Secure Infrastructure Enables Collaboration for Aerospace and Defense Firms

Overview
Country or Region: United States Industry: Professional servicesIT services Customer Profile Exostar provides identity management, collaboration, and supply chain software solutions for aerospace and defense customers. The Herndon, Virginiabased company serves 40,000 companies worldwide. Business Situation The companys ForumPass collaboration product had an inflexible security architecture that made it difficult to use and did not conform to customer needs. Solution Exostar overhauled ForumPass using Windows Server 2008, Active Directory Federation Services, Microsoft Office SharePoint Server 2007, and Microsoft Forefront Security for SharePoint to give the product greater ease of use and security flexibility. Benefits Tight security increases confidence Flexible collaboration attracts users Improved regulatory compliance Reduced project costs Lower development and licensing costs

Because of the high level of security weve been able to deliver, ForumPass 4 helps reduce the cultural resistance to sharing information.
Vijay Takanti, Vice President of Security and Collaboration Solutions, Exostar

Exostar was established in 2000 by five of the worlds largest aerospace and defense companies as a central hub for information exchange. As projects began to involve more trading partners, Exostar sought to create a cross-enterprise collaboration solution to meet the highest security levels while also accommodating less stringent cross-enterprise information exchanges. The result was ForumPass 4, based on Microsoft Office SharePoint Server 2007, Active Directory Federation Services, and Microsoft Forefront Security for SharePoint, which delivers an easy-to-use collaboration environment with multiple security levels. Customers have increased their information sharing, improved regulatory compliance, and accelerated project completion. Using Microsoft technologies, Exostar released its solution to market in just nine months and reduced development costs by 50 percent.

Our key security requirements included the ability to provide a range of security levels for information exchange and the ability to identify users based on public-key certificates.
Vijay Takanti, Vice President of Security and Collaboration Solutions, Exostar

Situation
Exostar is a leading provider of solutions for secure information sharing, collaboration, and business process integration across extended value chains. Exostar was originally founded in 2000 by five aerospace and defense companies to support their complex supply chain and security requirements. Today, the companys identity assurance products and on-demand business applications reduce risk, improve agility, and strengthen trading relationships for more than 40,000 companies worldwide. Exostar customers frequently work with one another and with their trading partners on projects that require high levels of security. When BAE Systems, Boeing, Lockheed Martin, Raytheon, and Rolls Royce launched Exostar, the original idea was to use Exostar as a central hub to share routine business documents, such as purchase orders. Over time, it became apparent that the network effect was at work. Exostars supplier community could be leveragedcombined with state-of-the-art securityto support higher-level information exchanges and more collaborative process management, delivered in a shared, multitenant service. Plus, the aerospace and defense industry has seen a rise in partner-driven, outsourced manufacturing and collaborative projects, which require higher degrees of cross-organizational security. In 2001, Exostar created a secure collaboration tool called ForumPass to meet these needs. ForumPass allowed customers to join secure workspaces for the purpose of sharing documents, proposals, designs, and processes. Exostar used a commercial off-the-shelf (COTS) product design (PDM) content and process management software as its original collaboration engine for ForumPass. However, Exostar had to customize this

software to accommodate a range of security requirements, which made the software expensive to maintain and difficult to use. Also, this software was not integrated with Microsoft Office programs that employees used every day, which discouraged use. Because of these problems, many customers who could have benefited from ForumPass opted not to use it. Exostar wanted a more flexible tool that would accommodate a range of business scenarios and security levels, including changes over time to security requirements from the U.S. Department of Defense and other agencies.

Solution
In 2006, Exostar reviewed the commercial collaboration software market and decided to evaluate Microsoft Office SharePoint Server 2007, the latest version of its current software, and other leading platforms. Exostar ultimately selected Office SharePoint Server 2007 because of its sophisticated, yet flexible security options and the fact that most ForumPass customers already used it. We knew that the task of training 4,000 users who were transitioning from an older application would be minimized by using a collaboration engine that was familiar to most of our customers, says Vijay Takanti, Vice President of Security and Collaboration Solutions at Exostar. Easy to Use and Secure Exostar liked the fact that Office SharePoint Server 2007 was tightly integrated into, and supported by, Microsoft Office Professional 2007 and the Windows Vista and Windows Server 2008 operating systems. This integration meant that ForumPass customers would be able to maximize the value of their existing infrastructures and take advantage of the cross-boundary

