The Army Software Factory practices the principles of zero trust and identity security in the training it provides to soldier developers.
According to Angel Phaneuf, information security manager at the Army Software Factory, one of the main priorities for the Army Software Factory this year is to train soldiers to develop software using the principles zero trust and identity.
She said the factory is working on a zero-trust security strategy that ensures soldiers who go through its technology accelerator are trained to build security into applications by design, not after the fact.
“The goal is that in the event that we need to deploy a product team to a war zone, we’ve trained them, and we’ve given them all the tools they need, and they understand how to be able to do a zero-trust and zero-identity strategy,” Phaneuf said.
Master Sergeant Joseph Myrick is part of the second cohort of developers at the Army Software Factory. Myrick and his team have developed a preventive maintenance checks and services mobile app that provides access to technical manuals and everything a soldier may need to perform maintenance checks.
Given the sensitive nature of technical manuals and other information in the app, Myrick said a key aspect of developing the app was verifying a user’s identity using a official source of record via the Defense Manpower Data Center.
The secure authorized user verification process added weeks to the app’s development, Myrick said, but was a crucial step before it could be released.
“We don’t work at a classified level or anything like that, but it’s still not the kind of thing we just want widely available on the open internet,” he said.
The app was only the second deployed through the Army Software Factory. Myrick said it has been online for six months and is now in use at Army sites around the world. He said that users are constantly asking for new features, as well as more systems available on the app.
“We’re trying to roadmap for the future,” Myrick said. “We want to take things one step at a time. But in general, our biggest comment is, “That’s great. And we want more. And it’s really exciting.
Phaneuf said users are constantly asking for more data sources to be added to applications, which means developers at the factory often have to work with external organizations to secure access to required data.
“By learning what those pathways are and how to do it in a DevSecOps way, it allows our soldiers to have the opportunity to learn those processes, so that when they’re down in a tactical environment, they can create a app that needs to integrate with something else,” she said.
Matt Tarr, Solutions Architect at CyberArk, says organizations need to strike the right balance between usability and security when adopting zero-trust security principles like least-privilege access.
“We find that the best combination is when we’ve truly identified that end user, but we allow that user’s experience to be seamless, as if there were no security checks,” Tarr said. “I think that’s what we’re all looking for is that we have the end-user experience that allows them to be very flexible and do their jobs efficiently, but guarantee that’s who we are. believe he is behind this use.”
- Technology Initiatives at the Army Software Factory
- Use cases and user experience
- Industry analysis
This program is sponsored by
Please register using the form on this page or by calling (202) 895-5023.