Government security breaches bring work to channel

By Colin Steele, Features Writer 28 Jun 2007 | SearchSecurityChannel.com

Channel News Update Digg This!     StumbleUpon     Del.icio.us

In the seemingly implausible new Bruce Willis action movie, Live Free or Die Hard, terrorists hack through the government's computer security and into the systems that control America's road traffic, aviation, financial markets and government -- crippling the economy and sparking mass hysteria.

Implausible, sure – especially the part where Bruce kills a helicopter with a car.

But recent data breaches show how vulnerable government computers are to exploits or attacks. As the federal government works to improves its IT security and address those breaches, systems integrators (SIs) and analysts say there will be growing opportunities for the channel.

"The government is taking a proactive stance on protecting the information that's in their security systems," said Rob Hile, vice president of business development for Adesta, an Omaha, Neb.-based SI.

There's also been plenty for the government to react to. In May 2006, a burglar stole a Department of Veterans Affairs laptop that contained the

A lot of agencies have a lot of technology that they're not necessarily using properly. Amy DeCarlo principal analyst, Current Analysis

Social Security numbers and other personal information of 26.5 million people. Three months later, a VA subcontractor lost a laptop with personal information on 18,000 people.

Just this month, a cyberattack led the Pentagon to take 1,500 Department of Defense computers offline. And a Congressional committee learned of a January breach at the Los Alamos Nuclear Laboratory, where officials wrote about classified nuclear weapons secrets over an unsecured email network. Another breach occurred at Los Alamos in October.

"This is an ongoing problem," said Amy DeCarlo, a principal analyst for Current Analysis in Sterling, Va.

Live Free or Die Hard is based on a hacker attack, but in real life, data loss prevention is the government's top security concern, DeCarlo said. Thieves and terrorists could use lost or stolen information to commit identity theft, shut down the economy or compromise national security. If Federal Aviation Administration data fell into the wrong hands, for example, "there's a potential to really do serious harm to airline travel," DeCarlo said.

Government agencies have security guidelines in the Federal Information Security Management Act, which DeCarlo likened to the Payment Card Industry Data Security Standard for retailers, and agencies have been making more frequent risk assessments. Thanks to the emergence of mobile devices, there is also more focus on a multi-layered security approach that protects both the network and the host, DeCarlo said.

Those factors and others will lead the federal government to spend $6 billion on IT security this year, according to a study by government analyst firm Input, which predicts that spending to reach $7.4 billion by 2012.

The implementation of the Federal Information Processing Standards publication 201 (FIPS 201), which mandates smart card technology to control access to federal government facilities and networks, will have another "dramatic" effect on business for Adesta and other SIs, Hile said. But it won't be until the cards are issued -- six to 12 months from now -- that those benefits are realized, he said.

"We're not seeing a lot of business yet," he added. "We're just hearing a lot of talk."

The federal government still has significant work to do in other areas as well, according to a recent survey by Telework Exchange, an Alexandria, Va.-based group that studies federal IT security. Just 48% of federal employees surveyed said their agency offered training after the VA's laptop incidents, and 16% said their agency did nothing in response.

The survey also found that 13% of employees said they had no data encryption on their laptops, up from 11% before the VA breaches.

Another opportunity for the channel, besides selling and deploying IT security, is in educating agency employees about the systems they already have in place, DeCarlo said -- especially because human error is one of the major causes of data breaches.

"A lot of agencies have a lot of technology that they're not necessarily using properly," DeCarlo said.

The channel opportunities are not limited to companies that work with the federal government. Adesta does much of its business with what Hile calls "quasi-government" agencies: ports, dams and highway authorities.

Adesta's clients, with some highly visible targets, put an emphasis on the convergence of physical and IT security. They tell Hile, "If something happens, we need to know about it quick, and we need to respond to it," he said.

Tags: More information on selling data leak prevention,  Data breach and leak prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security solution provider business management Managed security service provider guide Microsoft-IBM competition fuels SMB, midmarket channel opportunities How channel partners can profit from security vendor consolidation EMC announces enhanced partner program McAfee and Extreme Networks partner for secure networking Zecurion launches new channel partner program SonicWall to offer cloud-based antispam service Microsoft Partner Network allows for better customer relationships MSPAlliance accreditation programs vet managed services firms and practitioners Survey: Financial services sector may soon start spending on security More information on selling data leak prevention Data theft creates a rich product, service market for security VARs Data breach and leak prevention Getting to know the NERC CIP standards Data protection fueled by data leakage prevention products and services Data breach prevention techniques: Helping customers avoid data breaches Security solution providers find new opportunities amid bleak economy What are the best data leakage prevention strategies for my clients? Data security: Alternatives to data leak prevention Pair data leak prevention product sales with consulting services Data leak prevention: Finding data before it's lost Data leak prevention strategies for security service providers Cyber insurance supplements, not replaces, data breach security

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary