Small firms tap into persistent concerns about security and other federal priorities
This year, Federal Computer Week's list of the top 10 companies to watch demonstrates the persistence of security as a concern in the federal information technology community.
Interviews with dozens of government IT executives show that the desire for more sophisticated security measures is a key driver in purchasing decisions. The types
of security products in demand have greatly broadened since the days when virus scanning and firewalls were everyone's idea of protection. Today, buyer interest covers everything from improving traditional surveillance methods to securing smart cards.
Federal agencies, naturally, have needs beyond security. The list reflects the need to manage workforces, integrate disparate systems, harness computing clusters and improve the flow of information to a variety of constituencies.
The list underscores one more thing about federal IT: Timing is everything when it comes to product development.
Product timing has worked well for Citadel Security Software Inc. Citadel addresses what company executives call a critical gap in the network security space: how to deal with the ever-increasing volume of vulnerabilities.
Scanning software is able to identify areas where networks are vulnerable, but such products don't provide the means for resolving those vulnerabilities, according to Jack Doxey, Citadel's vice president of marketing. This is where the company's Hercules automated vulnerability remediation software comes in. Hercules "picks up where scanners leave off," Doxey said.
Hercules imports and aggregates data from vulnerability assessment scanners and automates the process of dispatching remedies. The software lets organizations set remediation polices for a specific device or device group. Hercules addresses five vulnerability classes: unsecured accounts, backdoors, unnecessary services, misconfigurations and software defects.
Hercules entered the market in 2002. The product's arrival appears well timed from a federal standpoint. Steve Solomon, Citadel's chief executive officer, noted that the Office of Management and Budget in recent weeks has been asking agencies about vulnerability remediation. And then there's the Federal Information Security Management Act, which calls for agencies to assess vulnerabilities and implement procedures for reducing risk in a cost-effective manner.
Citadel, not surprisingly, has emphasized the federal market this year. Indeed, Citadel cited government business as a factor in the company's second-quarter results. Revenue was up 70 percent at the end of June compared to the same period last year.
The company's customers include the Air Force, Food and Drug Administration, and Navy. The product also is available via the Department of Veterans Affairs' Procurement of Computer Hardware and Software contract.
Meanwhile, Citadel is pushing its software to higher levels of security. The company has registered Hercules to undergo Common Criteria evaluation and certification, an important security standard, especially in the Defense Department. Solomon said Citadel is the only software company in its category to do so.
Royal Philips Electronics has another timely market entry. The company has brought its much-anticipated Mifare DESFire contactless smart card chip to the market. Contactless cards, increasingly popular as facility access cards, use radio frequency ID chips that are waved in front of a reader rather than inserted into readers. This reduces the wear and tear that would otherwise limit a card's life.
The Triple Data Encryption Standard version of Mifare, however, brings additional security to smart cards. This is of interest to federal agencies seeking to add contactless capabilities to cards that have been primarily used for access to computer networks.
Some technology providers retrofit products for the federal market, but Fortress Technologies and WiebeTech LLC have launched products with federal requirements in mind, which means they can get their products into the hands of customers faster.
Fortress, which specializes in wireless security, has pursued federal business from the company's inception. Its customer list includes the Air Force, Army and VA. More than 80 percent of the company's revenue comes from public-sector accounts.
In the public sector, Fortress has been on top of government security standards. In 2002, the company's AirFortress became the first 802.11 wireless security solution with Federal Information Processing Standard 140-1 certification. More recently, the company provided input into the FIPS 140-2 standard, which was adopted this year, said Janet Kumpu, Fortress' chief operating officer.
"We have taken the approach of architecting for FIPS upfront," Kumpu said. That design principle lets Fortress release products on a timely basis, she added.
She believes the universe of federal wireless applications is expanding. The Army, for example, is using Fortress to secure a portable wireless network for battlefield communication. She thinks this type of solution could also apply to an emergency response system for first responders.
Now, the company is looking to expand in the commercial sector, which, contrary to the typical pattern, is moving slower than the government market in technology adoption.
"Wireless is so new," Kumpu said. "They are taking longer in evaluation."
The task of convincing reluctant prospects has not been an issue for WiebeTech, which makes a computer-docking product that permits fast access to hard drives. In fact, customers convinced the Wichita, Kan.-based firm to build a product geared toward government work, and some clients asked for a forensic version tailored for law enforcement officials who need to collect evidence from suspects' computer hard drives.
