Access Makes Headway


It's all about access,the access federal government customers seek to both provide and exclude: allowing legitimate parties inside critical data systems and excluding those who'd abuse that privilege.

And it's all about another kind of access: the key access VARs provide to vendors to deliver to those federal customers the very latest innovations in authentication-security solutions,one of the fastest-growing, in-demand IT industry niches in the government.

Projections indicate that the U.S. government will spend $4.2 billion on information security in fiscal year 2003 and is requesting $4.7 billion for fiscal year 2004, according to Chantilly, Va.-based Input, a business-marketing services/research firm that tracks government spending opportunities. Authentication-security tools are a critical, driving factor in the growth, industry leaders say, especially as the federal government increases its demand for open-ended Web-enabling technologies that are subject to greater security lapses. And once federal customers see the cost savings derived from the lack of security-breach-related downtime, interest in these products should only grow, industry experts say.

"One of the major growth areas will be security products that enable secure Web services," says David Gross, CEO of Sterling, Va.-based Cryptek, a top provider of network security and a large government contractor. "In particular, there's a need to provide the ability for disparate organizations to share information but still be controlled by a strong central manager. I think the next two years will see the coming of age when it comes to these technologies,not only because of the security benefits they provide but because of the reduction in total cost of operations that managers will see." Cryptek has partnered with integrator/VARs such as Armonk, N.Y.-based IBM.

Also spiking interest in the field: a recent U.S. Federal CIO Council decision that is paving the way for a unified policy on intergovernment electronic authentication. A unified policy often means that opportunities will be plentiful,but only for a chosen few. As a result, vendors and VARs who drag their feet may find themselves on the sidelines. So the time to bring out the latest, most effective, integrated solutions is now.

Many are already in the thick of the action: Schlumberger-Sema, a New York-based information security solution provider, was among the first companies to get into the game in the new era of domestic and global alerts, having supplied smart ID cards to the Department of Defense (DoD) since September 2001. The cards, called Common Access Cards, are Java-supported, with several applets loaded to securely identify and authenticate the card holder. The cards essentially "match" credential information contained on the smart ID card to that on the DoD's access-allowed databases. The department is using the cards, for example, to allow employees to log on to Windows and send e-mail. Partnering with VARs such as Plano, Texas-based Electronic Data Systems and Reston, Va.-based Maximus, SchlumbergerSema has so far rolled out more than 1.75 million cards, and the company expects to have 4 million cards in use among DoD customers by the end of this year.

Transportation also will be a potentially big customer in the near future, as federal aviation officials appear eager to pursue a smart-card-driven Known Traveler or Registered Traveler program, which will allow transportation officials to register willing travelers either online or at airport kiosks, qualifying them for "smart" biometric-based travel ID cards. The bonus for the traveler? He or she will be able to avoid long security lines by securing a de facto "preferred passenger" status.

Fremont, Calif.-based ActivCard,which both partners and competes with SchlumbergerSema for business,is also quickly establishing itself as a top vendor of smart card software to Department of Defense customers, selling 1.6 million copies of its ActivCard Gold software to the DoD. That's a deployment of 11,000 smart cards a day, and, like SchlumbergerSema, ActivCard works through VARs. The company is also hoping to provide smart cards to DoD agencies that deal with veterans and dependents of military personnel, which represent an additional pool of 17.7 million people who could conceivably get the cards. Likewise, ActivCard expects commercial business prospects to grow, based on proven success in the government market.

"The U.S. government is making an enormous investment in smart-card-based ID badges for military and civilian personnel," says Ed MacBeth, senior vice president of marketing and corporate development at ActivCard, "and it's only a matter of time before that momentum rolls into commercial spaces. Industry leaders are demanding better security as part of business-process improvements and greater user convenience."

Beyond Smart Cards
But the solutions involve far more than smart cards. In fact, the technologies being developed seem like something brewed in a James Bond movie. Ensure Technologies, an Ann Arbor, Mich.-based information security provider, has now come out with an updated version of its XyLoc, which can actually sense when a person is at the PC workstation,and when he or she gets up for a cup of coffee. This is achieved via a wireless application in which the XyLoc system recognizes a data-encoded badge being worn by the user. As soon as the user walks away from the workstation, XyLoc secures the computer and its apps until the user returns. Federal customers now using XyLoc include the Department of the Interior, Department of Veterans Affairs and the Marine Corps.

"Organizations could force their users to manually log off the network each time they leave their computers, but how many users will actually comply with this rule each time they walk to the printer?" says George Brostoff, president of Ensure, which works with VARs such as Fredericksburg, Va.-based Advanced Broadband Solutions.

As often is the case with a hot industry niche, rising demand breeds new channel alignments to better position vendors and VARs: Sterling, Va.-based Kasten Chase, a top storage-area network (SAN) security vendor, has recently announced its own major expansion of its federal government channel program by adding three new VARs: Virginia Beach, Va.-based Electronic Systems, McLean, Va.-based iGov.com and Springfield, Va.-based Video and Telecommunications. With this, Kasten Chase is looking to bring its RASP Data Security solutions to the GSA schedule.

The VARs involved bring special talents to the table. With customers such as U.S. Customs and the Department of Justice, Video and Telecommunications has valuable experience in providing security access to information on remote networks. iGov.com recently was awarded an information security contract by NASA's Scientific and Engineering Workstation Procurement and holds several key governmentwide work orders that serve multiple agencies. It's planning to introduce Kasten Chase's Assurency Enterprise Security and other products to those vehicles.

All that will help sell authentication and encryption solutions in yet another subsegment of this industry niche, that of SAN control. SAN deployment is growing exponentially and extending outside the data center, creating "SAN islands." These islands are distributed storage networks, connected over long distances to create a single virtual SAN with centralized storage management. But given the very nature of the infrastructure, when it comes to SAN islands, the possibility of an intrusive strike is elevated.

"Confidential data assets are far too readily available in the storage area network and open to corruption, theft, unauthorized disclosure and other forms of attack," says Hari Venkatacharya, senior vice president of secure networked storage at Kasten Chase. "Employees or other insiders can cause a host server or host bus adapter to mimic other, more privileged devices. They gain full access to data on additional drives on the storage area network. Data is often exposed to undue risk as a result of human or systemic errors during storage area network installation, configuration or upgrade,or from merging storage area networks," he says.

"Such errors can result in unauthorized host servers capturing data for which they have no rights of access. Managing vast amounts of data brings its own challenges, not least of which is the need to secure these valuable assets. An insecure storage area network could be a launchpad for an attack on an Internet provider network, which is otherwise well-defended."