In-Depth

Industry Heavyweights Partner to Promote Secure Computing Infrastructure

Can the combined will of Microsoft, Cisco, and EMC overcome the ingrained inertia of government bureaucracy?

• By Stephen Swoyer
• 07/17/2007

Yet another industry alliance is in the works.

The Secure Information Sharing Architecture (SISA) is a new consortium that includes Cisco Systems Inc., EMC Corp., and Microsoft Corp.. SISA positions itself as a broad effort to develop an information-sharing architecture to help secure government data.

The idea, partner members explain, is that SISA will define a standard for both securing and sharing information across traditional organizational and jurisdictional infrastructure boundaries. Proponents use the example of a pandemic or similar health crisis. Using SISA, public health officials can quickly and securely tap into and monitor confidential data about pandemics stored in government-agency and private-sector databases.

Not surprisingly, each of SISA proponents has a sizeable stake in the effort’s success. Cisco, for example, will provide network protection, security-enhanced virtualized network links, and data-protection features. EMC, for its part, will supply the storage muscle—including network storage and information management and security software. Microsoft’s plans to provide identity management, a collaboration framework designed to keep content in the hands of authorized users, and—of course—the requisite client and network operating systems.

SISA is as notable for the vendors not represented in its rolls as it is for those that are. Hewlett-Packard Co., IBM Corp., Oracle Corp., and Sun Microsystems Inc.—all of which have axes to grind with one or more SISA members—haven’t yet enlisted in the effort.

On the other hand, says industry watcher Charles King, a principal with consultancy Pund-IT, an effort such as SISA has been a long time coming.

“Well before September 11, 2001 the U.S. government pursued numerous unsuccessful efforts to aggregate and share data more effectively within and between agencies. Since then, the issue has taken on considerably more urgency but generated little in the way of success,” he points out, citing several high-profile cases involving the theft, loss, or disclosure of sensitive information.

“In addition, some efforts to institute systematic solutions aggregating and sharing information (such as the FBI’s Virtual Case File program that was junked in 2005 after wasting four years and $170 million in taxpayer funds) qualify as classic government boondoggles.”

The good news, King says, is that SISA takes a different tack. “The SISA alliance partners hope to change the game by focusing instead on fundamental architectural issues,” he indicates.

This is a departure from the status quo. “In the past, efforts to protect and share information typically have been initiated agency-by-agency and enforced system-by-system, a methodology virtually guaranteed to establish and preserve impregnable islands of data,” King argues. “In comparison, the SISA alliance aims to change that by creating a comprehensive, multi-vendor architecture leveraging common, off-the-shelf components. Participating agencies can use SISA to set up and operate security-enhanced virtual networks that allow authorized individuals and communities to safely access and share sensitive information.”

Nevertheless, King isn’t completely sanguine about SISA’s chances of success.

“On the down side, the SISA effort faces the daunting prospect of deeply ingrained government agency cultures suspicious of any sort of change. Yes, some previous data-sharing efforts stumbled due to technical error, but we expect that others suffered from the benign neglect or active resistance of those they were meant to help,” he indicates.

“More optimistically, however, history and current events may be helping to spark a sea change that could erode, or even wash away, such obstructions. As pressure for effective information sharing increases from overarching agencies, such as the Department of Homeland Security, the results of inadequate solutions similar to those employed in the wake of Hurricane Katrina and potential impact of disasters such as an avian flu pandemic have focused intense light on the subject.”