Consortium offers answers in the form of architecture.
High-ranking U.S. Department of Homeland Security officials review key information during a teleconference briefing. The ability for government agencies to share and protect sensitive information may be key to effective disaster response as well as other internal and external operations.
The requirement to protect information and the necessity to share information frequently conflict, but government and industry obligations to do both effectively, efficiently and simultaneously now are connecting these two near opposites. A partnership of companies, both large and small, is combining resources and skills to enable the government to provide information to those who need it while denying access to those who do not.
Cisco Systems Incorporated, Microsoft Corporation and EMC Corporation have aligned to offer a comprehensive technology architecture to the federal government to help protect and share information within and among agencies. Together with the technology vendors Liquid Machines, Swan Island Networks and Titus Labs, the companies have formed the Secure Information Sharing Architecture (SISA). The alliance is founded on the idea that no one company or government agency alone can reconcile the need to distribute and safeguard sensitive data. “Those two requirements—the need to protect information and the need to share information—are actually in conflict,” says Eric Rosenkranz, industry manager in the Microsoft Public Sector. To solve the problem, unique partnerships across industry and government are necessary.
The SISA alliance has two main components: the availability of an architecture to meet the information sharing and protection requirements and the business structure of the alliance itself. Microsoft, Cisco, EMC and the other SISA partners spent two years working collaboratively to develop an initial release of an architecture to meet the needs of clients. Rosenkranz describes the architecture as a “cookbook” that helps the commercial products of the companies work together to share and protect information more effectively. “The architecture that we’ve developed is essentially a set of configurations that helps our commercial products work together to accomplish both information protection and information sharing,” Rosenkranz states. The SISA alliance has expressed that architecture in the form of an optimized configuration setting versus a prescriptive architecture.
Various customers have different sets of investments already in place. “We want to take advantage of that and add in any new components they need,” he says. Rosenkranz explains that the alliance members want the government customers to look at the network architecture and at the cookbook to help these clients determine what they need to accomplish while using what they already have.
The SISA companies have decided to scale their work by providing a business alliance structure that includes configuration management of the solution and the development of a training and certification program to invite systems integrators to go to market with the alliance. The SISA partners expect the alliance to grow significantly as more integrators come on board to deliver the architecture solutions to the clients.
The integrators will analyze what SISA has produced and what the customer needs. Every analysis will be different, even within one military branch, because of the various technical investments in different areas. The integrators can take the architecture and connect it back to a well-coordinated development strategy for customers.
Mas Nawaz, federal business development manager, Cisco, explains that the large company partners are offering infrastructure optimization. The alliance brings customers the optimization in a secure platform. The terrorist attacks in 2001 and natural disasters such as Hurricane Katrina have changed the scope of how government agencies handle information across their own boundaries and with other organizations. Nawaz shares that the government is looking for commercial off-the-shelf (COTS) based solutions and for technologies that already are being used. These government clients want to use COTS-based technology to ensure whom they are sharing information with and to assure trust in partner communities.
For example, a large federal organization may be struggling to keep sensitive information in check while simultaneously working to meet imperatives to share information better within the communities of trust inside and outside of the organization. The first step in finding a solution is to examine the communities of trust inside the organization. A group of human resource professionals may need to work across various departments in the organization to share sensitive but not classified information. The same large organization may need to share with communities of trust that include outside agencies as well. The large organization would examine what each smaller group within it needs and then assess the architecture to determine how to implement it most effectively. Rosenkranz says that the large organization would probably choose a few new capabilities to deploy.
SISA spans four layers of security services: access protection, content protection, data protection and watchdog protection. Nawaz explains that SISA combines the security expertise of leading information technology companies to ensure security policies are in check across multiple information technology layers, a process that is necessary for secure collaboration. Rosenkranz adds that SISA also makes use of existing customer investment in software, storage and hardware, helping those investments work together in new ways to create better security. In the past, clients may have made decisions to add individual security components to their architectures. SISA takes a comprehensive approach to protect information in use, in flight and at rest. SISA multilayer security architecture helps ease the setting up of different communities of trust so government agencies can collaborate more effectively, and SISA also provides a road map to accomplish these protections at a reasonable cost using standard commercial products.
SISA alliance officials believe they can work with many of their customers to drive toward interoperability. Not only will products interoperate, but best practices from a configuration perspective and standardization of how organizations are using technologies also will increase safe sharing.
