What the Government Really Wants

Specific standards must be met to bulk up federal security

Federal government buildings pose similar security challenges to commercial facilities: They need to control access, visually monitor daily activity and manage intrusion-prevention. To meet these demands, the government must integrate with numerous security manufacturers that supply a means to protect different functions, such as single sign-on for individual computers, or large servers to provide redundancy and fault-tolerant needs.

Of course, the level of protection needed could vary, depending on the building being secured. Buildings that house government servers or national archives may need more protection than a single card swipe and camera, for example. So how does a government security manager determine what is needed to secure the men and women who work for the government? What technologies and cost-saving solutions will influence decision-makers? And how can manufacturers and resellers help the government make these important decisions?

How Government Does Business
Working with the government is a long, involved process that requires education and patience. Understanding the intricacies of the process will help integrators and manufacturers gain the trust involved to win projects.

After first assessing its security needs thoroughly, the designated security committee will ask a number of companies for a request for information (RFI). An RFI allows the committee to glean information about the products and services available to them that will solve the issues defined in their risk assessment. After reviewing the RFI, the committee may ask for a solicitation in the form of a request for quotation (RFQ), request for proposal (RFP) or invitation for bid (IFB). Understanding the differences among these requests is critical to meeting criteria and moving to the next level of the process.

Timing is critical. A company must be six to 12 months ahead of the specification going public. This time should be spent pre-selling. Once the RFP is released, it’s too late. You should be talking with the primary end user, contractor (person doing the paperwork) and the technical representative (person who determines if the product or service meets the project’s requirements). Developing a relationship with these three individuals is crucial. They must know early on that you are interested in providing a solution for their security needs.

The soliciting agency will evaluate the proposal based on how the solution meets its need and budget. A company that meets those needs is then invited to demonstrate its product and discuss its solution, as well as provide a final bid.

Technologies Play a Role
The government is always looking for ways to reduce costs associated with redundancies across the different agencies and departments. Many agencies and departments have their own data centers to store critical information, including employee information. In recent years, the number of computers and data centers has skyrocketed, and if agencies continue to create their own data centers, there will be a lot of redundancy in people and energy. This redundancy could be eliminated by combining centers.

The government could do this by using cloud computing. Cloud computing could make government agencies more efficient, provide a cost-savings and reduce the environmental impact of purchasing hardware. The savings is derived from the cost of dedicated servers for each agency or application, and the energy costs to operate those servers. Using cloud computing saves hosting and maintenance costs, staffing and the cost of software installation and ongoing support.

However, when it comes to physical access control, the risks of cloud computing outweigh the benefits. The bandwidth needed for video surveillance is significant and expensive. Cyber-threats have grown tremendously, so there is the risk of a security breach. The system user has no control over the application and is at the mercy of the cloud provider as to when updates will be received.

Government customers want a solution that meets their operational requirements, not one that will require their operation to change to accommodate the software. In a cloud computing environment, the government data is under the physical control of others -- yes, the government is responsible for the data but has no control over it.

The government could turn to server virtualization as a way to save money and energy. Server virtualization consists of using a single server to operate multiple virtual instances of servers through a VMware product. A small operating system is installed using a hyperviso -- a virtualization method that allows multiple operating systems to run concurrently on a host computer -- to manage the interface between the hardware and various virtual servers. The Windows operating system and application software are installed in the virtual machine, and the software cannot tell the difference between this environment and a physical one.

Server virtualization allows the minimization of hardware and all costs associated with it: hardware technology refresh, maintenance, personnel and energy costs. The control remains with the user and is safer because the information is stored on the server.

FIM Saves Money
Federated identity management (FIM) is a growing idea and offers another budget-friendly security solution. FIM is where each device or system, as in a security system, uses a centralized database for authentication and authorized information. FIM would allow participating government agencies to use their existing databases of identities and import that information into the security management system. Using a personal identity verification (PIV) card, multiple agencies could share an FIM application, and consolidating resources would save money.

The government is working to achieve Federated Identity, Credential and Access Management (FICAM). According to www. idmanagement.gov, “The goal is a consolidated approach for all government-wide identity, credential and access management activities to ensure alignment, clarity and interoperability. It establishes the foundation for trust and interoperability in conducting electronic transactions both within the federal government and with external organizations. It encompasses the core capabilities to be able to identify, authenticate and authorize individuals to provide appropriate access to resources, which is the lynchpin to the success of the national cybersecurity initiative and the successful and secure adoption of electronic health records for the healthcare industry.”

Government agencies would use a PIV card when necessary to assert someone’s identity. For example, if an individual were going to log into a workstation or pass through a doorway, a PIV card would assert the identity. FICAM identifies where it’s necessary to assert his or her identity and the appropriate way to implement the assertion. One card can be used for access control and logical access, simplifying the process and reducing costs.

Become a Trusted Security Adviser
Developing a close relationship with the people involved in providing security services to their agency or bureau is important to a reseller’s success. You need to become more than just the company that manufactures the product or the reseller who installs the product. You need to get involved, ask questions and help them figure out what they will need for a security system now and in the future.

Be proactive and demonstrate the value in what you do. You need to become not just a company, but a trusted security adviser. As a trusted security adviser, the agency will turn to you with questions and will rely on your input to help them make decisions.

To become a trusted security adviser, you need to get involved with your government customers and partners in a variety of ways. Involve your company or individuals in industry associations that advise the government on applying and implementing technologies. Be readily available to provide a consultation or recommendations directly. Work closely with all partners involved in a project, whether it’s the IT department, integrator, vendor partners or security managers, and facilitate open communication. Assist with system design on new projects, and help facilitate migration from legacy equipment to compliant, modern solutions.

Solutions
Federal assets, including cyber-assets, staff and buildings, must be secure 24/7 with some variation in the level of security implemented, based on the time of day. The ability to recognize worthwhile technology integrations and having the capability to quickly implement the integration gives a company an edge.

The government has been asking for a security management solution that includes an integrated intrusion management system. AMAG Technology listened, and its Symmetry Homeland V7 features a newly enhanced intrusion detection system (IDS) capability that will allow authorized people to manage their intrusion system from a contactless smart card reader. Government needs demanded a feature-rich contactless smart card reader, such as AMAG’s S884 Javelin reader, to meet special Section 508 guidelines, requiring agencies to make electronic and information technology accessible to people with disabilities.

According to www.section508.gov, the law applies to all federal agencies when they develop, procure, maintain or use electronic and information technology. The Javelin reader has four lines of text where most readers have two. The four lines of text can be programmed to read one line of text that is four lines high, or two lines of text two lines high. This option allows the government to meet guidelines for the visually impaired.

In addition to becoming a trusted security adviser and providing government-compliant products, companies need to have a good reputation and long-standing commitment to their products and services. In other words, the government prefers to work with a company that is going to be in business for a long time.

The government often needs a new software feature added to its security system or new integration. Having the capability to write software or manufacture hardware quickly is an advantage to working within this market. The government sector looks favorably on companies who have full control over product development and can help it meet its security needs quickly.

The government must install products that comply with the many standards the various federal entities impose, and must work with companies whose products meet those standards and certifications.

Staying ahead of the project bid and becoming a trusted security adviser are two ways companies can gain an advantage in this lucrative market.

Helping the government meet its needs now, and in the future, while providing excellent support, will help ensure success.

This article originally appeared in the March 2011 issue of Security Today.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”