Agencies dream of commercial app stores
- By Zach Noble
- Apr 06, 2016
Federal agencies have spun up plenty of their own stores for mobile apps, but the ultimate fantasy is letting the existing commercial marketplaces -- specifically iTunes and Google Play -- handle the heavy lifting.
Could feds be downloading preapproved apps from iTunes within a couple years?
"I don't even think with research I could get that in two years," said Vincent Sritapan, a program manager in the Department of Homeland Security's Science and Technology Directorate. "That's aggressive."
Sritapan, who made the comments at the Advanced Technology Academic Research Center's Federal Mobile Computing Summit on April 6, amended his prediction to account for strong buy-in from vendors.
"I think it can be doable, even before two years," he said, as long as vendors maintain their tools rigorously and "vet them continually, forever."
His comments came on the heels of DHS issuing privacy guidelines for mobile apps.
"In our dream world, obviously, the commercially available app stores would do this for free, would do exactly what we're paying to do across government right now," said Jeff Blank, a technical director in the National Security Agency's Information Assurance Division.
The problem of keeping apps vetted persists whether they're hosted on a commercial or federal app store.
"We have to have a way to vet these very dynamically," said Rob Palmer, deputy chief technology officer in DHS' Enterprise System Development Office. A three-month review process for each app update won't cut it, he added.
Downloading preapproved apps from commercial stores is probably the way to go, he added.
"It almost has to work like that," Palmer said. "[When] a mission operator needs a particular capability at a certain time, they should be able to, in this environment, get to that capability very quickly, without extensive processes, and that's the top line I think, that we're trying to get to."
As far as keeping apps approved in the face of continuous updates, some of which might introduce security vulnerabilities, the feds said that's comes with the territory.
Blank said he's generally in favor of "permitting updates but keeping a watchful eye" on their content.
For Palmer, the question is about risk management: "How do we accept just enough risk to make our people productive?"
Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.
Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.
Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.
Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.