Agencies dream of commercial app stores

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Zach Noble

By Zach Noble

|

The future of mobility lies in finding the right ways to update mobile apps securely without impeding their main selling point: speed.

Federal agencies have spun up plenty of their own stores for mobile apps, but the ultimate fantasy is letting the existing commercial marketplaces -- specifically iTunes and Google Play -- handle the heavy lifting.

Could feds be downloading preapproved apps from iTunes within a couple years?

"I don't even think with research I could get that in two years," said Vincent Sritapan, a program manager in the Department of Homeland Security's Science and Technology Directorate. "That's aggressive."

Sritapan, who made the comments at the Advanced Technology Academic Research Center's Federal Mobile Computing Summit on April 6, amended his prediction to account for strong buy-in from vendors.

"I think it can be doable, even before two years," he said, as long as vendors maintain their tools rigorously and "vet them continually, forever."

His comments came on the heels of DHS issuing privacy guidelines for mobile apps.

"In our dream world, obviously, the commercially available app stores would do this for free, would do exactly what we're paying to do across government right now," said Jeff Blank, a technical director in the National Security Agency's Information Assurance Division.

The problem of keeping apps vetted persists whether they're hosted on a commercial or federal app store.

"We have to have a way to vet these very dynamically," said Rob Palmer, deputy chief technology officer in DHS' Enterprise System Development Office. A three-month review process for each app update won't cut it, he added.

Downloading preapproved apps from commercial stores is probably the way to go, he added.

"It almost has to work like that," Palmer said. "[When] a mission operator needs a particular capability at a certain time, they should be able to, in this environment, get to that capability very quickly, without extensive processes, and that's the top line I think, that we're trying to get to."

As far as keeping apps approved in the face of continuous updates, some of which might introduce security vulnerabilities, the feds said that's comes with the territory.

Blank said he's generally in favor of "permitting updates but keeping a watchful eye" on their content.

For Palmer, the question is about risk management: "How do we accept just enough risk to make our people productive?"

NEXT STORY: What Makes a Good Coder?