Recent interest in information-sharing among government collaborative applications has created a related interest in security. That's especially true as the progression toward information-sharing exposes new vulnerabilities for hackers and cyber terrorists to exploit. Data can pass through perimeter security, encrypted so that security administrators can't spot an attack, according to Waltham, Mass.-based vendor Okena.
Okena's products protect networks by defending both host and network systems, which include servers and desktops, against attacks regardless of whether they originate externally or from inside a company's security perimeter. If the Department of Interior, for example, is providing critical information to Justice officials about a national park or memorial that's in danger of a terrorist assault via instant messaging, a lack of security could make that communication actually enhance the likelihood of damage, rather than prevent damage.
"Unfortunately, the nature of the intent -- sharing information -- may serve as the greatest weakness," says John Noonan, vice president of business development for Okena, which is supplying its products to Unisys, among others, for resale. "From a security standpoint, information-sharing initiatives such as those powered by Web servers, e-mail and instant messaging, can actually allow attacks or hackers to circumvent traditional security technologies designed to protect them. These technologies often require an open gateway through firewalls and other perimeter security for the communication to take place."
Noonan says VARs are in a position to provide software products that could serve as templates for entering general information that could be disseminated securely over the information-sharing applications.
Among VARs implementing Okena products, Woodbridge, Va.-based reseller KeyCrest Enterprises (www.keycrest.com) cites efforts such as the Federal Aviation Administration's "Project Matrix" as one lending more opportunities for security products. Project Matrix is intended to help civilian agencies prioritize efforts to protect the nation's infrastructure by, among other tasks, identifying interdependencies among agency assets and other government/private assets. "While the federal government has focused on critical infrastructure protection since 1998, this is the first major effort to coordinate efforts cooperatively across agencies," says Laurie McQuillan, vice president of operations at KeyCrest. "In previous efforts, various government agencies such as the Office of Management and Budget have asked for information. But the information flow has largely been one-way, and has often been used to evaluate agency security efforts rather than to help with those efforts. With an effort like Project Matrix, the most critical need is going to be collecting, storing and managing a huge volume of data related to agency IT assets. In many government agencies, there is no central repository for IT asset information. In fact, many agencies do not even have such an inventory. So finding out what assets they have and where they are located is going to be a huge challenge."
Dennis McCafferty is a freelance writer for VARBusiness. He can be reached at firstname.lastname@example.org.