DIG IT AWARD FINALIST: MOBILE
At DHS, software assurance goes mobile
- By Karen Epper Hoffman
- Sep 26, 2016
A mobile workforce is emerging faster than many agencies are prepared to handle. But a new mobile security program, developed by the Department of Homeland Security, is proving that reducing the security risks of third-party applications is not such a remote possibility.
As the use of mobile applications has risen among government employees, so too has the risk of becoming a target of hackers. Thus, government agencies are seeking technologies to help ensure the security of the mobile applications their employees use.
To that end, DHS' Science and Technology Directorate deployed Kryptowire's mobile app software assurance tools, a cloud-based research and development system for assessing risk, analyzing vulnerabilities and archiving mobile applications.
Using the tools, information security professionals can analyze the functional capabilities of and essentially vet third-party mobile applications without having access to source code. In addition, the program enables system managers to act swiftly to enforce agency security policies, including preventing access to files and sensitive data, device sensors, cameras and networks, which is especially critical because "the technology landscape is changing at an ever-faster rate, and the security stakes are becoming higher," said Vincent Sritapan, program manager for mobile security research and development at DHS directorate's Cyber Security Division.
"The mobile app software assurance program has managed to address a real and pressing problem, has transitioned the technology into the hands of agencies…and has also helped make the technology available through the [General Services Administration's] IT Schedule 70 to get it into the hands of those that need it much faster," he said. "We started with a real need and delivered a technology that is commercially viable and best in class."
The project has quickly matured, with DHS headquarters, the department's "Mobile Carwash" effort, Customs and Border Protection and the Federal Emergency Management Agency all working together to share evaluations on mobile applications. Ultimately, DHS aims to make continuous mobile application vetting an automated process for all government agencies.
Note: This article was updated on Sept. 28 to clarify that DHS' Mobile App Software Assurance Research and Development Project and "Mobile Carwash" are separate initiatives.
Karen Epper Hoffman is a freelance writer based in the Seattle area.