Agencies Move to Outsource Network Management
Agencies Move to Outsource Network Management<@VM>A Strategic View<@VM>Then Came Security
By Heather Hayes
Federal agencies are turning to outsourcing to help manage both their networks and network security to keep pace with increasing demands on their infrastructures for electronic business applications and Web-based data access.
The network's ready availability has become fundamental to the delivery of public services and information. Few, if any, agencies can afford to have a network go down for any length of time. And with network technology becoming increasingly complex and distributed, agency officials, once hesitant to turn over control to vendors, slowly have begun to recognize they cannot do it all.
Behind this thinking: cost and security.
"Federal agencies, especially the smaller ones, just can't afford to sustain a private enterprise like they used to," said Jon Marcy, business area manager of the Navy and Marine Corps for GTE Federal Network Systems, a Chantilly, Va., systems integrator that manages networks for the Defense Information Systems Agency, the Navy and the Treasury Department.
"We definitely see outsourcing as a trend. And it's not even that they want us to move our personnel into their operations facilities, which is something that we've done before. Instead, they now want us to manage their networks from our network operations facility," Marcy said. "That's a big change."
Holloway Coats, acting director of the systems integrity/quality assurance division, Office of Information Technology at the Department of Housing and Urban Development, said government has little choice.
"Government staff just do not have the skills or the ability to go out and make an infrastructure function to the degree that they're getting optimal services from their applications and other resources on the network," he said.
In fact, industry officials said the trend toward managed outsourcing, where government officials maintain some oversight, and total outsourcing of networks will begin to snowball in the very near future. This will provide plenty of opportunity for firms that offer professional services and systems integration.
Rich Ptak, vice president for systems and application management at the Hurowitz Group, a research firm in Framingham, Mass., predicts a steady 30 percent annual increase over the next three years in demand for network management products and services. The Gartner Group estimates the overall network management software market exceeds $1.09 billion, with a 57 percent growth rate in 1998.
Meanwhile, the demand for network security management, historically a function included under the larger umbrella of network management, also is on the upswing. Within government circles, it is now being separated out and performed as a discipline all to itself. Among civilian agencies and some defense agencies, it, too, is being considered for outsourcing. (See sidebar, page 36.)
"As the Internet has grown and the threats to our internal resources have increased, we in the government now are realizing that network managers are not security people," said Coats, who noted that Housing and Urban Development will look to outsource its security management within the next couple of years.
"The skills are entirely different, plus it's important to have some objectivity involved. You get that when there's a duality of functions," Coats said.
The growth of e-business and distributed computing also drives network managers to perform their functions in an entirely different manner.
These workers once managed the network devices and applications in an isolated fashion, but now they have to approach the network as a seamless, robust tool that includes not just network resources but organizational policy and business processes.
Just over the horizon are network-aware applications and application-aware networks to better enable agencies to look at their entire networks and make decisions that take into account every resource and organization policy.
"These are self-configuring and self-healing networks that have intelligence built into them," Ptak said.
For example, a network can reconfigure itself based on the application that is running and the policy determined for it. If it is mission-critical and has the highest priority, the network automatically will reroute traffic and degrade other applications if necessary to ensure that the bandwidth is available to run that application fully.
Small companies, such as Apptitude Inc., San Jose, Calif., and Ganymede Software Inc., Morrisville, N.C., have products tailored to these more mindful networks and applications, but no one has any one product that can do it all without integration.
"Unfortunately at this point, the demand outweighs supply," said Ptak. "But the products are coming. The market should be in full swing by the middle of next year."
Meanwhile, network managers already have better tools at their disposal, all based on the simple network management protocol that allows them to view the entire network, including Web servers and nodes, recognize when network traffic is reaching certain thresholds and even manage right down to the desktop.
For example, by using a network management platform such as Hewlett-Packard Co.'s OpenView or IBM Corp.'s Tivoli, managers now have a graphical user, interface-based operating system similar to Windows that allows them to "stack" management tools that can better predict and locate points of failure.
"They kind of act as plugins or windows within that operating system," Marcy said.
Those products are even more intelligent than they used to be. For example, smart agents, or remote monitoring tools, now allow managers not only to monitor network traffic but also to track how end users are using the network, including how many e-mails are sent and to where; what Web sites were hit, and to generate subsequent usage reports that give the enterprise owner a better handle on usage patterns.
"They can then use that information obviously to make better business decisions on technology insertion and how they can better engineer their networks to provide better performance for both their end users and their customers," Marcy said.
The U.S. Postal Service uses the Pegasus remote network monitoring product from Ganymede Software to keep tabs on its far-flung network resources.
Other products are more specialized:
?Help Desk, a product from Remedy Corp., Mountain View, Calif., monitors desktops and applications and automatically generates trouble tickets for network managers.
?ForeView, a product of Fore Systems Inc., Pittsburgh, monitors and manages asynchronous transfer mode devices.
