recommended reading

Fed Tech

Brought to you by: CDW-G

Sponsor Content What's this?

Why Oak Ridge and Other Agencies Have Opened Their Own App Stores

TYLER OXENDINE

Apple famously told consumers, “There’s an app for that” to underscore the unlimited productivity potential of smartphones and tablets. But a mobile app that simply does its job will never be enough for most federal agencies.

With large numbers of employees and unique security concerns, agencies require more from an application than the standard commercial user requires. Apps need to be secure, scalable and manageable from an enterprise level, among a list of other qualifications.

Oak Ridge National Laboratory is one of many agencies that have created their own internal app store, building out agency-specific iTunes-like marketplaces that let employees download agency and commercial apps that meet government specifications.

The Oak Ridge store stocks internally developed apps for activities such as inputting time, checking purchase requests and locating other employees as well as off-the-shelf products from makers such as Citrix Systems and Adobe.

“A unified storefront for all business-related applications is a way we can support individual staff members and the laboratory’s overall mission,” says Suzanne Willoughby, Oak Ridge’s group leader for client computing operations. “It offers a one-stop shopping experience and convenient access to custom and commercial apps, which enable greater productivity and more time for science and research.”

Providing Relevant Apps

Like any marketplace, app stores succeed when they stock products customers want. For agencies, that means curating selections that are relevant to users and manageable for the agency.

More does not always mean better. Most organizations need only a handful of apps to make employees productive, but it’s the quality of apps that make them relevant. Curated apps are easier for employees to find, minimizing the chance an employee downloads one infested with malware.

The National Geospatial-Intelligence Agency, for example, takes an innovative approach with its GEOINT store, which hosts mobile and desktop apps for the Defense Department and intelligence community.

The Innovative GEOINT Application Provider Program (IGAPP), created to attract developers and grow the app selection for users, stocks the store. IGAPP includes an environment where developers can build their code so it meets NGA governance criteria. A testing group further assesses each app’s usability.

“We saw that there were a lot of people out there developing applications, but they didn’t have a central place to host those,” says Shana Simmons, GEOINT capabilities integration officer. “The majority of our applications come from other agencies.”

“We pay per download, incentivizing vendors to build programs that are useful and fit customer needs,” she continues. “This is a program and a commercial model that’s never been done in government.”

Managing App Store Fragmentation

Of course, running an app store brings a unique set of challenges. For one, some agencies must build a store that supports both mobile devices and PCs.

“We’re a Windows/Mac/Linux environment,” Willoughby says. “With all those systems pulling from separate stores, it is a challenge to procure apps for each user and then put them in a one-stop shop.”

Agencies must also manage apps purchased from external stores.

“We have to make sure we can recover apps purchased with government funds if the person leaves,” says Tina Snyder, Oak Ridge team lead for mobile research and development. “We’re just starting with Apple’s volume licensing program and how to manage purchases for both desktop and mobile.”

Oak Ridge has a bring-your-own-device policy that lets employees use personal smartphones and tablets at work, which also creates app challenges, Willoughby says.

When an agency issues a device, it can standardize on fewer platforms — typically Android, iOS or both — to cut costs. With BYOD, some employees introduce BlackBerry and Windows devices. If a federal store supports outsiders such as contractors, the device pool can grow even larger. For Oak Ridge, BYOD led to an influx of Windows 10 tablets, Willoughby says.

To accommodate as many platforms as possible, Oak Ridge encourages the use of cross-platform programs developed with HTML5, rather than native apps. That precludes needing a separate app for each platform, along with operating system variations.

Other hurdles crop up too. For example, some Oak Ridge employees want to use personal Windows devices with Oak Ridge licensed apps.

“We don’t allow our Microsoft authentication to occur on nongovernment devices,” Snyder says. “A good example is Office 365. We struggle with how to secure the program so only government-owned equipment can utilize it, or whether there’s a way to allow BYOD users some access but prohibit features such as mail and OneDrive.”

There’s a security angle as well, one that spans all devices, regardless of operating system or ownership. If employees can’t get an approved app — either because they don’t have access to an agency app store, or they find it difficult to navigate — they may use an unapproved alternative, or bypass approved apps in lieu of personal accounts.

Looking Ahead to What's Next 

For years, BlackBerry dominated the federal smartphone market, but now all kinds of devices are in use. To stay current, app stores must keep an eye on what’s next to support future OS and device types.

“You need to look not just at what the users have today but what they’re going to have in the future,” Snyder says. “We haven’t implemented anything for Windows yet because it was such a small percentage of our user base.”

With Windows 10 and the ability for the device management solution to manage both the Microsoft OS and Mac OSs, it changes the paradigm, she says. “You must prepare, even if it’s not something you use right now.”

The same is true for wearables — IGAPP recently tested a smartwatch app. Simmons sees wearable preparation as part of the store’s customer-centric goal.

“We don’t want to give customers just what they need today,” she says. “We want to give them what they haven’t anticipated yet.”

Regular Refreshes 

Like most software, apps need regular updates to plug security holes and add features. Agencies can pair their app store with a mobile device management platform that can push out updates to multiple registered devices.

Oak Ridge National Laboratory uses MDM to manage its government-issued devices. For employees who take advantage of the laboratory’s bring-your-own-device policy, it depends on whether Oak Ridge manages an app or just presents it to employees; for instance, via a link to the Google Play store.

One wild card is when a store stocks a custom version of an app that doesn’t necessarily have all the security patches in place. In that case, Oak Ridge tries to push employees to more secured versions.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats