Services demand security in enterprise deals

'We can't stand the vulnerability of having a flaw that doesn't get patched and [then gets] exploited at the wrong moment.'

'Air Force CIO John Gilligan

The Air Force expects to save $100 million under two servicewide contracts it has entered with Microsoft Corp.

But the cost savings were not the primary motivation for the Air Force to ink the deals, CIO John Gilligan said.

'The major driver was probably security,' he said. 'We predominantly rely on commercial hardware and software. We were spending more money patching and fixing' security flaws than buying new products.

But as the military services move to the concept of network-centric warfare, 'we can't stand the vulnerability of having a flaw that doesn't get patched and [then gets] exploited at the wrong moment,' Gilligan said.

Less is more

One of the contracts for products consolidated 38 software license agreements scattered throughout numerous commands. The second deal combined seven previous support services contracts.

To implement the agreements, the Air Force will shift more than 525,000 desktop computers to one of three configurations. All software on the computers will be configured to security settings that meet Air Force requirements.

Microsoft will be responsible for identifying vulnerabilities and implementing fixes across the enterprise.

'We have moved from an era of 'buyer beware' to holding manufacturers responsible,' Gilligan said.

The Army entered an enterprise agreement for Microsoft products in the summer of 2003, said Lt. Gen. Steven Boutelle, the Army's CIO. Softmart Government Services Inc. of Downingtown, Pa., won the six-year, $471 million software consolidation contract. At the time of the agreement, the Army said the deal would save millions of dollars in operational costs and improve software license and asset management.

'The Army shared its experience, process and lessons with the Air Force, and their agreement reflects much the same structure and approach as the Army's agreement,' Boutelle said.

The Army agreement did not include a service component similar to the Air Force deal, but the Army is looking at a possible follow-on support contract, he said.

'The Army released an request for information recently to further refine how it could structure a request for proposals to competitively source the kinds of services the Air Force included in their agreement, as well as support a much broader and deeper array of service support,' Boutelle said.

The Defense Department also may be looking to implement similar agreements in other military agencies.

The Air Force last month briefed the DOD Enterprisewide Information Assurance and Computer Network Defense Solutions Steering Group, led by the Strategic Command, on the structure of the service contract with Microsoft.

Teaming up

'The Air Force effort has the potential to significantly improve the vulnerability exposure of the Air Force and, if it succeeds there, of the rest of the DOD,' said Richard Hale, chief information assurance executive for the Defense Information Systems Agency. 'Microsoft, the National Security Agency, DISA, the National Institute of Standards and Technology, the Department of Homeland Security and the General Services Administration all team in the development of secure configuration guidance for Microsoft operating systems.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.