Three IT giants — Cisco Systems, EMC and Microsoft — have formed an alliance to create a new common IT architecture for sharing and protecting sensitive government or business information, representatives from all three companies told eWEEK July 9.
The alliance was born of a shared project with the Department of Defense, during which the companies designed and engineered the so-called SISA (Secure Information Sharing Architecture), a new security-enhanced, end-to-end information-sharing design framework. The nature of the DOD project was not revealed.
SISA combines applications (Microsoft SharePoint, Exchange, identity management and others), storage infrastructure from EMC, and networking and data protection products from Cisco Systems to move and protect the flow of sensitive information in the DOD project.
This SISA blueprint will trickle down into other government projects and eventually into enterprise IT, a SISA spokesperson said.
Historically, government information protection has been enforced in individual systems, creating islands of protected data. Some government agencies have problems providing role-based access to sensitive information within their own organizations, and the problems become much more difficult when sharing sensitive content across different agencies, the spokesperson said.
“As we got into the project, and some time had gone by, we all realized that we were working separately on something that we really needed to do together,” Mas Nawaz, federal manager at Cisco Systems told eWEEK.
“This project was definitely bigger than just any one company. We realized that we needed a common framework to make this work, and we all had the different expertise to do it.”
They (the DOD) knew what they needed, but they hadnt written the requirements around it, said Francie Kress, partner manager at EMC.
“We had to do a proof of concept in a lab, then walk though scenarios, etc. Even though they needed to do it, they hadnt really thought through a lot of that,” Kress said.
The SISA architecture offers a consistent method for moving data across old organizational and jurisdictional IT infrastructure boundaries, so that sensitive human resources, financial and other critical information can have increased protection and be shared among authorized communities more effectively than if they were not to deploy SISA.
Data is secured even before its created, Nawaz said. “The security starts as the user comes onto the network; SISA makes sure the authentications are correct for accessing portions of the network from the beginning,” he said.
“The information that would be used in this system is for critical decisions; it will be medical records, life-critical information, or acquisition information, for example,” Eric Rosenkranz, industry manager for e-government at Microsoft, told eWEEK.
“It might be used, say, in the bidding for an aircraft-building project, or other very sensitive government and business undertaking that needs to be highly protected yet shared among those who need to see it.”
Rosenkranz also said that SISA also will enable data downloaded onto USB drives by employees to be controlled. “This data can be protected by putting a SISA policy enforcement in place that would stop the user from putting data onto a USB drive,” he said.
By utilizing the SISA blueprint, government agencies can more easily set up security-enhanced, virtual networks for different authorized users and communities to access sensitive files stored in different information protection systems, the spokesperson said.
For example, in the future SISA could be deployed to allow public health officials to monitor confidential data on pandemics found in different government agencies and private sector databases, and coordinate necessary response efforts with both government agencies and critical private sector partners, the spokesperson said.
While government is attempting to break down the barriers between organizations to enable information sharing, it is also struggling with numerous high-profile data loss incidents, said Steve Cooper, former chief information officer for the Department of Homeland Security.
“Breaking down barriers between government and partner organizations will require better confidence in the ability to keep information in the hands of only the appropriate users,” Cooper said.