No matter how [users] customize ForumPass 4, the same strong security features remain integral to the site, which is critical.
Vijay Takanti, Vice President of Security and Collaboration Solutions, Exostar

security features provided by Active Directory Federation Services. Multilevel Security System Choosing a new collaboration engine for the next version of ForumPass, called ForumPass 4, was only part of the challenge. To meet the high security standards of the aerospace and defense industry, Exostar needed to create a secure front end that would protect even the most confidential information as it crossed company borders. For this, Exostar combined Microsoft identity and security solutions by using Active Directory Federation Services to authenticate users from partner organizations and Microsoft Forefront Security for SharePoint to ensure that documents residing on ForumPass 4 did not contain out-of-policy content or malicious software. Using Active Directory Federation Services, Exostar customers could provide seamless authentication that would make ForumPass 4 appear as a solution within their own enterprises. Active Directory Federation Services would also enable Exostar to offer ForumPass 4 as a cloud service. Our key security requirements included the ability to provide a range of security levels for information exchange and the ability to identify users based on public-key certificates, Takanti says. Exostar created three different authentication profiles for ForumPass 4: Core - Users require only a user name and password to authenticate and check files in and out of the site. Sensitive - Users need a user name, password, and a basic assurance certificate to authenticate and check out files. Files are encrypted while at rest. Restricted - Users require a user name, password, high-assurance public-key certificate, and higher-level network

security to check out files. Files are encrypted while at rest. In addition, Exostar deployed logical security compartments that are differentiated by security level, and designed Office SharePoint Server 2007 site templates that embed the appropriate security policies. This makes it easy for customers to choose a site template based on the risk profile of the resources stored in that site. For example: A core site template might be selected by a customer building a site to share information that is considered company confidential. A sensitive site template might be selected by a customer building a site to share information that is marked company highly confidential but is not governed by regulatory policies. A restricted site template might be selected by customers building a site to share information that is marked company highly confidential and must meet government policies in areas such as export control.

Exostar is working to automate template selection to further ease the user experience and automate protection strategies. Exostar would use data-marking to force the level of protection based on the security of the document in use. Exostar also built an identity provider cloud service called Managed Access Gateway that manages issuance of credentials, and is available to all Exostar customers (currently used by close to 100,000 individuals). Managed Access Gateway enables customers to set up an account in ForumPass 4 and manage their user accounts for single sign on access. These credentials can be user IDs and passwords based on a specific aerospace and defense

Because of the high level of security weve been able to deliver, ForumPass 4 helps reduce the cultural resistance to sharing information, which is especially entrenched in the defense industry.
Vijay Takanti, Vice President of Security and Collaboration Solutions, Exostar

policy, X.509 certificates based on limited user identity verification, and X.509 certificates based on a personal meeting with the end user and verification of identity credentials such as a passport. The identity provider service uses Active Directory to store user account data. The X.509 certificate life cycle management is managed using Microsoft Certificate Services. In addition to Managed Access Gateway, Exostar offers another sign on method called Enterprise Access Gateway. Enterprise Access Gateway enables customers to present their internal network logon credentials to Managed Access Gateway for transparent single sign on access to applications in the Exostar Trusted Workspace. It uses Active Directory Federation Services to connect ForumPass 4 with an organizations existing identity federation implementation. Employees simply select the individual with whom they want to collaborate, whether inside or outside their organization, and ForumPass 4 directs them to the appropriate SharePoint site. Customizable Sites What makes ForumPass 4 compelling to aerospace and defense companies is its blend of tight, flexible security and its ease of use. Users couldnt customize their collaboration sites before, but now they can meet a range of functional needs, Takanti says. No matter how they customize ForumPass 4, the same strong security features remain integral to the site, which is critical. If security policies are hard to follow, users will ignore or circumvent them. The ForumPass 4 QuickStart feature draws on Exostars extensive experience with aerospace and defense usage scenarios to enable users to quickly set up a

collaboration environment, set up groups, configure libraries, and fine-tune calendar functionality. Prebuilt aerospace and defense industry workflow templates for reviews, approvals, collection of feedback, and notifications capture and automate best practices for crucial business processes. The ForumPass 4 MyWorkspace feature enhances user productivity by presenting meetings, tasks, alerts, and discussions across all relevant projects in a single location.

