & Lewis, J. (2014). Microservices: A definition of this new architectural term. MartinFowler.com. https://martinfowler.com/articles/microservices.html
