The headline message is that Cisco, EMC, and Microsoft – in this case also supported by a number of other technology partners including Liquid Machines, Swan Island, and Titus Labs – have come together to provide and protect sensitive government information. This should not come as a major surprise to anyone associated with the information security arena, especially when you consider the number and the scale of information security breaches that have emanated from that sector during the last couple of years.

The Secure Information Sharing Architecture (SISA) alliance combines a number of self-proclaimed industry-leading applications: Cisco’s network protection, security-enhanced virtualized network links, and data protection features; EMC’s networked storage systems, information management and infrastructure for storing the data; and Microsoft’s identity management, client and network operating systems, and the collaboration framework that ensures content is only accessed by authorized users.

Down at tier two level within the alliance, Liquid Machines provides enhanced content protection, Swan Island improves the alliance’s overall information-sharing capabilities, and Titus Labs, a Canadian company, offers information labeling and classification services.

However, the question that needs to be asked is why does it take a government-focused information-sharing initiative to get the major players in the IT industry to take their information protection responsibilities this seriously? To quote from the official SISA website: unlike previous solutions which did protect data but created islands of isolated information, SISA allows agencies to maintain the availability of content, while precisely governing how it may be accessed and used. SISA is also seen as being very agile, enabling agencies to revise or withdraw access as roles and responsibilities change. As a result, internal data remains confidential, safe from internal theft, damage, and loss.

Again, this is precisely what the information security industry as a whole should be doing to protect all the end-user public and private sector organizations that we, as their customers, have to trust to take care of our private and financial information.

Within the SISA approach to information protection, each member takes control over the protection of their own data. SISA will help such government agencies to accelerate the consolidation of disparate systems and networks into cost-effective, shared physical infrastructures. However, at this level the big question must be: will each agency trust the other to satisfactorily maintain their part of the relationship?

SISA is said to offer a blueprint for shared information services. It allows agencies to realize security and cost savings from consolidation by giving each member control over the protection of their own data. Clearly, the value and use that could be made of the applications included within the SISA project would also appear to be appropriate for the protection of organizations outside the narrow government sector that SISA is initially targeting.

Source: OpinionWire by Butler Group (www.butlergroup.com)