Cisco, EMC, and Microsoft Deliver Blueprint For Secure Data Sharing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Cisco, EMC, and Microsoft Deliver Blueprint For Secure Data Sharing

The consortium will help federal government agencies develop IT networks and systems that more efficiently and securely share information.

The companies envision the combination of their technologies being used to help the federal government share sensitive but unclassified acquisition, financial, HR, law-enforcement, and other information between agencies and with commercial contractors. A typical scenario, as described by Microsoft's Rosenkranz, might include a government worker who needs to communicate information about a possible terrorist threat via e-mail. Before that sensitive information is sent, that worker needs to know that the information will be kept confidential wherever it goes, even after he sends his message. Systems set up according to the Secure Information Sharing Architecture will allow that worker to create a policy that governs who has access to the contents of that e-mail, even after it leaves the worker's computer.

What the federal government should look to avoid are large, long, and expensive projects that require a lot of custom coding. There are dozens of examples of these, including the FBI's Virtual Case File system and Homeland Security's $350 million Homeland Secure Data Network -- called a "network of networks" back in 2004 -- which promised to link that department's networks with those in the Justice, State, and Energy departments.

Mastalli knows the days of those dinosaur projects are numbered. "Immense amounts of energy have gone into trying to construct a system of systems or a network of networks as an interoperable information sharing system," said Mastalli, who served 30 years in the federal government, including 18 with the Justice Department. These projects involved a lot of contractors and a lot of different policies about how data should be shared and secured, and no one was in a better position to see the damage this caused than the three companies that created the SISA alliance. "What Cisco, EMC, and Microsoft realized is that they were continually being hired [by the government] to create more problems for the federal government as they worked with different agencies on their different requirements," she added.

In fact, Mastalli's work for the federal government exposed her to at least 310 different statutory authorities -- including the Privacy Act and the Homeland Security Act -- that dictated how information could and should be shared and secured. "This created extraordinary complexity," she said.

To provide an example of how federal government data sharing has worked in the past, Mastalli cites 1997 amendments to the Clean Air Act that required companies in the chemicals industry to provide the federal government with worst-case scenarios that could take place at their chemical plants. "Those of us who worked in national security and counterterrorism saw the data being collected as a roadmap for terrorism," she said. "How do you give this information to those with a need to know while protecting it from people who would use it for nefarious purposes?" The government's answer was to make hard copies of the data available to law enforcement agents who had to sign out the documents from a library rather than taking any security risks and sharing the information online.

This example may be a decade old, but the government's effectiveness at sharing information hasn't changed much. "The solution for making information sharing available and secure will never be perfect, but when you realize that the greatest single barrier is the lack of trust of what will happen to the information after you lose control of it, then having digital rights management and a common understanding of how policies can be implemented goes a long way toward undercutting the rationale for not sharing information," said Mastalli, who's now launching a business consulting firm called Ethos International Inc.

The key to simplifying the process -- and to the new architecture -- is to let the technology companies focus on the technology while the government agencies work to set and enforce policies around data sharing and security.

SISA also has a lot of potential to serve private-sector businesses. "We do see this moving into the commercial market and moving global," Francie Kess, partner and manager with EMC's federal division, told InformationWeek, adding that both the public and private sector can benefit from blueprints that help them more efficiently use the significant investments they've already made in technology from Cisco, EMC, and Microsoft.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Flash Poll