WiebeTech listened to its customers. The result is a forensic product line that debuted in late 2002. Soon after the launch, the FBI came calling, said company founder James Wiebe. The Royal Canadian Mounted Police also purchased the product.
Wiebe said federal agencies are a natural fit for the company's forensic product line, which features models with varying levels of encryption. Government customers typically gravitate toward the high-end version, he said.
"With the emphasis on homeland security in particular, you can really see the drive to collect and process [digital] evidence," Wiebe said. "It's a good market."
WiebeTech now is working to broaden its base in the federal market. The company is marketing to "all the normal three-letter agencies" and the military, he said. The company also is broadening its product set and developing an encrypted hard-drive product.
Meanwhile, WiebeTech officials continue listening to their customers. Users of the forensic product, for example, want versions that support USB 2.0 and Serial Advanced Technology Attachment interfaces. Wiebe said his company is working to incorporate those enhancements.
"The very best source of product innovation does come from the customer," he said.
Tripwire Inc., a developer of integrity management solutions, counts the House of Representatives among its customers.
The company's products detect unauthorized changes both accidental and malicious to servers and network devices. Solutions of this kind are designed to boost the safety and predictability of critical IT infrastructure components.
The company's Tripwire for Servers 3.0 and Tripwire Manager 3.0 have received Common Criteria Evaluation Assurance Level 1 certification.
About 15 percent of Tripwire's business comes from the government sector, according to CEO W. Wyatt Starnes. He plans to boost that figure to 20 percent to 25 percent of the company's revenue. The strategy over the next 18 months is to complement the company's traditional direct business with relationships with systems integrators, he added.
He said he sees two primary drivers among federal customers: security and operational efficiency. "Clearly, the government is increasingly concerned about security and making sure the data running critical systems is known and protected." In addition, organizations are being asked to "deliver more IT capacity in a more predictable, cost-effective way," he said.
Also of interest to government agencies is Tripwire's File Signature Database, a repository of metadata that lets customers authenticate the integrity of files. The company's partners on the initiative include Hewlett-Packard Co., IBM Corp., InstallShield Software Corp., RSA Security and Sun Microsystems Inc. Tripwire plans to make the database available to government and law enforcement agencies to assist in cybercrime investigations.
Although many security products are geared toward protecting digital assets, ObjectVideo Inc. employs computer vision technology to improve old-fashioned physical security.
ObjectVideo makes video surveillance software. The company's Video Early Warning (VEW) product lets a computer and a camera "see" for a security organization. The product became available this year. A contract with the Homeland Security Department's Bureau of Customs and Border Protection is the company's largest federal deal thus far. The bureau is deploying VEW to monitor points of entry along the U.S./Canadian border.
Clara Conti, CEO of ObjectVideo, said the project has led to more opportunities. "Many doors have opened on the military side and on the commercial side just because of the kind of work we are doing" at the customs bureau, she said.
For example, ObjectVideo is working with the Office of Naval Research to integrate VEW with a 360-degree camera mounted on the mast of a ship, Conti said. The idea is to enhance perimeter security to avoid incidents such as the bombing of USS Cole in Yemen.
VEW is not intended to replace security personnel, said Edward Troha, director of marketing programs at ObjectVideo. Instead, the product lets security professionals more effectively use conventional surveillance technology. With motion-detection systems, for example, ripples on water or animal movements might trigger an alarm, Troha said.
With VEW, organizations use a wizard-like interface to define rules for a field of view. A rule which Troha described as a "virtual tripwire" could target vehicles entering a given area of interest, for example. The resulting alarm alerts a security professional who can then further assess the intrusion and take action.
Although security remains a hot topic, the same holds true for Web portal technology. Agencies have eagerly launched portals to improve the flow of information to employees and citizens, and few companies have been hotter in that space than Appian Corp.
The 4-year-old company is behind a number of key government portals. Appian's first major success was with Army Knowledge Online, which the company says is the world's largest Web portal. The Army portal could soon become a springboard for other projects.
"There's not a better marketing or sales person than the Army," said Matt Calkins, Appian's president and CEO. He said the Army deal has led to a number of other sizable projects, including the Navy's Knowledge Management Portal and the Federal Emergency Management Agency's portal for first responders (www.disasterhelp.gov).
