5 steps to setting up an agency app store

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Henry Kenyon
 

Connecting state and local government leaders

By Henry Kenyon

|

Building an app store can be the best way to make sure employees are using the right mobile apps. Here's a checklist to help you get there.

Applications are the heart of what make mobile devices so very useful to public and private organizations.

But developing, acquiring and managing applications within a federal agency’s IT architecture presents administrators with a number of challenges. How do you make sure the apps your employees use are secure and compatible with your systems? One way to handle these issues is through a Web- and mobile-accessible site or storefront.

Enterprise applications stores provide federal agencies with a single place for personnel to access approved applications. Mobile device software, either commercial or developed in-house, can be approved and made available through the storefront.

Related coverage:

DISA to roll out defense-wide mobility plan

NASA: Moving to mobile is win-win

Besides providing a single source for applications, large agencies with many constituent organizations can create federated stores that have an enterprisewide main page with links leading to agency-specific applications.

But what steps do agencies need to take to establish their own enterprise applications stores? Here’s a checklist of five steps federal agencies are taking to establish their own sites for mobile applications.

1. Preparation

The Defense Department is the government organization most involved in developing mobile applications and aggressively adopting mobility policies on a wide scale. Coordinating and managing this process is the job of the Defense Information Systems Agency (DISA), which is working to set up classified and unclassified enterprise mobility services across the DOD. A central part of this effort is establishing an enterprise applications store, which is scheduled to be running by the end of this summer, said Rear Admiral David Simpson, DISA’s vice director.

One of the agency’s goals is to create an “ecosystem” of services, ranging from mobile device management capabilities supporting a variety of mobile devices across the DOD to the applications store that will also serve as a gateway to other stores run by the individual service branches.

While DISA is working on its enterprise applications store to serve the entire DOD, the individual services have been working on their own efforts. One example is the Army Apps program, which was an effort to determine if the service could set up and run its own applications store.

“The Army wanted to know: Do we have soldiers and government civilians who can write apps, and if so, should we be teaching them to write apps?” said Lt. Col. Gregory Motes, chief of the Army Mobile Applications Branch at Fort Gordon, Ga.

One result of the Army Apps program was the establishment of the Army Mobile Applications Branch, which is responsible for identifying and training personnel—mostly officers—to write mobile applications.

Since 2010, Motes's group has written some 90 applications, nearly two thirds of which have been made available on the iTunes or Android markets. One reason for focusing on these commercial stores is that they offer a distribution mechanism that can reach a wide group of users and provide useful feedback from the field. The group’s applications have been downloaded nearly 1.4 million times, he said.

2. Accreditation

Once an organization sets up its app store, it must put processes in place to ensure both the security and network interoperability of those applications. That’s where accreditation comes into play.

A key part of DISA’s mobility program is to establish applications stores in agency data centers, Simpson said. DISA also is creating a hierarchical process with service-run app stores to create a unified store front. “That’s the easy part, in my mind,” he said.  

A more pressing challenge is getting applications into the store without overly burdensome layers of accreditation, or official documentation. What has made mobility so useful in the commercial world is the ability to rapidly create applications from a very diverse part of the workforce. “We need to be able to do that in a repeatable and secure way,” Simpson said.

DISA is using its experiences with Forge.mil, an open-source software development site, and provisioning-on-demand to embed just the right amount of certification into the process in an automated fashion, where possible, Simpson said. This will ensure that properly vetted apps are posted in the store and that guidelines are in place to detect anomalous activity.

Although DISA has not yet achieved built-in application vetting, Simpson expects that the agency will soon determine what the right balance is for the process. For example, the agency may be able to support a device-aware and application-aware security capability for DOD communities requiring high-level access. But this capability also would turn off certain applications that do not have the same level of security required for some specific environments. Simpson expects this approach to be used to tailor security for a diverse set of users with a wide range of mission sets.
 
3. Security

Securing applications so they behave on an enterprise network is both a challenge and a headache facing many federal agencies considering mobile device programs.

One way to provide application security is to avoid the classic IT model of firewalls and protected end-user devices by moving the security directly onto the applications, said Sasi Kumar Pillay, NASA’s chief technology officer for IT. Embedding security features into applications offers a number of advantages over traditional models because security can be fine tuned on an application-by-application basis.

