Without actionable plans to address security issues, agencies may struggle to elicit leaders’ investment in mobile apps. What’s needed is a mobile app lifecycle management approach that accounts for app security at every phase of the software development lifecycle—from planning and designing to testing and operations.
Consider five critical steps:
Make a business case - Contrary to popular belief, free apps are never really free. Determining whether to make, buy or adopt mobile apps and introduce them into the enterprise network requires agencies to gather a strong business case - to outline the business need, the available options and projected benefits.
Select the right development platform - From the earliest stages, agencies must select the right mobile development platform that supports agencies’ business models and enterprise IT and security architecture.
Build security from the beginning - Agencies must account for security from the outset, starting with requirements gathering and app design.
Apply effective app security testing - Both the Defense Information Systems Agency and the General Services Administration established mobile app security requirements relevant for federal government agencies. These requirements should be built into apps and verified through a sound security vetting process.
Manage and monitor app use - IT teams must control and monitor apps by distributing them through private app stores (when possible), configuring mobile apps with appropriate access and privileges, addressing processes for software patches and updates, monitoring application usage, scanning apps for vulnerabilities, and installing new security tools as they become available.