Customer word of mouth has sustained Appian thus far and allowed it to remain lean in terms of marketing and sales investment. The company has built itself on its own revenue rather than relying on venture capital, Calkins said.
Appian offers its own portal and personalization software and the ability to customize the software to meet customers' requirements. On seven-figure portal deals, "we have always had to customize our solution to meet very demanding clients' needs," Calkins said.
The portal environment is frequently complicated. But the government's objective boils down to getting the right information to the right people as quickly as possible. "We're looking to unlock the value trapped in all the information they have," Calkins said.
Avue Technologies Corp. helps agencies unlock human potential. The company's Web-based human resources management service has struck a chord with federal agencies increasingly concerned about such issues. Avue specializes in public-sector workforce management.
The appointment of chief human capital officers at Cabinet-level agencies has elevated workforce issues in government. Linda Rix, Avue's co-CEO, said human resources has catapulted from an administrative function to a boardroom consideration. Assistant secretaries, chief information officers and chief financial officers are among those paying attention.
Agencies have a number of tasks to juggle. They must manage workforce performance, track employee skills, improve workforce deployment and develop a replenishment strategy to prepare for retirements, Rix said. Avue's hosted service automates a number of human resource functions, including strategic planning, recruitment and hiring, performance appraisal, compensation, and position definition.
Federal agencies subscribe to Avue's service and pay a fee based on the size of the organization. Contracts typically run for five years, with a one-year base and four one-year options.
The concept has caught on. "In round numbers, we're basically doubling [revenue] every year," said Jim Miller, Avue's co-CEO. He said the subscription model frees customers from such typical software concerns as per-seat pricing and maintenance fees.
Avue customers which include the U.S. Agency for International Development and the Forest Service are often large, distributed organizations with numerous field offices, Rix said. Because every agency employee is a potential user, human resource services must be deployed to every desktop, and Rix believes the company's hosted-software approach is the best way to get that done. Avue now has "an eye on expanding the model into other business functions outside of HR," she added.
Applications hosted or otherwise depend on the underlying technical infrastructure. This is where Platform Computing Inc. and Tibco Software Inc. make their contributions.
Platform Computing provides software that helps harness the power of grid- and cluster-based computing.
The grid approach aims to coordinate resource sharing in large-scale computing environments so users in one organization can tap into applications in another. Clusters use servers linked via software to provide a cheaper alternative to supercomputers.
The company's Platform LSF has emerged as a key job scheduling tool for managing computing clusters. In recent months, the Energy Department's Pacific Northwest National Laboratory and Los Alamos National Laboratory selected Platform LSF to help run their clusters.
Rene Copeland, vice president of government sales at Platform Computing, noted that DOD customers involved in high-performance computing also use Platform LSF. He said such customers need a scheduling program to manage their projects.
Beyond Platform LSF, the company provides software for the building and management of grid computing. It was the first to offer commercial support for Globus Toolkit, an open-source tool for building grid-based applications.
In addition to DOD's and DOE's high-performance computing operations, NASA has also tapped Platform Computing's capabilities. The company's focus on the federal market increased last year when the Canadian company launched a subsidiary to manage U.S. federal business.
Tibco is no less dedicated to the federal market. The enterprise integration software vendor pursues government-specific solutions in such areas as homeland security, command and control, supply chain integration and modernization.
Tibco's flagship ActiveEnterprise product monitors business operations, handles enterprise messaging and provides a platform for enterprise application integration. That function lets applications, databases and legacy systems communicate, which allows organizations to select such integration approaches as Extensible Markup Language, Web services or Tibco's messaging software.
For example, Aerospace Corp., which supports the Air Force Space Command's Space and Missile Systems Center, needed to distribute telemetry data to applications including expert systems and custom analysis tools, according to Tibco. Aerospace deployed ActiveEnterprise to achieve the level of communication the center had been seeking.
Earlier this year, Tibco teamed with data distribution vendor GemStone Systems to create the Enterprise Services Solution. That enterprise integration platform aims to facilitate information sharing within or between agencies. It could be another example of bringing the right technology tools to market at the right time. l
Moore is a freelance writer based in Syracuse, N.Y.
NEXT STORY: L.A. site keeps tabs on convention