The landmark contract that the U.S. Air Force signed with Microsoft Corp. and Dell Inc. recently not only will make that organizations systems more secure but also will make it easier for other federal agencies to lock down their own networks.
Under the terms of the multiyear deal, the two companies will deliver thousands of securely configured desktop PCs and servers to the Air Force, along with a wide variety of support services.
The bulk of the software will be configured and delivered by the middle of next month, and Microsoft and Air Force personnel will then begin testing how the configurations affect existing applications and services. Once that process is complete, other federal agencies will be able to use the results as a template for their security efforts.
“This puts money on the table not just to secure the systems but to keep them secure. They made it an incentive for Microsoft,” said Alan Paller, director of research at The SANS Institute in Bethesda, Md. “Its been so long that weve waited for something like this.” One clear indication of how important this purchase is to Microsoft is the fact that CEO Steve Ballmer has been monitoring the project himself.
The contract represents a milestone in the way that government agencies buy technology for several reasons, and not just for the Air Force, industry observers say. Most important, the fact that the service is making security a requirement during its procurement process is prima facie evidence, at least in some corners, that the federal government is taking security seriously. Also, combined with the contract that the U.S. Department of Energy signed last year with Oracle Corp., the Air Forces move serves as notice to the vendor community that security is among the top priorities on federal agencies IT agendas.
The contract with Microsoft, of Redmond, Wash., consolidates 38 separate contracts the Air Force had and, in addition to the software, includes a large amount of on-site services from Microsoft. The companys consultants will be involved in developing and implementing the Air Forces organizationwide security policies and programs, including extensive testing of software updates and patches.
The combined value of the six-year contract could go as high as $500 million.
The agreements cover a variety of Microsoft products, including Windows Server 2003, SQL Server, Exchange Server, Systems Management Server and SharePoint Portal Server. Air Force personnel will also have the option of buying personal licenses at a reduced rate.
In September 2003, the Energy Department signed a long-term contract with Oracle requiring the vendor to deliver its database server in a secure configuration developed by the Center for Internet Security. That configuration option is also available for other organizations to use.
Elements of the USAFs contract with Microsoft and Dell
- Standardized, secure desktop and server configurations
- Timely distribution of patches and updates
- Systems security vulnerability management
- Integration and interoperability support