The Army Software Factory is putting zero trust and identity security principles into practice as part of the training it provides to soldier developers.

One of the Army Software Factory’s major priorities this year is training soldiers to develop software using zero trust and identity principles, according to Angel Phaneuf, chief information security officer at the Army Software Factory.

She said the factory is working on a zero trust security strategy that ensures soldiers who go through its tech accelerator are trained to embed security into applications by design, not as an afterthought.

“The goal is that in the event that we need to deploy a product team out into a war zone, that we have trained them, and we’ve given them all of that the tools that they need, and they understand how to be able to do a zero trust and identity strategy,” Phaneuf said.

Master Sgt. Joseph Myrick is in the second cohort of developers at the Army Software Factory. Myrick and his team have developed a Preventative Maintenance Checks and Services mobile application that provides access to technical manuals and anything else a soldier may need to conduct maintenance checks.

Given the sensitive nature of technical manuals and other information in the application, Myrick said a key aspect of the application’s development was verifying a user’s identity using an official source of record through the Defense Manpower Data Center.

The process of securely verifying authorized users added weeks to the application’s development, Myrick said, but was a crucial step before it could be released.

“We’re not working on a classified level or anything like that, but it’s still not the kind of thing that we just want broadly available on the open internet,” he said.

The application was just the second one deployed through the Army Software Factory. Myrick said it’s been online for six months and is now in use at Army locations across the world. He said users are constantly asking for new features, as well as more systems to be available on the application.

“We’re trying to roadmap for the future,” Myrick said. “We want to take things one step at a time. But generally, our biggest piece of feedback is, ‘This is great. And we want more.’ And it’s really exciting.”

Phaneuf said users are constantly asking for more data sources to be added to applications, meaning the factory’s developers often have to work with outside organizations to secure access to the required data.

“By learning what those pathways are, and how to do it in a DevSecOps way, it’s allowing our soldiers to get the opportunity to learn those processes, so that when they are downrange in a tactical environment, they’re able to build an application that needs to integrate into something else,” she said.

Matt Tarr, a solutions architect at CyberArk, says organizations need to strike the right balance between usability and security as they adopt zero trust security principles like least privilege access.

“We find that the best mix is when we truly have identified that end user, but we allow that user’s experience to be seamless, like there were no security controls at all,” Tarr said. “I think that’s what we’re all looking for is that we have the end user experience that allows them to be very flexible and to do their jobs efficiently, but guarantee it is who we think it is behind that usage.”

Learning objectives:

• Technology Initiatives at the Army Software Factory
• Use Cases and User Experience
• Industry Analysis

This program is sponsored by   

Complimentary Registration
Please register using the form on this page or call (202) 895-5023.