Microsoft and Cisco To Offer End-to-End Security With SOA Initiative
With Microsoft's Active Directory at the core, users are identified as members of a particular "community" or virtual local area network (VLAN) when they log on to the system. That identification helps determine where and how information filters through the various components of the system, with assigned communities adjusting "how users see the world," said Chris Shenefiel, central government industry solution manager at Cisco.
The theory is that security won't be compromised because data will never reside in a single universal pool, but rather will be partitioned, in a sense, from creation through its life cycle according to user credentials.
"We heard from a lot of customers that didn't want to pull out their entire environment -- networks and applications and storage -- to incorporate a security [solution], but also didn't want to add on a whole bunch of different [isolated] products," said Eric Rosenkranz, Microsoft's public sector industry manager.
Those customers wanted to know how security could be integrated across the architecture, supporting legacy systems as well as new technology introduced into the environment, he added.
The solution incorporates four layers of security: Access Protection Services secure the perimeter by authenticating all computers and devices logging into the network; Content Protection Services secure the exchange of information between collaborative applications;Data Protection Services secure information at rest, whether on the client or in storage; and Watchdog Services secure the system from intrusion detection and unauthorized access.
An alliance of vendors supporting the initiative, which is still in the formation stage, will target the federal government with the service-oriented architecture first, then the rest of public sector and eventually all other market segments.
EMC supports the initiative with its data storage center offerings, and DeCru encrypts data as it flows from switches to disk with a different encryption key assigned for each community. More vendors are expected to join the alliance once the initiative rolls out formally.
"We have Microsoft and Cisco coming together to offer a reference platform that partners can then build upon according to the needs of the customers," Shenefiel said. Qualified partners can incorporate other technologies as components of the architecture, migrate legacy components and potentially support the complete package as a managed service.
Currently under evaluation by select customers, more information about the initiative will likely become available during the course of the next couple of months, with widespread availability expected for June. Customers will be able to incorporate all network, application and security components into the architecture at once, or take a more piecemeal approach.
"Customers know network modernization, and they know SharePoint implementation," Rosenkranz says. "But we are providing a vetted platform for avoiding the headaches associated with making them work together in a single secure environment."