Built-in security allows organizations to perform “risk-based decision-making,” which permits applications with varying levels of security to coexist on the same mobile device, Pillay said. This process also allows organizations to launch highly focused, or “granular,” security policies that offer better, more flexible defensive options than traditional perimeter methods. 

For example, security policies can be written that would restrict access to a particular application to a list of approved individuals with certain roles in an organization. Use of the application can be further restricted to the time of day and location of the individual, such as on the organization’s campus, Pillay said.

What mobility offers public and commercial enterprises is the ability to take advantage of a growing confluence of technologies and opportunities, such as granular security. “Mobility is going to be the thing of the future,” he said. “It already is the thing of the present, and what we are trying to do is adopt to that type of environment.”

The Army’s app program initially avoided many of the security issues by focusing most of its development efforts on applications that will run on unclassified networks. This was partially a decision to expedite the accessibility of mobile applications for military personnel and to collect feedback, said Motes.

Other Army efforts are working with the National Security Agency, academia and commercial companies such as Google to develop more secure versions of the Android operating system. Like much of the federal government, the military is also continuing to use BlackBerry devices and servers because of their inherent security features. DOD is also working with Apple and Good Technology on improved security technologies for mobile devices, Motes said.

4. Look before you leap

When agencies set up their own apps stores, they need to avoid trying to reinvent the wheel, said Chris Schroeder, chief executive officer of App 47. He recommends that organizations consider two things when thinking about setting up an enterprise applications store.

First, agencies should see if this is really what they need to do. They should not try to build their own applications store or write own applications if there are commercially available alternatives, Schroeder said. Although there are technical challenges associated with setting up a virtual storefront and deploying applications, agencies need to view them from a cost-effectiveness perspective.

Regardless of an organization’s security requirements, Schroeder said that commercial applications and models can meet almost all of their needs. He noted that in the commercial sector, financial and health care institutions have high security requirements and support a robust vendor ecosystem to supply them. Government organizations can easily tap into this pool of vendors, he said.

The second piece of advice is to begin with the end in mind. Agencies need to think beyond establishing their apps stores and plan through the following steps: upgrades, customers and managing the applications on their storefront. Schroeder said that CIOs need to think back to the early days of the Web. When organizations first began building their Web sites, there was an explosion of applications to support them. This was a great time for agencies because it let small offices and units on the military side to develop applications that allowed them to do their jobs more efficiently and in scale.

But the proliferation of Web sites and applications created deployment and performance issues, which created the need for lifecycle management solutions for Web applications. “My point is that we’ve been through this problem before. The problem is that new disruptive technology gets introduced to the IT organization, the organization has to react to it,” he said.

5. The applications

But once federal agencies have set up their applications stores and the underlying infrastructure to support them, what choices do they have? Federal agency applications can be written in-house or they can be bought, accredited and made available through the apps store.

Both Schroeder and Pillay advise organizations to look to the commercial sector for readily available applications. Agencies can work with vendors to modify existing applications for their use or in some cases where security or operational requirements call for their use, they can develop their own in-house tools. 

Several examples of in-house applications include one developed by the Army Mobile Applications Branch that is designed to allow mobile devices to scan code bars on pieces of equipment in communications trailers. Each piece of equipment has a specific data code that identifies it, its function and replacement/reorder options when called up on a soldier’s mobile device. The application was developed to help logistics and communications specialists with tracking and identifying gear when performing maintenance.

The Federal Aviation Administration recently launched a pilot effort to equip flight and maintenance personnel with Apple iPads. As a part of this program, personnel in various branches of the organization wrote applications to support their jobs. FAA lawyers wrote an application that allows them to store and play radar tracks of flight violations. FAA officials noted that, with the app, most cases are settled before trial when defendants are presented with the evidence. The officials noted that this saves the administration $100,000 per court case.

An example of a widely used application developed with a commercial vendor is the Defense Connect Online mobile application, which was developed by DISA and Carahsoft. A mobile version of a widely used desktop web tool, DCO is built around Adobe Connect and the Cisco Jabber chat function. The application allows users to remotely set up and manage meetings and share information over unclassified networks.

NEXT STORY: Government's serious pursuits sometimes call for a game

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.