Benefits
Through the combination of a Microsoft collaboration portal and a Microsoft-based identity and security infrastructure, Exostar offers a flexible and highly secure collaboration solution to aerospace and defense companies. The ease of use encourages broader usage, which increases efficiency among trading partners. Customers have found that using ForumPass 4 improves regulatory compliance and enables them to complete projects sooner. For its part, Exostar saved money by reducing development time and licensing costs. Tight Security Increases Confidence In ForumPass 4, Exostar has created a fullfeatured collaboration solution that can be used in the highly secure aerospace and defense industry for cross-company information sharing. Because of the high level of security weve been able to deliver, ForumPass 4 helps reduce the cultural resistance to sharing information, which is especially entrenched in the defense industry, Takanti says. These managers are used to protecting data. With ForumPass 4, weve been able to encourage a culture of confident sharing. Takanti notes that the aerospace and defense industry has experienced a

We reduced our internal development efforts by 50 percent by going with Office SharePoint Server 2007 and eliminating the need for extensive IT customizations for every customer.
Vijay Takanti, Vice President of Security and Collaboration Solutions, Exostar

paradigm shift over the past few years, with a rise in outsourcing and collaborative ventures increasing the need for secure, cross-border information sharing. As the number of project constituents grows, so does the need for timely and secure knowledge sharing, Takanti says. ForumPass 4 provides businesses with the functionality, scalability, and performance they require to effectively share information internally and with their partners, suppliers, and customers. As a result, complex programs and projects with global constituents remain on schedule and on budget, while sensitive documents and data receive ironclad protection. Flexible Collaboration Attracts Users The enhancement of ForumPass 4 with a more flexible and secure collaboration infrastructure has allowed Exostar to attract more users and meet a wider range of customer needs. Since deploying ForumPass 4 in September 2008, usage has grown from 4,000 users to 8,500 users across 170 organizations. We attribute this growth to the expanded features and functionality delivered by Office SharePoint Server 2007 and the Microsoft identity and security infrastructure, Takanti says. Plus, with Active Directory Federation Services, we can offer ForumPass 4 as a cloud service, which further simplifies access. With our single sign on access, we expect to attract even more users. Ultimately, we expect a user base of 15,000 in 2009 and 50,000 users by 2010. Some of our businesses already use Office SharePoint Server as their internal collaboration tool, adds Richard West, Head of Knowledge Sharing and Collaboration at BAE Systems, an Exostar customer and ForumPass 4 enthusiast. The ability to use the same tool set to collaborate with partners is a huge benefit. It dramatically decreases our training time

and increases our return on investment. With Enterprise Access Gateway, we expect our number of ForumPass 4 users to increase to 2,000 users or more. The growth in usage stems as much from the products security flexibility as its ease of use. Im personally working on a project that involves 10 different companies, Takanti says. Although the information is sensitive, participants are more than happy to share documents using just a user name and password. On another ForumPass 4 site, six aerospace companies are preparing a joint proposal for a customer and insist that every person accessing the site uses certificates approved by the U.S. Department of Defense. ForumPass 4 satisfies both scenarios at the right price. Using a proven, secure collaboration service like ForumPass 4 provides a repeatable and validated means of rapidly deploying large, multiparty projects. It provides approved processes for onboarding users, providing the correct level of credentials, and protecting data. Exostar customers are discovering different uses for ForumPass 4 all the time. Company trainers are discovering ForumPass 4 as an ideal way to share educational information. Other employees are attracted to wikis and blogs, automatic version control, and integrated search, all of which are integrated into Office SharePoint Server 2007 and thus automatically available to ForumPass 4 users. Improved Regulatory Compliance Aerospace and defense companies must make sure that their processes and policies comply with a variety of U.S. federal regulations, such as International Traffic in Arms Regulations (ITAR). ForumPass 4 helps here, too. We must demonstrate compliance with federal policies, says West

