game changing it solutions

1GAME-CHANGING IT SOLUTIONS FOR THE ENTERPRISE WHITE PAPER

GAME-CHANGINGIT SOLUTIONSFOR THE ENTERPRISE

Taking Advantage of the New RealityIn the current era of economic malaise, increasingly austere federal budgets, global uncertainty, and daunting cyber threat environment, it’s easy to take the few CIO dollars you have and retrench, focusing on what HAS to be done rather than on what SHOULD be done. But as Forbes Magazine wrote in July, 2008, just as our last recession was getting underway, “…curtailing innovation efforts in tough times is a long-term strategic mistake.” Innovation is the only way to reach new, loftier mission objectives, which all of us have been given.

So, let’s look at these tough economic times as an opportunity to catapult the enterprise forward, to transform it so it runs leaner, operates faster, and delivers better results. Below, we’ve assembled a few (and by no means all) of the technology game changers worth considering as you plan the future of your enterprise in this most dynamic and challenging era. Some of these concepts may seem new, others may seem like motherhood and apple pie, but each of them can forever change the way you do business.

2

Taking Advantage of the New Reality

GAME-CHANGING IT SOLUTIONS FOR THE ENTERPRISE WHITE PAPER

The Emergence of the Extended Enterprise Operations Center (EEOC)Most large enterprises have had a Network Operations Center (NOC) for ten or 20 years. This is the pulsing heart of your IT infrastructure—the central place where you monitor and manage your networks, servers, and endpoints. But the NOC is no longer sufficient. Today, enterprises need to accommodate a dizzying array of mobile devices which everyone uses at home and expects to be able to use at work. The cybersecurity implications are complicated, but assuming you can weave your way through that morass (which, in many cases, you can—see below), then you need a Mobility Operations Center (MOC) to accommodate this newly empowered mobile workforce.

Cybersecurity has also caught us off guard. In the last five years alone, unique malware signatures have increased exponentially, from less than 2 million in 2005 to over 50 million in 2010, making signature-based malware detection a losing game. Concurrently, the number of security incidents reported to US-CERT has rocketed from less than 3,000 in 2006 to over 45,000 today, a 12-fold increase in five years. If 2011 taught us one thing, it was that no enterprise is secure. Not Lockheed. Not Sony. Not RSA. Not Google. Not the U.S. Government. Not your enterprise. And that means that the traditional static approaches to cybersecurity – including Certification and Accreditation (C&A) and virus detection – are both outmoded. A more proactive and ongoing approach to monitoring security is required to even have a hope of keeping up with the cyber threat and keeping your enterprise data secure. Enter the Security Operations Center (SOC), a place where you can continuously monitor and address cyberthreats—reactively, or better yet, proactively. FISMA compliance then becomes an artifact of good security, rather than an objective in and of itself.

And then there’s the cloud. With a federal Cloud First strategy, every agency is headed to the cloud. But with private clouds, hybrid clouds, and public clouds, where do you draw your enterprise boundaries for operational monitoring? The lines are blurry. From an operations perspective, you now have to consider your Extended Enterprise—the enterprise that goes beyond the networks and devices that you manage directly and include the infrastructure, platforms, and applications you have incorporated from other organizations that you entrust with portions of your business and assets.

Thus will evolve the Extended Enterprise Operations Center (EEOC), a place where the NOC, MOC, SOC, and Cloud Monitoring Service (CMC) all come together into a unified operations center. The EEOC will integrate, automate, and anticipate network, mobility, cyber, and cloud operations for a far more efficient, adaptive and secure enterprise.

NOC

Enterprise Network

MOC SOC CMC

Cloud(s)

Extended Enterprise Operations Center (EEOC)

3



Enterprise Performance ManagementBusiness process automation has been around since Henry Ford created the assembly line. However, in the last ten years, service-oriented architectures (SOA) and evolutionary advances in web application architecture, workflow management, and portal technology have all converged to your transformational benefit. Standards like SOAP and IF-MAP enable you to integrate disparate components, data feeds, applications, and sensors and tie physical and logical systems together, automating operations with unprecedented speed and flexibility. Meanwhile, portal technologies like Microsoft’s SharePoint have matured to offer the power to integrate, route, and display information for a modern look and an efficient operation. Add some smart data visualization and you have compelling dashboard decision support views of nearly every facet of your enterprise. Manage performance—for you, your employees, and your customers.

These platforms allow an array of capabilities, including automating the FOIA process; audit tracking, managing workflow and suspense items; performing Enterprise Content Management; delivering training in a video-on-demand environment; and executing high-volume e-commerce activities.

Graphical dashboards with filtering and drill-down capabilities provide additional intelligence tools for management. Trend analysis tools provide intelligence on how the enterprise has been managing performance over time.

4



Secure Mobility and the Long-awaited Enterprise AppStoreWhile our enterprises were asleep, the world has gone mobile. As of July 2011, the Apple AppStore had over half a million apps available for download. Amazingly, every single one was built in just the last three years. Is it any wonder that our enterprises can’t keep up with personal expectations set by the consumer electronics market?

How many mobile apps does your enterprise have? If it’s fewer than the number of non-mobile apps you have, there’s work to do (and you’re not alone). Unfortunately, trying to play mobile catch-up has been (rightfully) hampered by the cybersecurity risks, which have tempered the rollout of mobile applications across government. Fortunately, new tools and technologies on the market are addressing the mobile cybersecurity challenges and today it’s possible to deploy, provision, and manage mobile devices with applications that are sufficiently secure for most enterprise purposes. This means FIPS 140-2 certification, AES encryption, and secure VPN—all that good stuff.

