DHS recommends federal agencies integrate EMM & APP vetting solutions
A new study released August 28 by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) describes a continuous approach to mobile app vetting that integrates the capabilities of enterprise mobility management (EMM) solutions with app vetting tools to improve the security of mobile devices.
For the study—titled “Evaluating Mobile App Vetting Integration with Enterprise Mobility Management in the Enterprise”—S&T’s Mobile Security Research and Development Program enlisted the Homeland Security Systems Engineering and Development Institute (HSSEDI) to perform an independent evaluation of the integration capabilities of mobile app vetting and EMM solutions. The purpose of the study was to assess the maturity of the integrated solutions and provide guidance to federal agencies and to industry on integration and solution interoperability.
“The government is constantly seeking ways to improve the security of mobile devices and the enterprise systems that support them,” said William Bryan, senior official performing the duties of the under secretary for science and technology. “The study’s recommendation is a ready-made solution for most federal agencies, which separately use EMM and other solutions for security purposes. Combining the capabilities of these into an integrated solution will take device security to a higher level.”
During its work, HSSEDI evaluated two market-leading EMM solutions and compared the integration capabilities of each to those of six leading mobile app vetting solutions, which included both standalone app vetting tools and the app vetting capabilities of Mobile Threat Detection (MTD) products. The team performed 43 test cases involving a select set of commercial and custom-developed apps.
The S&T study recommends federal agencies adopt a continuous approach to standards-based mobile app vetting by integrating vetting tools with EMM and exploring nontraditional approaches, such as app threat intelligence. These approaches would improve overall federal system mobile device and enterprise security while also enabling employees to use apps to conduct business and accomplish their organization’s mission.
“This study validates that a holistic approach to security is essential to ensure mobile devices are in fact secure and available,” said Vincent Sritapan, S&T portfolio manager for physical & cybersecurity research. “It also shows that capturing the interoperability of mobile security solutions is a far more effective approach than simply running each separately.”