Red Hat, Kryptowire advance mobile application lifecycle security after securing DHS S&T contract



Red Hat and Kryptowire, provider of a military-grade mobile application security testing platform used by federal agencies, announced Wednesday that the companies have been awarded a contract from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to advance mobile application lifecycle security.

Through the DHS S&T Mobile Application Security project, Red Hat and Kryptowire will help to address this mobile security gap by developing a framework for automation of security and privacy compliance in the mobile application lifecycle.

These Mobile Application Security (MAS) R&D projects will be managed by the DHS S&T Mobile Security R&D program, which is part of the Cyber Security Division in the Homeland Security Advanced Research Projects Agency.

The recently launched MAS project is focused on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle. It also is developing a security framework and integrated models that will enable the development of secure mobile apps for mission use by DHS components, other government agencies and enterprise organizations.

Red Hat logo

To do so, the companies plan to collaborate by delivering a Red Hat Mobile Application Platform extension that will use Kryptowire’s mobile application testing capabilities to automatically enforce checks throughout the mobile application development process to enable code and third-party library compliance with U.S. mobile security standards.

Red Hat Mobile Application Platform supports an agile approach to developing, integrating, and deploying enterprise mobile applications—whether native, hybrid, or on the web. The platform supports collaborative development across multiple teams and projects with a variety of tool kits and frameworks. Users gain central control over security and policy management, the ease of Mobile Backend-as-a-Service (MBaaS) integration with enterprise systems, and a choice of cloud deployment options.

Security updates and notifications to address new security or privacy vulnerabilities that affect an application while it is already deployed, enabling end-users to more quickly address new threats. Updates can be enforced in several ways, including user notifications and denial of back-end services. Red Hat and Kryptowire propose augmenting the support for security notifications and updates by including additional re-usable services in Red Hat Mobile Application Platform.

Optimization of Kryptowire’s mobile application certification platform for Red Hat Mobile Application Platform’s processes, with a goal of creating a commercial solution that will improve end-to-end mobile security solutions throughout DHS and other U.S. government agencies.

In May, DHS S&T announced the findings of its “Study on Mobile Device Security”, conducted in coordination with the National Institute of Standards and Technology and its National Cybersecurity Center of Excellence.

According to that announcement, “[t]he study found that the threats to the Federal government’s use of mobile devices—smartphones and tablet computers running mobile operating systems—exist across all elements of the mobile ecosystem. These threats require a security approach that differs substantially from the protections developed for desktop workstations largely because mobile devices are exposed to a distinct set of threats, frequently operate outside of enterprise protections and have evolved independently of desktop architectures.”

“Mobile devices—including smartphones and tablets—are used across government agencies, but these devices and the mobile apps that run on them require a unique approach to security. This DHS S&T Mobile Application Security project aims to help address this security gap with an approach to mobile app security that can serve as a best practice across U.S. government agencies,” said Paul Smith, senior vice president and general manager, Public Sector, Red Hat. “We are excited to collaborate with Kryptowire to help the U.S. government provide automated enforcement of government security standards in mobile apps and, through this automated approach, help minimize human error during application releases.”

“Kryptowire’s mobile app software assurance technology can now be used during every stage of the software development lifecycle,” said Angelos Stavrou, CEO, Kryptowire. “Enterprises will be able to analyze the mobile apps they develop in-house, to ensure they meet the same internationally recognized security requirements used for classified and national security systems.”

Leave a Reply

WWPI – Covering the best in IT since 1980