Agencies dream of commercial app stores
- By Zach Noble
- Apr 06, 2016
Federal agencies have spun up plenty of their own stores for mobile apps, but the ultimate fantasy is letting the existing commercial marketplaces -- specifically iTunes and Google Play -- handle the heavy lifting.
Could feds be downloading preapproved apps from iTunes within a couple years?
"I don't even think with research I could get that in two years," said Vincent Sritapan, a program manager in the Department of Homeland Security's Science and Technology Directorate. "That's aggressive."
Sritapan, who made the comments at the Advanced Technology Academic Research Center's Federal Mobile Computing Summit on April 6, amended his prediction to account for strong buy-in from vendors.
"I think it can be doable, even before two years," he said, as long as vendors maintain their tools rigorously and "vet them continually, forever."
His comments came on the heels of DHS issuing privacy guidelines for mobile apps.
"In our dream world, obviously, the commercially available app stores would do this for free, would do exactly what we're paying to do across government right now," said Jeff Blank, a technical director in the National Security Agency's Information Assurance Division.
The problem of keeping apps vetted persists whether they're hosted on a commercial or federal app store.
"We have to have a way to vet these very dynamically," said Rob Palmer, deputy chief technology officer in DHS' Enterprise System Development Office. A three-month review process for each app update won't cut it, he added.
Downloading preapproved apps from commercial stores is probably the way to go, he added.
"It almost has to work like that," Palmer said. "[When] a mission operator needs a particular capability at a certain time, they should be able to, in this environment, get to that capability very quickly, without extensive processes, and that's the top line I think, that we're trying to get to."
As far as keeping apps approved in the face of continuous updates, some of which might introduce security vulnerabilities, the feds said that's comes with the territory.
Blank said he's generally in favor of "permitting updates but keeping a watchful eye" on their content.
For Palmer, the question is about risk management: "How do we accept just enough risk to make our people productive?"
Zach Noble is a former FCW staff writer.