The DOE-Oracle contract is the first major demonstration of the governments willingness to use its economic power as a tool to push vendors for security concessions, but it is unlikely to be the last. The idea was laid out in detail in the National Strategy to Secure Cyberspace and has been talked about for years inside the government. And with Evans set to take over as CIO at the Office of Management and Budgetwhich controls the federal governments $59 billion IT budgetwithin the next few months, more such deals could be on the way."DOE will be a testbed. The vendors have been working closely with government on this for a while. The software community is interested in averting regulations mandating security," said John Frazzini, vice president of intelligence operations at security vendor iDefense Inc., based in Reston, Va. "This will get deployed governmentwide. If youre a vendor, this shows that you cant take security passively." With that in mind, Microsoft is working with CIS to develop security benchmarks for its SQL Server 2000 database software and Windows XP operating system in an effort to make them more attractive to the government market, according to Stan Sorensen, director of product management for SQL Server at Microsoft. CIS already has a set of standards for Windows 2000. However, the new stress on security hasnt filtered down to every agency. Microsoft in Julytwo months after the Oracle deal was consummatedsigned a $90 million contract with the DHS to deliver desktop and server software, but the contract contains no explicit security stipulations. Thats likely to change soon, though. "I think it would be something that DHS and Microsoft should have talked about," Frazzini said. "After this, Id be shocked if theyre not talking about doing the same thing. They have to." Microsoft officials, meanwhile, maintain that the company will still be able to hold its own in the lucrative government market, despite the increased emphasis on security. "We have been thus far, and I think being able to point to the benchmarks will help," said Sorensen. "Theres a lot of stuff thats gone on in the last year thats been black marks as far as security, but our willingness to address those things is a positive." Sorensen said the governments increased emphasis on security reflects the current attitude and priorities among all customers. "Customers across the board have become very aware of security, not even just inside the government," he said. "Everybody is thinking very hard about itwhich is why it has such a high awareness level inside Microsoft." Discuss this in the eWEEK forum.
Sources said several other major software makers were in discussions with federal agencies about similar sales in which security is a major driver.