Today federal agencies are required to adopt mobile technology to improve citizen service. The growing risks associated with delivering mobile enterprise services to consumers make it critical to address mobile application management and mobile device management. These mobile enterprise services require a comprehensive mobile application and mobile device life cycle management framework consistent with industry standards and trends. Successful deployment of applications also requires revamping of the identity and access management strategy to enhance security. This framework must address mobility, services, data, privacy, device sanitization, network modernization, and application deployment (NIST 2012-2015).
Three of the main considerations for CIOs are capabilities, cost, and security. (CIO Council 2012). CIOs have a variety of decisions to make as most of the risks associated with the adoption of mobile applications for digital government services fall within these considerations. When users access endpoint devices, networks, networked applications or web applications that required some type of authentication, there must be a strategy in place to address what mechanism(s) will be employed for identity verification and access authorization. Mobile identity integrates identity and access management with enterprise mobility management. Mobile identity verification should answer: who are you, where are you connecting from (location), and which device is connecting to the infrastructure.
Risk associated with mobile application deployment include (CIO Council 2012, 2013):
These risks factors should be addressed during the planning phase of the mobile application life cycle. Additionally, the following recommended best practices for mobile application implementation will ensure a successful deployment. Listed below are a few recommended practices (Garcia 2012).
In conclusion a successful mobile application deployment framework will (Garcia 2012):
CIO Council (2012), GOVERNMENT USE OF MOBILE TECHNOLOGY: Barriers, Opportunities, and Gap Analysis, Retrieved from: https://cio.gov/wp-content/uploads/downloads/2012/12/Government_Mobile_Technology_Barriers_Opportunities_and_Gaps.pdf
CIO Council (2013), Adoption of Commercial Mobile Applications within the Federal Government: Digital Government Strategy Milestone 5.4, Retrieved from: https://cio.gov/wp-content/uploads/downloads/2013/05/Commercial-Mobile-Application-Adoption-DGS-Milestone-5.4.pdf
Garcia, Jorge (2016), Moving Beyond the Basics: Key Considerations for Successful Adoption of Mobile Platform, Retrieved from: http://www.vnsgmagazine.nl/ExecutiveDiner/7_SuccessfulAdoption.pdf
Souppaya, Murugiah and Scarfone, Karen (2012), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-124 Revision 1 (Draft), Guidelines for Managing and Securing Mobile Devices in the Enterprise (Draft), Retrieved from: http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
Hildegard Ferraiolo, Hildegard, Feldman, Larry, and Witte, Greg (2014), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials, Retrieved from: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-157.pdf
Steve Quirolgico, Steve, Voas, Jeffrey, Karygiannis, Tom (2015), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-163 Revision 1 (Draft) (2015), Vetting the Security of Mobile Applications, Retrieved from: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-163.pdf
Computer Security Division Information Technology Laboratory (2013), Revised Draft Federal Information Processing Standard (FIPS) 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors. (Introduction of PIV-derived credential), Retrieved from: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf