Sprint stresses tailored solutions for security

When it comes to information security, one size doesn't fit all. The commercial world has already learned that lesson, security experts say, and they want to instill it in the federal government.

Sprint's E-Solutions security group, for example, is pushing the idea that security is an intrinsic part of a system, and standardized solutions are not always best.

"The hard part is making sure you know what you need," said Dale Bachman, security practice manager for Sprint E-Solutions.

Customers tend to want the latest "hot" security technology and often fail to consider whether it is necessary for achieving their mission, he said.

The Office of Management and Budget's Circular A-130 says federal efforts should be as "stringent as necessary to provide adequate security." But John Gilligan, co-chairman of the CIO Council's security committee, has said that many administrators have difficulty determining what is adequate.

Before putting security technologies and policies in place, agency officials need to assess the threats the agency might face, the vulnerability of systems and the amount of risk a program can withstand, Bachman said.

Sprint starts by looking at an organization's "business drivers," said Robert Robinson, security/privacy practice principal at Sprint. For agencies, drivers include the objectives of particular programs, the types of information being exchanged, who needs access to the information, and the various laws, policies and guidelines that affect how an agency does business.

In January, the CIO Council, the Chief Financial Officers Council and the Information Technology Association of America issued "Securing Electronic Government," an overview of e-government security challenges and possible solutions. The document highlights the various areas within a program where security plays a role, such as authentication and confidentiality. Through examples, the guide shows how different objectives and policies can result in different levels of risk and vulnerability for two programs that face the same security threats.

Sprint officials use a similar process when they develop a Security Architecture Blueprint for a customer. Although a standard procedure guides development of the blueprint, each is tailored for a particular client's needs.

"Their blueprint can't be the same as even the guy next to them, because they may have the same business, but they have different drivers," Robinson said.


  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected