Federal Agency

 

 

Defense Agency Expands Investigative Services, Increases Security, and Saves Network and Administrative Costs

Case Study:

 

U.S. Defense Agency

Profile

A U.S. Defense Agency is charged with providing security investigations for classified government and military operations, Acting in partnership, the agency supports both government and its primary contractors, and provides security advice and assistance to over 11,000 cleared contractor facilities.

The primary role of the agency is to provide investigative services, collecting sensitive background information used to issue security clearances for federal, state, local, and contractor employees. By law, the agency is obligated to protect the confidentiality of personnel information collected, which is housed in a database.

Thousands of agents work for the organization, and travel around the world collecting personnel clearance information. All require real-time access to the database.  

Business Problem: 

The agency has added new missions over time, including activities such as the performance of security investigations for industrial, explosives, witness protection and counter-intelligence activities. The growth, and the broadened role of the agency has put pressure on the information systems organization to provide remote agents with Web-based access to the database, without compromising the security of the data being collected and shared.

The agency’s MIS organization also had another problem. Due to the sensitivity of their contents, the electronic forms used for collecting clearance information could not reside outside the enterprise’s firewall. However, the database vendor was unable to support a server application capable of residing inside a firewall.

Lastly, the agency was charged with solving both problems, while reducing administrative costs at the same time. Growth in the business, and in the number of working agents, had made dedicated and dial-up networking costs go through the roof.  

Situation Analysis :

The agency needed a single solution capable of solving multiple problems: Web-based access to the database had to be provided to agents worldwide, with no possibility of compromising the security of the data being exchanged.

Parties accessing the database had to be securely authenticated as agents of the organization, with audit trails provided. Access to the database had to be provided behind a firewall.

Networking and administrative costs had to be reduced.  Any system implemented had to scale rapidly and cost effectively, to accommodate the large numbers of remote agents, and the growth, and diversity, of the program.    The diversity of tools used by the agent population demanded support for a variety of operating systems and network services.    

Solutions

Worldwide, ubiquitous access to the database was provided to agents via the World Wide Web.  Firewall protection of the database was provided.

Firewall housed the sensitive electronic forms server, and proxied the remote agents through the firewall, easily and transparently.    Strong authentication assured the organization that only legitimate agents accessed the database.

Mutual authentication authenticated the agent to the server, as well as the server to the agent, and two factor authentication required something the agent had (a token), as well as something the agent knew (a password).

Agents enrolled remotely, and conveniently, and were authenticated immediately, via on-line registration, over the Internet.Security and privacy were handled using DES and RC4 as bulk encryption methods, and RSA key exchange methodology. 56 bit DES provides stronger encryption, and RSA, a complete key cryptography system, provided a widely used key exchange method.

Administrative costs were reduced, through Application's Dynamic Configuration feature.   When the field agent enrolled, a virtual smart card was securely exchanged with his PC, but left deactivated, until the administrator enabled it.   Once enabled, the process of key creation and exchange, as well as initialization of access control, was completely automated, freeing the administrator for other tasks.

Cost Effective scalability was provided, through expansion from one to a million users, with the only limits being hardware and numbers of available ports.  Remote agents were supported using a variety of systems and network services, including software on hard disk or floppies, Windows,NT and Mac operating systems, and industry standard smart cards. Special clients were even developed for the remote agents, including SQL*Net , HTTP and Java .  

Solution :

The agency implemented integrated firewall/virtual private networking solution, and immediately provided secure, authenticated access to the database for 4000 remotely located field agents. It provided solutions to the agency’s MIS organization, as well as its remote agents.

They supported a variety of client environments, including SQL*Net, HTTP and Java and also protected, and provided access to the database, by placing it behind a firewall, and offering convenient proxy capability to the agents.  

The Future

The agency now offers remote agents smoother, more secure, and more convenient remote access to the security clearance database. The organization looks forward to broadening their services, while still offering a high degree of public service responsiveness.