Other work by the alliance includes optimizing configurations between networking equipment and storage. Nawaz explains that government agencies are looking for better ways to accomplish data center consolidation, and that all work can be done under a single virtual environment that has storage capability. SISA can create virtual storage area compartments in one virtual storage area where no other groups will be able to access sensitive information. Instead of using multiple physical storage environments, agencies can use one physical storage area broken up into virtual storage environments, and users can have access where they must. The separate components are really data at rest protection technology to keep data separated. This one-area storage capability will reduce storage costs.
The work is consistent with e-government initiatives and business and infrastructure consolidation. However, to enable the consolidation, SISA members have to convince data owners that their data will be safe in a shared infrastructure.
In addition to helping federal organizations work together, SISA alliance members had to find an efficient way to do business among themselves. The alliance partners agreed to work under a process in which they formed a joint program office and hired a third party company—Addx Corporation—to be the coordinator of the group. Addx is a principal provider of information and management science services. The company is responsible for the configuration management of the actual architecture, the creation of the training and certification system for delivery partners and the coordination of marketing and sales activities for the SISA alliance.
Nawaz explains that the joint program office is responsible for updating the configuration and road map of new software and products that companies will develop. The alliance is dedicated to learning about new technologies and not relying on current capabilities. Members aim to change the blueprint as the marketplace evolves.
Despite private industry blazing the path forward on this type of collaboration, SISA actually got its start from a government client who was working simultaneously with Cisco, Microsoft and EMC on three separate projects involving the deployment of software, network challenges and storage consolidation. Rosenkranz explains that the client brought representatives from the three corporations together and told them they needed to look at the problems across the board. “That was really the way this came together,” he shares.
Nawaz and Rosenkranz agree that the alliance formed naturally. The companies already have business partnerships in place in many areas, and the work they do fits together. Nawaz shares that the way he looks at it, by the time a user is creating a document, it has to be stored. “You can look at creating, storing and network all together,” he says.
Now that the alliance and the architecture are in place, the next step is for the government to take advantage of the offer. Grace Mastalli, the former director of the Information Sharing and Collaboration Office at the U.S. Department of Homeland Security (DHS), says SISA will help the government as much as the government will let it. “In many respects, the federal government has outsourced huge amounts of work in the information control, information sharing and the entire IT domain,” she explains. “And one of the key points that SISA recognized was that the big IT-related megaliths were repeatedly being asked to do the same thing by different federal agencies over and over again with a slightly different set of requirements.” The federal government has been working to reform policy to make it easier and more cost effective for technology to be an enabler of policy rule and requirements. According to Mastalli, SISA put together a multivendor architecture for the information sharing and collaboration environment so federal agencies avoid having to create their own.
In addition to her position within DHS, Mastalli served as the initial chairperson of an interagency workgroup to identify and address solutions for sensitive but unclassified information. With hundreds of classifications, markings and handling requirements to deal with, automating and protecting that type of data and sharing it in a digital environment are major problems for government and business. “I see this consortium as a very, very welcome effort to bring together some of the big players and some of the most creative small players to address, of course, not just a government problem but a global problem with developing ways to protect, safeguard and share information,” Mastalli says.
She also shares that people are unsure about with whom they can share sensitive or controlled information because of complex policy rules. SISA is helping officials understand that they can put together a policy-based architecture that provides multiple layers of protection. The architecture shows federal government agencies that they can determine the policy drivers and requirements. It offers the multivendor, multilevel architecture to help create an information sharing environment that is available to respond to whatever needs clients have, and it does not require agencies to throw out what they have or start from scratch.
“The beauty of what SISA has tried to do is to enable information sharing among agencies building upon whatever their existing hardware, software and storage platforms are,” Mastalli states. “The most important key of it is the interoperability with other existing systems.” The architecture is not a “plug and play” solution, but it does integrate with technologies currently in place. Part of the problem for the government has been its creation of “cylinders of excellence” in which information remains in the cylinder because of issues such as procurement practices and policy differences. To overcome the problem, the government needs a solution that enables collaboration among any partners from a fusion center in
She explains that SISA saw the government’s conundrum, understood it and understood the extent to which the contracts awarded to companies in the alliance were contributing to the issue. Then, it tried to solve the problem. “It is not a perfect solution, but it is certainly a paradigm shift—both in terms of how it was developed and how it’s being offered—from the way the federal government as well as other entities have been trying to address this solution,” she states. She also believes that SISA represents a corporate culture shift that has immense potential as a model for major corporations moving forward. She hopes the business model is a harbinger for business practices.
For their part, the SISA alliance partners plan to bring the architecture into the future by focusing on good, quality execution in the near term and working with the joint program office and other companies to evaluate where to go next.
SISA Demonstration: www.microsoft.com/industry/government/sisa/dod_sisa.html
Addx Corporation: www.addxcorp.com