iWay Integration Solutions Meet the Homeland Security Challenge

What lessons have we learned from the horrific events of 9/11? Certainly we now possess a heightened awareness of the need for an integrated, collaborative approach to threat management. That means generating actionable information from new or existing sources, and getting that information into the hands of the people who need it – when and how they want it.

The need for integrated and collaborative security exchanges is as clear and immediate as today's headlines. Leaders of intelligence, law enforcement, and other agencies must determine the best way to use major new budget appropriations that target this need.

Such collaboration requires integrated processes and information systems – so much so that Sandy Berger, former National Security Advisor, said, "If I were Tom Ridge, the first dollar I would spend would be on data integration." But no one should underestimate the challenges involved in creating an integrated, collaborative network of different information systems, agencies, and processes. For true interagency collaboration, any solution must help all agencies' current and planned information systems to act as a coherent unit. For example, security organizations such as the FBI, the Immigration and Naturalization Service (INS), Bureau of Alcohol, Tobacco, and Firearms (BATF), the CIA, and state police agencies, already have processes to monitor, track, and apprehend criminals and suspicious parties. These processes would be far more effective if they had immediate access to information that may be the responsibility of another agency, state, or even country.

It sounds conceptually simple, but it's really a very difficult policy and technology puzzle. Law enforcement and intelligence agencies are struggling to solve it. Integration within a single organization is hard; interagency integration can be orders of magnitude harder.

This article describes the iWay Security Exchange (iSE), which uses integration technologies from iWay Software and iWay's partners to meet the imperative for a collaborative framework to enable government, law-enforcement, and private industries to independently protect and manage secure information, yet exchange information of common interest between disparate systems and deliver it to the point of impact via the Web, portals, or handheld devices. Such exchanges of existing security information need to take place across department, agency, and even national boundaries – all while enforcing security rules within and between the independent organizations involved. This article will discuss such challenges of security and homeland defense integration, such as preserving agency independence, maintaining privacy and security safeguards, streamlining the creation of collaborative processes, utilizing existing IT assets, information delivery, and handling new security technologies such as biometrics and face recognition.

Figure 1: iSE includes tools for integrating in any of the three scenarios described above – data consistency (top), composite applications (center), or straight-through processing (STP, bottom) – plus tools for managing content generation, portals, and data that work across the entire integrated government solution.		Figure 2: iWay ETL Manager's Extraction, Transformation, and Load (ETL) tool user interface uncomplicates the creation and maintenance of new data warehouses and marts from secure, proprietary data stores at different government agencies.

Collaboration: The Imperative to Integrate

The Gartner Group has identified three major approaches to security integration. Each of these approaches has both broad advantages and disadvantages:

	Data Consistency – Relies on a central information repository, often called a "data warehouse," which is periodically refreshed with data from a variety of information systems.
	Composite Applications – These applications transparently connect to existing applications in real-time, so users can fulfill tasks.
	Straight-Through Processing (STP) – Centrally manages a process through a series of clearly defined steps, each owned by the most appropriate organization. This is the most important integration approach for managing collaboration across security, intelligence, and law-enforcement agencies.

Integration technologies play an essential role as a foundation for each type of collaboration. They're built using components like middleware, Enterprise Application Integration (EAI) tools, messaging and queuing (MQ), and Extraction, Transformation, and Load (ETL) operations. Often several types of integration technologies are used for these collaborative environments.

iWay Security Exchange (iSE) supports all three major integration approaches with award-winning technologies and solutions crafted by iWay Software and Information Builders: data consistency with ETL tools, composite applications with real-time Java- or XML-based exchanges, and straight-through processing methods. In addition, iWay's Intelligent Adapters enable access to virtually any application, data source, network transport, or integration tool in an environment. Because these adapters are shared across all three integration tools, they reduce the iSE's development and maintenance costs.

Now let's consider the relative merits of the three primary approaches to integrated security: Data consistency, composite applications, and straight-through processing.

Data Consistency

Data warehouses, data marts, operational data stores, and reporting databases are all platforms that provide data consistency in a collaborative security process. Other uses include application reconciliation and batch processing. Data consistency is the most common form of integration, comprising about 80 percent of all the projects done today.

Data consistency involves making copies of sets of data on a scheduled basis, to ensure that data in one application is reflected correctly in another. It's analogous to bulk postal mail where all the data is sorted at the post office, organized neatly, and then delivered once a day to most locations. With data consistency, all data is extracted by the ETL tool, organized and aggregated, and then delivered to the target database at scheduled intervals. The data consistency approach offers the proven benefits of data warehouse-type solutions:

"One Version of the Truth." Data from multiple databases can be correlated before loading into a data warehouse or data mart, reconciling apparent differences among reports.

