LATEST THINKING


The mobile security issue that federal agencies cannot ignore

Improving security with mobile application lifecycle management

Background

The White House Digital Government Strategy requires agencies to adopt mobile technology to improve citizen service. This mandate—and the fact that citizens and federal employees demand the same mobile access from government that they enjoy in their daily lives—has spurred momentum for mobile adoption among federal agencies.

Already, initiatives have involved identifying secured devices and addressing mobile device management and mobile application management. Today, agencies are also focusing on building secure mobile apps. In fact, the CIO Council reports that typical federal agencies are using between five and 20 apps. Deploying mobile apps to unlock workforce productivity is a logical next step.

Introduction

Some federal agencies have begun to pilot processes and controls to secure mobile applications. This reflects the growing importance of mobile app security as federal agencies provide more mobile-enabled digital government solutions to the workforce and to citizens.

With sensitive data at risk, agencies must address mobile security early and often as part of their mobile technology strategy. Mobile app lifecycle management is a proactive and systematic approach to build in protection and address risks up front. Why? While enterprise provisioned security policy can harden the device, mobile devices are only as good—and as secure—as the apps installed on them are.

Analysis

Without actionable plans to address security issues, agencies may struggle to elicit leaders’ investment in mobile apps. What’s needed is a mobile app lifecycle management approach that accounts for app security at every phase of the software development lifecycle—from planning and designing to testing and operations.

Consider five critical steps:

Make a business case - Contrary to popular belief, free apps are never really free. Determining whether to make, buy or adopt mobile apps and introduce them into the enterprise network requires agencies to gather a strong business case - to outline the business need, the available options and projected benefits.

Select the right development platform - From the earliest stages, agencies must select the right mobile development platform that supports agencies’ business models and enterprise IT and security architecture.

Build security from the beginning - Agencies must account for security from the outset, starting with requirements gathering and app design.

Apply effective app security testing - Both the Defense Information Systems Agency and the General Services Administration established mobile app security requirements relevant for federal government agencies. These requirements should be built into apps and verified through a sound security vetting process.

Manage and monitor app use - IT teams must control and monitor apps by distributing them through private app stores (when possible), configuring mobile apps with appropriate access and privileges, addressing processes for software patches and updates, monitoring application usage, scanning apps for vulnerabilities, and installing new security tools as they become available.

Recommendation

Mobile apps are consumer-driven and abundant. They are also an important part of the future of the federal government, so getting security right is essential. Agencies must take action—starting from day one with a comprehensive mobile app lifecycle management approach. They must address mobile app security holistically and with the mindset that the work is never truly done because the threats are constantly evolving with the technology. Keeping pace demands continuous security monitoring and control with the right tools and process governance. True enterprise security is impossible without mobile app security.

READ “THE MOBILE SECURITY ISSUE THAT FEDERAL AGENCIES CANNOT IGNORE” [PDF, 209 KB]

Results

Working together, the company has:

  • Improved speed of business decision making by fetching terabytes of data in less than couple of hours, 10 times faster than any other ETL tool.

  • Developed more actionable insights through greater granularity of reporting on topics such as customer spending by segment, customer journey from first purchase, effectiveness of purchase paths and cause of dropped purchases.

  • Increased revenue based on better targeting of marketing campaigns to users by analyzing the effectiveness of partner websites and tactics.

  • Achieved a multifold volume reach in marketing campaigns using new customer insights, as compared to earlier email campaigns.

  • Developed a baseline of consumer behavioral trends which will better inform the five-year product development forecast and plan.