DHS S&T Study: Integrating EMM, App Vetting Improves Mobile Security

The Department of Homeland Security Science and Technology Directorate (S&T) released a study today that reveals how integrating enterprise mobility management (EMM) capabilities with mobile app vetting tools can improve mobile device security.

S&T’s Mobile Security Research and Development Program solicited the Homeland Security Systems Engineering and Development Institute (HSSEDI) to assess the maturity of integrating mobile app vetting and EMM solutions, and to respectively provide guidance to Federal government users and industry members on mobile device security.

The study states that EMM solutions can “provide enterprises with a centralized capability to manage their mobile devices, including any security risks associated with them,” while app vetting gives organizations “the ability to directly submit in-house-developed apps for analysis.” HSSEDI found in its evaluation that combining the approaches can automate the app vetting process, which S&T calls “continuous app vetting.”

“This continuous approach aims to strike a balance between security and the freedom to use apps that employees need to conduct business and accomplish the organization’s mission,” the report states. “This approach uses the analysis capabilities of app vetting tools to periodically inspect apps installed on enterprise devices for security issues and relay the results to the EMM solution for potential action.”

S&T’s study recommends that Federal agencies adopt a continuous approach to standards-based mobile app vetting with a process that combines EMM and app vetting, as well as exploring other approaches like app threat intelligence.

“This study validates that a holistic approach to security is essential to ensure mobile devices are in fact secure and available,” S&T Portfolio Manager for Physical & Cybersecurity Research Vincent Sritapan said in a press release. “It also shows that capturing the interoperability of mobile security solutions is a far more effective approach than simply running each separately,” he said.

Categories

Recent