?Network Associates Inc. has Sniffer Total Network Visibility Suite, which measures end-to-end response times of SAP R/3 business applications.
Network Associates of Santa Clara, Calif., also has partnered with CACI Products Co. of La Jolla, Calif., to develop a new product called Sniffer-Predictor, an application that allows network managers to plan accurately for network growth and e-business application deployment.
For federal agencies, though, the issue of choosing a vendor to provide network management is based less on what tactical means are applied than on other, more strategic criteria.
"One of the issues that everyone within the industry is dealing with right now is that state of the art is changing so quickly that ... by the time you get [a product] delivered and installed, there may be a new product out there that's better," said Chris Nolan, regional vice president of Unisource Systems Inc. of Chicago.
Unisource is a provider of network management and security management services and has done security management consultation work for the departments of Housing and Urban Development, Justice, Transportation and Treasury.
"From a federal point of view, the real issue is how do you best work in a client-server environment where you're downloading data off mainframes, then setting up servers that can interact with one another for various applications, and then go in and tailor the specific levels of service that each user needs," Nolan said.
"It's a matter of helping the agencies make sure that users can access the specific applications they want when they want them, whether it's a financial tool or a scientific tool," Nolan said.
To ensure this kind of real-time, continuous access to information and productivity tools, federal agencies have to do two things: increase their bandwidth and lower their costs.
The best way to do that is to go to an outside provider, according to Marcy. Not only can a company that specializes in network management provide the economies of scale that come with specialization, he said, but, unlike time- and budget-constrained government workers, the company can devote more resources to keeping up with the market.
Geoff Stilley, vice president of federal sales and marketing for Network Associates, a leading supplier of enterprise network security and management software with federal offices in Rockville, Md., said his firm and several partners have developed a chief technology group that evaluates and tests new products to keep themselves and their federal clients abreast of the state of the art.
In fact, government agencies are looking to vendors to act as true partners in the process, Coats said. It is not enough to understand their own products or even the network environment. Vendors have to understand those things within the larger context of government operation, he said.
That means having a detailed knowledge of risk mitigation, quality assurance, security issues and even government policies, such as the recent Presidential Decision Directive 63, which deals specifically with how technology managers respond in the event of network outages and cyberterrorist attacks.
"They need to understand where this industry is going, and they need to understand what laws and regulations are driving our programs," Coats said.
One critical skill that integrators and service providers need to bring to an outsourcing arrangement is the ability to make the transition seamlessly from one mode of operation to the next, industry officials said.
"It's the biggest obstacle that has to be overcome," said Marcy. "But, primarily, it's a matter of keeping the customer informed, establishing a mirror capability of the existing infrastructure, and then, at a low point in the day and when the customer is comfortable, flipping the switch.
"There's always some gotchas or interrupts, but having a process in place and operators who know how to deal with those issues are absolutely critical to success in outsourcing network management," Marcy said. By Heather Hayes
For many years, network security was a discipline tied into network management and often overlooked by federal officials.
The growth of the Internet has spawned a new breed of terrorist, and government officials have become alert to the need for managing their network security.
As a result, many agencies are looking at outsourcing their security management function, but as one distinctly separate from network management. They include agencies that traditionally never would have dreamed of putting responsibility for data protection into the hands of anyone other than internal staff, like defense agencies and the Internal Revenue Service.
"Cost is driving some of the decision," said Tony Caputo, chief executive officer of Information Resource Engineering Inc., a Baltimore-based provider of virtual private network solutions. "But the other thing is they recognize that many firms have the kind of high-level security expertise that is required to do the job effectively."
Security management focuses not just on setting up firewalls, encryption and public key-infrastructure technology, but also on determining the agency's security policy so it can be extended to each individual and device on the network; monitoring policies that relate to each of those users and resources; updating and changing those policies; screening new employees and adding them to the system; and reacting to intrusions or attacks as necessary.
Like network management, security management comes with a variety of state-of-the-art tools that allow managers total visibility. These include Internet scanners that can be used defensively to pinpoint vulnerabilities on the network, and server scanners and database scanners.
Taken together, the three tool categories enable a manager not just to find potential breaches in the network, but also to generate logs of transactions that occur between different IP addresses.
"We're then able to take those logs and do some type of correlation between the different data sources into something that's intelligent or of value-add for our customers," said Russ Holder, executive manager of Intergraph Federal Systems, a systems integrator headquartered in Huntsville, Ala., which is providing security management on an outsourcing basis for at least one Army customer.
A successful security management firm, said Holder, must have a consulting focus and be able to offer personnel with detailed knowledge of NT and Unix operating systems and a good understanding of Internet protocol, as well as other local and wide-area network protocols.
"We're not there to sling code or burn hours, but we're actually trying to determine what is the customer's problem and how can we improve the process," he said. "There's a little bit of business process re-engineering that you have to bring to the table."