Federal market drives booming security biz

Security vendors are converging on the federal market because the government is one of the driving forces behind the worldwide movement to protect computer systems and networks.

Computer security is the hot topic of the day as the Year 2000 problem approaches its deadline. But according to the top executives at two leading vendors, the government is one of the few markets that actually is doing something about protecting its systems rather than just talking about doing so. And that makes federal agencies a very important group right now.

"The federal government is becoming one of the first markets to pay more than lip-service attention," said Bill Larson, chief executive officer at Network Associates Inc., which sells anti-virus and other popular security and network management products.

Most of the business world also has realized the need for security, Larson said, but the government is one of the few groups that is implementing security across the board.

Larson came to the Washington, D.C., area for the first time last month to meet with agency chief information officers, and he discovered a depth of understanding and interest that he had not entirely expected. Network Associates now is going to focus more on the federal market, he said.

Other vendors have been working with the government for years, from providing products to helping establish standards. But the relationship is moving into a new phase.

"The federal market is very important to us," said John Ryan, president and chief executive officer of Entrust Technology Inc. The company develops encryption software and other security solutions with a focus on public-key infrastructure (PKI), which is the security backbone that provides user authentication for Internet-based applications through digital certificates and encryption.

At its Secure Summit conference in June, Entrust announced a new wave of partnerships and products with major vendors, including Intel Corp. And the federal market is one of the focus points for these new products and initiatives, Ryan said.

Some of this attention to security is coming because of the power and authority being brought to bear on agencies by directives from the president - such as Presidential Decision Directive 63, which asks agencies to come up with plans to protect their key systems - and the Office of Management and Budget.

It is much harder for an agency to say "no" to a directive to come up with plans to protect its mission-critical systems than it is for a company's division to refuse the directive of a CEO, the company executives said. Because of this, the federal government is driving the commercial market in a way that has not been seen in some time.

Early Product Pitch

Security products and services, unlike some other commercial IT offerings, are being pitched to the government as soon as they appear. Congress is holding more hearings on security and encryption issues than ever before. At Entrust's Secure Summit, one of the premiere user stories came from the Energy Department. And vendors are saying that a recent General Services Administration request for information on next-generation intrusion-detection products may push the market to produce solutions ahead of schedule.

Of course, it is not just the U.S. federal government that is involved in this push. The states are not far behind, and in some places states are even ahead of federal activity. And Canada and some European governments have kicked off more far-reaching security projects than the United States, especially in the area of PKI.

But many federal agencies and groups, including the Patent and Trademark Office at the Commerce Department and the Federal PKI Steering Committee, are talking to Canada's government and others.

Meanwhile, GSA is working with the FBI and the Defense Department on a governmentwide effort to detect and respond to unauthorized use of federal networks.

Vendors' response to all this interest is natural. "The government is one area where information assurance is likely to be a high priority in the next couple of years," Network Associates' Larson said. And it will be in the next year, after the Year 2000 hurdle has been cleared, that security spending should pick up, he said.

The federal government always has been a good customer for Entrust, and the company definitely expects that business to pick up as federal security and PKI pilots move into the implementation phase, Ryan said.