Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Feds Muscling Greater Security Out of Tech Firms

    By
    Dennis Fisher
    -
    September 29, 2003
    Share
    Facebook
    Twitter
    Linkedin

      After years of being criticized for failing to lead by example in information security, the federal government last week for the first time used its unparalleled purchasing power to force technology vendors to improve the security of their products.

      Days after the U.S. Department of Energy announced that it had signed an open-ended contract with Oracle Corp. that requires the vendor to adhere to a set of strict security stipulations, Microsoft Corp. officials said they are laying the groundwork for similar contracts in the future. The Redmond, Wash., software developer, however, won a recent contract with the Department of Homeland Security that included no such security provisions, leading some to hit the federal policy as inconsistent.

      Oracles sale of its 9i database software to the DOE had several unique attributes, including the requirement that each copy of the software be delivered in a secure configuration. The configuration is based on a set of benchmarks developed by the Center for Internet Security and released last week. The benchmarks lay out specific actions administrators can take to harden Oracle servers. CIS is also at work on a tool that will audit Oracle installations and score them on their security relative to the benchmarks.

      The deal is worth $5 million in its first phase. Oracle officials declined to say what the deal will be worth. Oracle, based in Redwood Shores, Calif., has a long-standing relationship with the DOE, but company officials said the agency made it clear during this negotiation that security is now a top priority.

      “[Karen Evans, CIO of the DOE] made security very much a part of the discussion. They were very aggressive in getting us to do things we might not have done otherwise,” said Tim Hoechst, senior vice president of technology for government, education and health care at Oracle.

      Next page: More deals on the way?

      Page Two

      The DOE-Oracle contract is the first major demonstration of the governments willingness to use its economic power as a tool to push vendors for security concessions, but it is unlikely to be the last.

      The idea was laid out in detail in the National Strategy to Secure Cyberspace and has been talked about for years inside the government. And with Evans set to take over as CIO at the Office of Management and Budget—which controls the federal governments $59 billion IT budget—within the next few months, more such deals could be on the way.

      Sources said several other major software makers were in discussions with federal agencies about similar sales in which security is a major driver.

      “DOE will be a testbed. The vendors have been working closely with government on this for a while. The software community is interested in averting regulations mandating security,” said John Frazzini, vice president of intelligence operations at security vendor iDefense Inc., based in Reston, Va. “This will get deployed governmentwide. If youre a vendor, this shows that you cant take security passively.”

      With that in mind, Microsoft is working with CIS to develop security benchmarks for its SQL Server 2000 database software and Windows XP operating system in an effort to make them more attractive to the government market, according to Stan Sorensen, director of product management for SQL Server at Microsoft. CIS already has a set of standards for Windows 2000.

      However, the new stress on security hasnt filtered down to every agency. Microsoft in July—two months after the Oracle deal was consummated—signed a $90 million contract with the DHS to deliver desktop and server software, but the contract contains no explicit security stipulations. Thats likely to change soon, though.

      “I think it would be something that DHS and Microsoft should have talked about,” Frazzini said. “After this, Id be shocked if theyre not talking about doing the same thing. They have to.”

      Microsoft officials, meanwhile, maintain that the company will still be able to hold its own in the lucrative government market, despite the increased emphasis on security. “We have been thus far, and I think being able to point to the benchmarks will help,” said Sorensen. “Theres a lot of stuff thats gone on in the last year thats been black marks as far as security, but our willingness to address those things is a positive.”

      Sorensen said the governments increased emphasis on security reflects the current attitude and priorities among all customers. “Customers across the board have become very aware of security, not even just inside the government,” he said. “Everybody is thinking very hard about it—which is why it has such a high awareness level inside Microsoft.”

      Discuss this in the eWEEK forum.

      Dennis Fisher
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×