Sentry duty

When Charles De Sanno became executive director of infrastructure engineering at the Veterans Affairs Department a year ago, he inherited a massive information technology system and an organization that had suffered public instances of private data losses.De Sanno has worked to improve security at VA, an undertaking that involved encrypting the agency's mobile devices.As part of their new security effort, VA officials have put Microsoft Corp.'s new operating system, Vista, through its paces in the past nine months. De Sanno said Vista's security features are significant enough to call for an immediate agencywide upgrade."Unlike other operating systems, we're pushing the envelope regarding the deployment cycle," De Sanno said.VA's plan to upgrade isn't unique among federal government customers. A number of government-focused systems integrators and Microsoft partners said several agencies plan to move more quickly to deploy Vista than they did with previous operating system releases. Because of software assurance contracts that many agencies already have with Microsoft, 90 percent or more of government organizations have paid for the right to upgrade to Vista.Despite Vista's visible differences from XP, such as 3-D graphics and pervasive search, government agencies focus on the operating system's security features.VA, for example, has conducted about 150 Vista tests, mostly in lab environments. And agency officials are on the verge of deploying a Microsoft application that checks for compatibility with applications that run on VA's networks.One security feature that intrigues VA officials is Vista's built-in encryption called BitLocker. VA is already using GuardianEdge Technologies' encryption products, but De Sanno said BitLocker might be able to integrate with those tools."What we're looking at is vulnerabilities with spyware, key trackers and key loggers, Trojans and things like that," De Sanno said. "Vista provides a much tighter environment ? so we're looking at those aspects."VA is reviewing several other products in addition to Vista to fully secure its environment. Officials plan to use an application, for example, that will allow them to send notices to VA operations advising them about data moving out of the organization."In IT very rarely do you see a silver bullet, and Vista is no different. It is not a silver bullet," De Sanno said. "But it gets you closer to the panacea of ultimately securing the environment."Any agency that handles sensitive data or has a mobile workforce should consider Vista for its security arsenal, said Andrew Norris, vice president of Planet Technologies' federal practice.Planet Technologies of Germantown, Md., is a Microsoft partner and is working with government agencies that are upgrading to Vista, Norris said.The Defense Department and intelligence agencies have been particularly interested in Vista. Agencies that extensively employ contractors and have datato protect are also curious. BitLocker in particular helps protect data on mobile devices and in offices where contractors frequently come and go.BitLocker isn't turned on by default because of the way its keys have to be managed, Norris said.Protections beyond BitLocker are also attracting customers, Norris said."There are a bunch of partner technologies out there that extend that nature of best protection beyond the actual laptop itself, such as being able to disable USB drives within Vista," he said. "It gets pretty granular on those controls."In addition to turning USB drives on or off, administrators can configure them for read-only access or certain capacities.Planet Technologies' employees have seen a variety of Vista plans from government agencies, with some working to do a full upgrade and others choosing to upgrade only certain areas."We've seen a lot of agencies decide that all of their mobile devices are going to be refreshed now for the protection of that data at rest," Norris said.Most agencies already own Vista, so the biggest cost is the business costs, he said.In choosing when to upgrade to Vista, each agency needs to assess its hardware and take an inventory on its place in the hardware refresh cycle, said Patrick Svenburg, a client solution specialist at Microsoft Federal.Agencies then need to factor in their application stacks."You can't move to Vista without going through some basic steps," Svenburg said. "One of them is evaluating your PC inventory, another is to test your applications to make sure that all your mission-critical, core applications run on Windows Vista."Computers that are three or four years old are probably not worth upgrading to run Windows Vista. Machines that are one or two years old and have good specifications can probably handle an upgrade to Vista, Svenburg said.Besides the security features, Svenburg said, federal agencies will appreciate Vista's new management tools. The operating system has new technologies that provide the ability to create a standard desktop image, for example."It drives down complexity; it drives down the total cost of ownership," Svenburg said. "The cost of managing those images ranges from $10,000 to $50,000 per image, so if you can drive down that cost and take away that complexity there are immediate cost savings."