What does this mean? It means the foundation has been laid for the creation of your very own Enterprise AppStore, a place where employees and partners can download and use the enterprise apps they need on their mobile devices, which you can safely provision and allow them to use. And all this can be done in a secure fashion to your CISO’s satisfaction and configuration managed the way your IT department wants it done (in the MOC, which is part of your EEOC).

The question now is, what have those mobile apps people been so desperately clamoring for? It’s time to start putting some serious creative thought behind how users of all shapes and size—both inside your enterprise and out—can optimize their productivity through the use of mobile applications. And these aren’t just applications you already have that you can mobile-enable; they’re applications you don’t have yet and can’t yet fathom. Remember, in 2008, there was no Apple AppStore and no one was complaining, but today we can’t imagine living without it (or its Blackberry or Android equivalent). You probably don’t need 500,000 apps, but don’t be surprised if you need 500 to realize the true power of secure mobile computing. Be careful not to underestimate this mobility trend.

5



The Necessary Migration to a Trusted Enterprise (using Trusted Computing)The cyber threat is increasing exponentially. What’s causing this ominous trend? The equally exponential explosion in networked devices, growing from less than 1 billion in 2005 to over 10 billion in 2010. Each of these devices is like an open door that malware threats are walking through with impunity. What’s worse, growth of the number of networked devices is only expected to accelerate, reaching 20 billion in the next four years. One of the biggest threats to enterprise networks is the un-trusted nature of these devices.

Traditional defenses are clearly no longer viable. So, how do we address this pervasive and accelerating problem? Trusted Computing technologies alone hold the promise to enable enterprises to be sure of the identity, configuration, and health of every device on their networks, closing the vast majority of the doors that threats enter through. Trusted Computing technologies use hardware-based security to establish trust in the devices we use every day.

Many of the standards and technologies for Trusted Computing exist today, developed over the last ten years by members of industry’s Trusted Computing Group (TCG). Moreover, NSA has proven the validity of these standards and technologies and is openly promoting the adoption and use of commodity-based Trusted Computing to protect National Security Systems. In September 2010, at the first annual NSA Trusted Computing Conference, NSA’s Michael Lamont, Chief of Network Solutions, said it bluntly, “…broad implementation of Trusted Computing technologies will dramatically improve cybersecurity. … Our new goal for government systems is to work to mandate the use of Trusted Computing technologies to harden commercial products, thus creating trusted devices.”

With Trusted Computing we are able to close the open doors—the devices we use every day—that are together the greatest threat to the network and the security of our data. With Trusted Computing we are simultaneously able to open a new world of possibilities, where information can be separated based on its sensitivity and access can reliably be granted based on trust.

Trusted Computing is a paradigm shift in cybersecurity and network, hardware, and software design. As you consider the computing devices you purchase, the network architecture you design and implement, and the future of your cybersecurity operations (the SOC, which will be part of your EEOC), consider the possibilities that Trusted Computing offers: Defeat threat vectors, enable unprecedented operational flexibility, be more compliant, and save money all at the same time. Five years from now, the Trusted Enterprise will be reality, but will you have one?

TRUSTED COMPUTING TENETS

Hardware Root of Trust Device Measurement Measurement Monitoring Long-term Protected Storage Process Separation Program Isolation

6



Client-side Virtualization: A New WorldMost enterprises are cutting costs and creating efficiencies with data center consolidation, server virtualization, and migration to the cloud. At the edge of the enterprise lies another pot of proverbial gold: the client machine. Desktop (or laptop) virtualization creates a far more secure and flexibly configurable user platform. Anyone who uses two computers at their desk will tell you the potential efficiencies in virtualization are huge, and anyone who has paid for the duplicate machines or the electric bill will tell you there’s money to be had in client-side virtualization.

Coupled with Trusted Network Connect (TNC) and secure virtual LANs—both components of a Trusted Enterprise—secure virtualization also offers a newfound ability to dynamically configure secure virtual networks on the fly. No cables to run. No hardware to install.

Imagine a world in which a new virtual network for a community of interest could be securely configured and deployed in seconds, and torn down just as fast. That’s all possible today.

7



About DMIDMI is a leading IT solutions and business strategy consulting firm. DMI provides services and solutions in Strategic Consulting, Desktop Management, Network Management, Enterprise Applications, and Cybersecurity. We are one of the fastest growing companies in the industry, with over 500 employees and 50 civilian, defense, and intelligence agency clients. The hallmark of our business is dedication to exceptional customer service and we’re proud of our Dunn and Bradstreet Open Ratings quality and satisfaction rating of 94/100. Our record of repeat business is enviable by any standard. DMI is headquartered in Bethesda MD, with satellite and project offices throughout the world.

At DMI, we focus on “enterprise transformation”—the strategic application of innovation to create newfound economies, efficiencies, savings, and value for our government and commercial clients and their customers. We offer market-making thought leadership and the proven ability to deliver solutions to the most vexing problems facing enterprises today.

We have a dedicated Innovation Office designed to seek and bring new concepts and technologies to our clients. In the summer of 2011, we opened a state-of-the-art DMI Innovation Center in the heart of Washington, D.C. At the DMI Innovation Center you can learn, experience, and get your hands dirty with an increasing array of new technologies and solutions like many of those described above. See secure mobility in action. Learn what’s possible with Trusted Computing. And soon, experience the future of integrated, automated cybersecurity monitoring operations. You are cordially invited.

For more information, contact DMI: Andy Musliner, Chief Technology & Innovation Officer, [email protected], 240.223.4809.

DMI One Rock Spring Plaza6550 Rock Spring DrBethesda, MD 20817

DMInc.com [email protected]

©2012 Digital Management, Inc. All right reserved.

game changing it solutions

Documents