We must demonstrate compliance with federal policies. With the access control capabilities built into ForumPass 4, we have the tools to monitor and audit all workflow activities.
Richard West, Head of Knowledge Sharing and Collaboration, BAE Systems

of BAE Systems. With the access control capabilities built into ForumPass 4, we have the tools to monitor and audit all workflow activities. Exostar uses the standard auditing tools in Office SharePoint Server 2007 to monitor workflows and Forefront Security for SharePoint to screen content. Reduced Project Cycles Lower Costs The use of ForumPass 4 helps Exostar customers shorten project cycles and thus meet deadlines and save money. On one project, we are saving $237,000 annually on reduced cycle time by running the business processes through ForumPass 4, West says. BAE Systems also expects to reap time savings across the organization by helping employees find information faster and more easily. "We have hundreds of terabytes of data across the organization," West says. "ForumPass is one of the tools that helps us to efficiently structure and search this information." The real savings comes from customers ability to reuse the secure ForumPass 4 collaboration environment on multiple projects. Because ForumPass 4 is delivered in a multitenant environment with validated security levels, it gets exponentially cheaper with each new project, Takanti says. Our customers get additional value with each new usage, because they are able to reuse the proven environment that has been proven and audited by their security teams. Development, Licensing Costs Reduced Exostar completed its extensive overhaul of ForumPass in just nine months. By saving time, Exostar also saved money. We reduced our internal development efforts by 50 percent by going with Office SharePoint Server 2007 and eliminating the need for extensive IT customizations for

every customer, Takanti says. The IT staff provided a quick-start guide to users along with a set of site templates. Customizations required lots of work in the previous collaboration product but were relatively easy with Office SharePoint Server 2007. With the time it saved on ForumPass 4 development, Exostar redirected its IT staffs focus toward creating new business services. Exostar also benefitted from the pricing model of Office SharePoint Server 2007. Microsoft developed a pricing model for Exostar that gives it the freedom to cost effectively scale usage. Exostar continues to develop and improve ForumPass 4. It is working with the Transglobal Secure Collaboration Program, a government-industry partnership focused on secure information exchange in the aerospace and defense industry, to define policies for managing document markings using information rights management within a collaborative environment.

For More Information

For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 4269400. In Canada, call the Microsoft Canada Information Centre at (877) 5682495. Customers who are deaf or hardof-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com For more information about Exostar products and services, call (703) 5610500 or visit the Web site at: www.exostar.com

Windows Server 2008

Windows Server 2008, with built-in Web and virtualization technologies, enables you to increase the reliability and flexibility of your server infrastructure. New virtualization tools, Web resources, and security enhancements help you save time, reduce costs, and provide a platform for a dynamic and optimized datacenter. Powerful new tools like IIS 7.0, Server Manager, and Windows PowerShell, allow you to have more control over your servers and streamline Web, configuration, and management tasks. Advanced security and reliability enhancements like Network Access Protection and the Read-Only Domain Controller option for Active Directory Domain Services harden the operating system and help protect your server environment to ensure you have a solid foundation on which to build your business. For more information, go to: www.microsoft.com/windowsserver2008

Microsoft Identity & Access Portfolio

For more information about Microsoft identity and access products go to: www.microsoft.com/ida

Federated Identity
Active Directory Federation Services provides the interoperability required to simplify the broad, federated sharing of digital identities and policies across organizational boundaries. To learn more go to: www.microsoft.com/windowsserver2008/en /us/ida-federated-identity.aspx

Microsoft Forefront
The Microsoft Forefront line-of-business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. To learn more go to: www.microsoft.com/forefront

Forefront Security for SharePoint

Microsoft Forefront Security for SharePoint protects Office SharePoint Server 2007 and Windows SharePoint Services 3.0 from malware and inappropriate content. To learn more go to: www.microsoft.com/forefront/serversecurit y/sharepoint/en/us/default.aspx

Software and Services

Microsoft Server Product Portfolio Windows Server 2008 Microsoft Forefront Microsoft Forefront Security for SharePoint

Microsoft Office Microsoft Office SharePoint Server 2007 Technologies Active Directory Federation Services

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Document published April 2009