Optimized performance. Data is removed from operational systems, so it can be staged in a way that makes common reports and queries more efficient.

Protects key resources. Data consistency solutions limit the performance impact on operational systems by moving heavy reporting workloads to warehouse platforms.

Easy to query. Because data is loaded into spreadsheet-like tables, users can easily understand and query the information without going through obscure structures and hierarchies.

Centralized administration and security. With all information ultimately stored in a single database, one team can manage all security and administration for the data.

Balanced against these advantages, however, are disadvantages such as data latency – including the lack of real-time access – along with serious issues of data ownership and accountability, as well as legal and political constraints of the Patriot Act, which forbids merging data about citizens and non-citizens into a single database.

Figure 3: iSE makes it easy to map information from a set of sources to a set of targets, regardless of types		Figure 4: A process flow within iSE's straight-through processing tool. Each box on the screen is an application or government agency accessed within the flow.

Composite Applications

Composite applications are created from other applications. Data doesn't reside in its own database – it is instead managed by the individual applications that control it. Composite applications usually function in real-time and frequently use a Web browser as the user interface.

This approach is analogous to a series of telephone calls where people (or fax machines, modems, etc.) communicate in real time with immediate feedback. If one person, fax, or modem goes offline, effective communication stops. Similarly, if an underlying application goes offline, the composite application ceases to function normally and must have some sort of backup. With high-availability components, the composite approach delivers important benefits:

Real-time integration. Because they use other production applications as building blocks, composite applications can always use the same data as the application of record.

Reuse validation and business logic. Composite applications take advantage of validation logic and business logic of underlying applications, reducing overall development time lines and maintenance costs.

Respects Patriot Act restrictions. Data doesn't have to be written physically to a database, so citizen and non-citizen data can be merged in real time for intelligence, tracking, or threat identification.

Better ownership, security, and compartmentalization. Since underlying applications remain under the control of organizations that own them, the information used is still under their control, too. If necessary, composite applications can decentralize compartmentalized data to give control to people who need it.

But there can be drawbacks. Composite applications lack "One Version of the Truth" when real-time processing doesn't reconcile significant semantic differences among systems. They can also malfunction when one or more application components aren't online and ready to work, and they contend for resources on important operational systems.

Straight-Through Processing

Straight-through processing (STP) uses messaging and a central "integration broker" to automate step-by-step processes and coordinate the activities of many different application components. As a result, STP applications function in near real-time because their components don't need to be running and available in order for the process to work.

Straight-through processing can be considered analogous to email. With email, the sender and the receiver do not have to be online simultaneously. The sender sends his email to a central server, which then waits until the receiver is online and then immediately delivers it. With straight-through processing, events are controlled by the integration broker, which manages system interactions even if some applications are down or sluggish because of a heavy workload. The resulting benefits include: Robust processing. Because STP processes use integration brokers that handle application failures, slow response times, and other issues easily, they support highly reliable applications with built-in recovery.

Data ownership. STP processing respects the integrity of its component applications, so data security and ownership protocols are maintained more easily.

Agency independence. Each government agency or organization can retain its own internal process as it determines how to respond to messages.

Better security and legal compliance. STP applications facilitate clear data ownership and agency independence. At the same time, citizen and non-citizen data is not stored in databases, so legal compliance is preserved.

Flexible application design and maintenance. Since STP application processes are loosely integrated, it's easy to modify them to incorporate new agencies, divisions, or applications.

On the downside, STP applications can be complex and expensive to implement, although iWay Security Exchange's messaging, integration broker, and adapters offer high-quality, off-the-shelf components that keeps this type of solution very cost-effective.

iWay Software and Information Builders

As the integration-technology subsidiary of Information Builders, iWay Software enjoys considerable success and trust among federal, state, and local IT establishments. Agencies who have won government technology awards using iWay Software include the Federal Emergency Management Agency (FEMA), U.S. Department of Agriculture (USDA), U.S. Postal Service (USPS), State of Pennsylvania Uniform Crime Reporting (UCR) system, and many others.

For more information on iWay Security Exchange solutions and services, visit us at http://www.iwaysoftware.com/securityexchange.

Ed.: Federal Computer Week ran a related piece recently titled, "Info Builders targets info sharing" . . . to view the article in its entirety go to http://www.fcw.com/fcw/articles/2002/0401/tec-info-04-01-02.asp