Feds work to speed mobile app assessments, development
The explosion of widely available mobile applications continues to put the squeeze on federal agencies, whose leaders are struggling to empower their workforces using modern mobile applications, and still do so securely.
That dilemma was put in stark perspective by the Department of Homeland Security‘s Vincent Sritapan, a program manager at the agency’s Cyber Security Division, during a government IT forum Tuesday.
“We’re looking at 2.4 million apps across Google Play and Apple iTunes on a continuous basis,” to assess which apps might help employees work more effectively, he said, and more importantly, determine how safe they are, knowing that employees are constantly trying new apps.
The proliferation of mobile apps, and open software development kits to create them, also suggests the opportunities agencies have before them to better equip — and attract — employees who’ve grown used to using well-designed mobile apps, the panelists suggested.
DHS recognizes that mobile apps are a “force multiplier,” Sritapan said, speaking at an IT conference held by Red Hat Government and produced by FedScoop. The challenge is discerning which commercial apps can do certain tasks more effectively than building apps in-house and then making sure they are cleared for use, he said.
To keep up, Sritapan said his division has partnered with a number of DHS component agencies, the National Institute of Standards and Technology, and other groups, to develop common criteria and automated software tools that allow the Cyber Security Division to continuously catalog and review mobile applications to identify suitable apps. The division can also spot software changes that could undermine the security of approved applications.
The automated system looks at data elements and the data schema within each application, regardless of who makes it, “to determine if it’s good enough for your mission.” And it can determine when those elements have changed. “If the app changes, we have to look at it again” for security, he said.
A lot is riding on the approach. The Cyber Security Division is taking the lead in “trying to solve mobile app security for the federal government,” Sritapan said in July, in a prepared statement, when the division released a $2.9 million mobile app security research contract.
But many agencies still face the need to develop custom apps – along with mounting pressure to develop them much more quickly.
Panelist Kevin Burnett, technical manager at the US Navy Department, noted that while the Navy has historically been slow to meet sailor’s demands for modern mobile apps, it had made some headway recently with the launch of its eDIVO app in March.
The mobile app was designed to provide division officers easy access to more than 44 documents and 8,300 pages of information to help them with their day-to-day management of personnel and divisional affairs.
The app, and the underlying process for developing, took just six months, according to Burnett.
But Rob Samuels, director of mobile applications for SAIC, warned that agencies trying to develop their own apps often fail to understand, and typically underinvest in, the user experience.
“There’s a tendency in [government] to give a short amount of attention to the design and usability of mobile apps. We tend to focus more on legacy systems and [building] bridges to new systems, without allocating enough budget to the design of applications,” he said. “Every pixel is precious on a tablet or mobile device.”
If an app depends on “a mouse and a 17-inch monitor, [mobile users] are never going to use that app again,” he said, adding that, “Apps deserve the same level of crisp user experience people see in an Amazon-like environment.”
Consumer app stores have also shaped what people expect to get for their money in the way of utility, said Peter O’Donoghue, brand manager for CSC’s Custom Platform Services division.
Developers will say, “This is what it will take to design a mobile app,” which can require sizable budgets. But it’s hard to overcome the objection from “folks who will say, ‘Yes but it only costs a buck on iTunes.’”
