New architecture makes security tricky

It might not be a showstopper, but security is shaping up to be one of the thorniest issues in the federal enterprise architecture hopper.

The issue is not the security of the enterprise architecture models themselves (although that is important), but rather security for the information technology systems that will be built using the federal enterprise architecture as a blueprint. That's because these systems — many based on standard components — potentially will be used by a large number of agencies and might involve unprecedented levels of information and technology exchanges within and among agencies.

"It's immensely difficult," said Tim Hoechst, senior vice president of technology for Oracle Corp.

An enterprise architecture can help because it describes all of the business and transaction flows that need to be secured as well as links among physical assets, he said. But the problem is in coming up with the "architectural consistency" that establishes all of the interrelationships among these so that necessary end-to-end security can be installed throughout the enterprise.

It's not an issue that can be fudged or worked around, according to Valerie Perlowitz, president and chief executive officer of Reliable Integration Services Inc.

"How you protect information going from one agency to another in government is essential for all of this working," she said.

However, with even the basic reference models that will describe the federal enterprise architecture still not defined, security will be an important issue but one that gets addressed later, she said.