US Navy hires Securify to manage legacy apps risk

The US Navy has awarded a $5.8m contract to Californian company Securify to help it integrate thousands of legacy applications...

The US Navy has awarded a $5.8m contract to Californian company Securify to help it integrate thousands of legacy applications into its multibillion-dollar Navy/Marine Corps Intranet (N/MCI) program.

The two-year deal will give the navy unlimited use of Securify's SecureVantage security management product. The goal is to ensure that all of the navy's networks, including applications and shipboard networks, comply with the more robust security policies put in place by the N/MCI contract. 

The navy awarded the $6.9bn N/MCI contract in 2000 to Electronic Data Systems. Among the challenges that have threatened the health and stability of the contract has been the existence of tens of thousands of applications which, if moved into the intranet, would expose the navy to security vulnerabilities. 

The total number of legacy applications now stands at 30,000, and of those, 12,000 have been either approved or approved with restrictions to operate in the N/MCI environment. The navy hopes to get the total number of applications it uses down to 5,000 in the coming months. 

The deployment of the Securify product will help the navy with the faster integration of existing applications - the majority of which still sit on servers located outside of the N/MCI. From 1October, all new applications deployed by the navy's units must comply with stringent N/MCI security requirements. 

Steve Vetter, director of strategic planning for the N/MCI program at EDS, said the key issue facing the navy - and the driving factor behind the decision to opt for SecureVantage - is the need for enough information about the security of various legacy networks and applications that good decisions can be made about which applications to allow inside the N/MCI environment. 

For now, the navy is moving to deploy 65 enterprise SecureVantage monitoring points, which are PC-based platforms running on Red Hat Linux. The typical deployment location for the monitoring point is behind the firewall. 

SecureVantage focuses on expected good behaviour of network traffic, and will provide the navy with important statistical information about which regions in its global network are integrating faster. It will also provide the navy and EDS with data on which applications are proving most difficult to integrate. 

Dan Verton writes for Computerworld

Read more on IT risk management