Research Paper on Data Security & Availability - A Growing Concern in Tech

Introduction

There is an enormous data amount present in the current technology. Information access is becoming a common aspect in the current growing technology. Modern gadgets are designed to process unlimited data available. Data consistency and security has been the primary concern in non-governmental and non-governmental organizations as well as individuals across the globe. Most businesses ensure data availability to their customers as well as providing necessary security to such information. The Government has provided directives to developers through the government act on designing and development of mobile-friendly apps and websites for providing information to the public and running government services.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

According to the whistleblower of the initiative, Rep Robin Kelly, "most of the citizens in the United States rely on mobile apps and websites to access government information and services." Therefore, the Government must keep UpToDate with the current trends in technology (Cordell, 2019). The Government plays a significant role in ensuring its subordinates are provided with the right information and are kept updated with the current innovative trends. The paper focuses on establishing a clear understanding of Government mobile app security assessment within the United States.

Mobile apps may exist in different kinds; however, for effective delivery of government information over mobile apps, there is a need to develop secure and useful mobile apps to be used across multiple platforms. An excellent example of improvised federal apps used within the United States includes FBI Child ID, WISER (Wireless Information for Emergency Responders), and MYTSA. Apps such as MYTSA are useful when assessing the dos and dons during plane travel. WISER is a government app intended for hazmat teams and first responders, which help in determining whether a given individual is exposed to toxic waste or deciding cites for disposing of toxic substances ("nvlpubs.nist.gov," 2019). The app is embedded with GIS characteristics for assessing the area under contamination.

Other apps such as the FBI Child app is mandatory for parents ("19 of the Coolest Government Mobile Apps | GovLoop", 2019) The app is essential in reporting critical cases such as missing child, and exploited child. The parents are expected to report individual cases on children called the National Center for Missing and Exploited Children depending on the information provided during the app registration. The presence of these apps in government agency proves a certain degree of importance in society. However, since the app presents critical information, they are subject to Cybersecurity attacks if they have vulnerabilities ("Mobile Security Reference Architecture," 2013). Therefore, the apps need special security requirements that need to be catered for before the apps are deployed to the public domain. Safeguarding these apps is the major issue being faced by the federal agency as they try to determine how information is stored, manipulated, and used within the apps due to the underlying sensitivity concern. The main goal of the federal agency is achieving maximum security to mobile apps to avoid vulnerabilities that may pose a potential threat to higher systems.

Federal Government Requirements

Security for the developed mobile apps is a major concern area for both the Government and the potential end-users. Due to accountability issues and liability concerns in case of a data breach to the developed apps, the Government ensures strict measures on ensuring security is directed to the developers. The Government ensures any mobile app developing firm for government mobile apps adhere to the set security levels. Agencies such as NIST 800-163 focus on the Security of Mobile applications vetting and is concerned about how a company should develop security features in as system specifying questionable security considerations ("OWASP/was-msg", 2019). The agency focuses on user acceptance level, the application to be run environment, and how the app will use data.

To ensure a given app meets the set guidelines, a defined process of assessing the security level of a given app is developed. Security assessment of an app involves several activities; implementation plan, app vetting process, app vulnerability assessment, and thorough testing technique to assess vulnerabilities. The method of vetting the app also includes the determination of whether the app should be accepted and deployed in the public domain category.

Mobile Security Conceptual Architecture

To understand the current needs for application security, an architectural presentation of the conceptual model in the form of the Data flow diagram is presented. The structural pattern shows the critical aspects of a secure system such as data availability, integrity, and confidentiality through a mobile computing environment. The MSRA incorporates features presented in the Federal mobile application security initiative to give maximum interoperability levels. In the perceptual model, services that have a direct influence in an organization are shown in orange. The various services with direct control of an organization include the applications running a given mobile device, the device infrastructure, and the mobile device itself. The organization service interacting with the mobile services through the Federal agency directives are presented in green.

Figure 1: Mobile Security Reference Architecture (Mobile Security Reference Architecture, 2013).

Industry Recommendations

Data storage - all critical data being processed over the mobile devices should be appropriately stored with set security controls with secure back-up procedures in case of data loss. The industry also gives recommendations on threat modeling. The requirement is to carry an evaluation on the apps and identify any realized threats to the app and the operating system. The developers should ensure all stated security goals are met during the app development life cycle. The industry should ensure all Cryptographic vital values are generated randomly and are never reused or even using obsolete protocols, which can act as a potential system breach. Secure authentification and verification methods should be used for the end-users. The user should log in in a safe manner; the applications should allow user validation during the endpoint and auto-terminate upon user log off. To ensure session management within the apps, a termination procedure should be developed to auto-terminate or allow manual termination. For network communication considerations, any information being transmitted should secure between endpoints through secure encryption means. Other factors considered include platform interaction, code quality, and robustness of the application.

Best Practice Recommendations

In most organizations, the need for mobile devices to manage transactions between the company and the customers is continually growing. However, the primary concern is how security risks are distributed across various applications. Before an application is delivered to the end-user, thorough security vulnerability analysis should be made since it determines the user security acceptance level for the use. Some of the significant considerations for ensuring application security include; writing secure code, debugging for errors, and analyzing vulnerabilities in the early stage of application building (Tripwire, 2019). Creating a reliable system ensures application security through attacks such as reversed engineering. Every unit of data under transmission should be encrypted using the current encryption techniques. Developers should be cautious when relying on third party library collection as can likely form a basis for device vulnerability. Application designers should consider using authorized system APIs only. Unauthorized APIs can potentially become loopholes for the attacker's entry points.

The use of high-level authentication means for an application to ensure essential security measures within the system is a vital aspect. Using cotemporally passwords can be easily bypassed by attackers; therefore, their organization should consider designing applications that need at least three-factor authentication before authorization. The passwords to be set should involve complex alphanumeric compound, which is easy to decode using the available password libraries. Adopting multi-factor authentication ensures the right users are allowed to interact with the system by making it impossible for hackers to impersonate the correct user. Tamper detection systems should be deployed to detect any potential unauthorized entry into the system. If a suspicious user is identified, the system should automatically send a notification to the correct channel. To deal with the issues related to data encryption, best encryption tools and techniques should employ. Penetration testing using the available analysis tool should be applied continuously to assess the application security level as well as setting an incident response plan to deal with potential attacks.

Conclusion

The Government needs to address the various concerns for mobile application security since it's the primary communication channel to its citizens. During the mobile application development cycle, monitoring each step can help minimize future vulnerabilities to the system. Joining the fight against unauthorized access to sensitive information should be the critical goal for application development.

References

Cordell, C. (2019). Bill for mobile-friendly government websites cruises through Senate - FedScoop. Retrieved from https://www.fedscoop.com/bill-mobile-friendly-government-websites-cruises-senate/

Mobile Security Reference Architecture (2019). Retrieved from https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/1151/2016/10/Mobile-Security-Reference-Architecture.pdf

Nineteen of the Coolest Government Mobile Apps | GovLoop. (2019). Retrieved from https://www.govloop.com/community/blog/cool-gov-mobile-apps/

nvlpubs.nist.gov (2019). Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-163.pdf

OWASP/was-msg. (2019). Retrieved from https://github.com/OWASP/owasp-mstg/blob/7b622caae7b4c872f64c82fe37f2351262066ddd/Checklists/Mobile_App_Security_Checklist-English_1.1.xlsx

Tripwire, I. (2019). Top 10 Mobile App Security Best Practices for Developers. Retrieved from https://www.tripwire.com/state-of-security/security-awareness/top-mobile-app-security-best-practices-developers/