National Aeronautics and Space Administration IT Talk July - September 2012 Volume 2 • Issue 3 SAFEGUARD YOUR DATA Balancing IT Security www.nasa.gov IT Talk July - September 2012 Volume 2 • Issue 3 IT Talk In this Issue Jul - Sep 2012 Volume 2 • Issue 3 Balancing IT Security Office of the CIO NASA Headquarters 300 E Street, SW 3 www.nasa.gov Message from Washington, D.C. 20546 the CIO Chief Information Officer Linda Y. Cureton OCIO Chief of Staff John Hopkins Editor and Publication Manager 4 ICAM Modernization Eldora Valentine Project Slated for Graphic and Web Design Michael Porterfield FY2013 IT Talk is an official publication of the Office of the Chief Information Officer of the National Aeronautics and Protecting and Space Administration, Headquarters, Safeguarding NASA Washington, D.C. It is published by the OCIO office for all NASA Information and employees and external audiences. 6 Information Systems For distribution questions or to suggest a story idea, email: [email protected] To read IT Talk online visit: Safeguarding Data nasa.gov/offices/ocio/ittalk 7 at NASA Centers For more info on the OCIO: v www.nasa.gov/ocio v insidenasa.nasa.gov/ocio (Internal NASA network only) v www.nasa.gov/open/ 12 I3P facebook.com/NASAcio twitter.com/NASAcio Updates Decommissioning Spacebook By Sarah Rigdon, OCIO-NASA Headquarters Think back three years. In mid-2009, Message from enterprise-scale social media services were not what they are today, yet the CIO many large organizations were already aware of social media’s low cost ability By Linda Cureton to address collaboration needs. Goddard Space Flight Center (GSFC) saw the potential for social media but did not see many third-party applications that met them. Social media could improve business processes, encourage collaboration and information sharing, and The Agency is responsible for maintaining the security of build their community of stakeholders and all of its systems and data to prevent malicious activity and partners. Projects most often fail because thwart any sabotage of important assets. Recently I had to of barriers to communication. Social testify on Capitol Hill regarding theft of an unencrypted NASA media provides a space to communicate notebook computer that resulted in the loss of sensitive in ways that teams otherwise would not data. An impact assessment determined that the loss of that be able to do. Also, NASA’s innovation data did not create an increased risk or vulnerability. It was stands to benefit from platforms that also concluded that the loss of the data contained on the facilitate the intersection of disciplines. laptop did not impact any NASA mission operations. Emma Antunes, Web Manager at GSFC, Each employee must do their part to protect data. If you were created the homegrown Spacebook social to lose your Government smartphone, iPad, or laptop, what network. It featured user profiles, group would go through your mind first? Someone now has access workspaces (wikis, file sharing, discussion to all my important data, my photos? My boss is going to be forums, groups), and social bookmarks. It really mad, and it’s going to cost a lot to replace? How about was especially useful for small teams that the realization that someone now has access to all your work needed to collaborate without emailing files and can do real damage that could harm NASA? larger groups. And it was all developed using existing contracts, IT resources, and staff. NASA takes the issue of IT security very seriously, and we have made significant progress to better protect the In the past three years, the pace at which NASA users have adopted Spacebook is Agency’s IT systems. In this issue we’ll explore how our inverse to the pace at which third-party NASA Centers are going the extra mile to safeguard data. companies have launched enterprise social —Linda networking products. Spacebook has provided valuable lessons in user adoption. The OCIO decommissioned Spacebook on June 1, 2012, and is archiving all user accounts and content. John Hopkins, OCIO Chief of Staff, sees the positive side. “Something that we often fail to do in government is…to not close [applications] when they cease to be viable,” he said. Emma Antunes agrees: “We need to be agile and not be wedded to any one thing.” In shutting down Spacebook, NASA uses the lessons learned to build better tools and make better use of existing resources. v NASA OCIO IT Talk July-September 2012 3 ICAM Modernization Project Slated for FY2013 By Kim Edmondson, MSFC NASA’s Oracle Sun Product Suite 5-year plan in order to reach will begin fiscal year 2013 with a consists of the Identity Manager, this requirement. The Sun targeted completion prior to the end Access Manager, and Sun One Product Suite replacement is of that fiscal year. Implementation will Directory. The suite currently one aspect of NASA’s plan. include installation and configuration provides all of NASA with Identity of the replacement architecture, Innovative technologies that Management and Account ҆ migration of system integrations, Exchange (IdMAX) workflows for reduce the total cost of ownership, and migration of business process Identity, Credential, and Access specifically operational costs. workflow and data. Ing said, “Center Management (ICAM), eAuthentication ҆ Cutting-edge technology for representatives will be required to for access of applications and the long-term infrastructure. participate in the project via design Launchpad for user profiles, and the reviews and user acceptance tests.” NASA Enterprise Directory (NED). ҆ Improved user experience. NASA’s future ICAM capabilities, End-User Experience be it operations and maintenance ICAM Modernization Project End users will have an improved or required enhancements, are The NASA Enterprise Application experience using a Web 2.0 user dependent on continued product Competency Center (NEACC) interface that allows pop-up screens support. NASA’s current premier provides the internal operational and for ease of use. “The look and feel support contract with Oracle for the enhancement services of the Sun will be different than today, and it will Sun Product Suite will end in 2014. Product Suite for NASA. The NEACC be more of a mobile solution with The ICAM Working Group, led jointly has been tasked by the ICAM Working an anytime, anywhere capability for by NASA’s Office of Protective Group to begin preparation activities some services. To get prepared for Services and Office of the Chief for the ICAM Modernization Project, this future change, end users need to Information Officer, has determined which is a high priority for the Agency. be attentive to communications that that it is time for the Sun Product Suite The NEACC’s Sharon Ing, ICAM the project should begin distributing to be replaced. The replacement suite Modernization Project Manager says early Spring 2013,” said Ing. will provide NASA with the following: “the project’s main objectives during Look for NEACC’s “About Us” on ҆ Alignment with the Federal ICAM the formulation phase will be to define https://bReady.nasa.gov in the Roadmap (M-04-04, M-05-24, NASA’s requirements and select months to come for more details on M-11-11). This alignment has a the Sun Product Suite replacement this new NASA project. For more 5-year window for compliance; product by the end of fiscal year information about ICAM services, NASA has developed an ICAM 2012.” The implementation phase check out https://icam.nasa.gov. v Examples of Sun Product Suite capabilities currently utilized at NASA. 4 www.nasa.gov Enabling NASA’s Mobile Workforce By Securing Application Data By Jane Maples and Kellie White, MSFC-CIMA Do you currently use a mobile ҆ Allows mobile devices device to access applications or outside of NASA locations Web sites? Have you ever stopped to access protected NASA to consider whether the information services and data. you are sending and accessing is ҆ Offers full whitelist and secure? What if you misplaced your blacklist filtering by user, phone for a period of time, or worse, device, application, application what if you lost it? Will unauthorized version, and Center. individuals be able to access those applications installed on your mobile ҆ Provides secure Web proxy device and initiate transactions on services for the CIMA mobile application *Web wrapper, your behalf? NASA’s Center for allowing wrapped Web sites to Internal Mobile Applications (CIMA) be accessed by mobile devices has worked to ensure the security outside of NASA locations. of data exchanged via any CIMA- provided mobile application. CIMA The Secure Mobile Access Point implemented by CIMA is effective relies upon Mobile Application responses. CIMA’s MAM solution is in securing the mobile application, Management (MAM), as opposed to looked upon as a viable approach but CIMA’s efforts don’t stop there. Mobile Device Management (MDM), for those agencies not requiring Currently, CIMA is working with to secure the mobile application. the mobile device to be locked Furthermore, an in-house-developed the ICAM team to further enhance the security of the installed mobile down for security concerns, such Secure Mobile Access Point (SMAP) as law enforcement agencies. and secure Identity, Credential, applications by implementing and Access Management (ICAM) an ICAM certificate–based In addition to CIMA’s proven services are leveraged for authentication for mobile devices. security approach, CIMA also authenticating and accessing all This additional security measure offers a vast array of mobile is expected to be deployed at CIMA mobile applications. This app consulting, development the end of the calendar year. multilayered security approach relies and hosting, and distribution upon Launchpad for authentication While other Federal agencies are services. CIMA’s catalog of mobile and an application-level personal struggling with the idea of Bring application services and products identification number (PIN) for Your Own Device (BYOD) and enable an organization to extend accessing CIMA-hosted mobile how to manage those devices, key enterprise information and applications.