The contemporary business world devotes a substantial amount of resources to data—more specifically, to the implementation of procedures and accessories devoted to accumulating it, analyzing it, and safeguarding it in a way that conforms to the organization’s various operational requirements. It goes without saying that these tasks should be entrusted to high-quality data storage and processing equipment, but finding the right hardware and software in an overcrowded marketplace is far from a straightforward endeavor.
There is a way through this maze of choices, however. By selecting hardware and software used in military and governmental applications, you can be assured that your data storage systems conform to the most cutting-edge requirements in performance.
That’s because these GSA-contracted and SEWP-contracted products aren’t simply random off-the-shelf merchandise, nor are they solely for governmental use. They are manufactured by private companies that, in order to maintain their standing as suppliers to the government, are expected to comply with strict rules and regulations in the creation of their products and services. A company’s products can be approved for governmental applications only after passing these stringent tests.
In the U.S. government, the acquisition of goods and services for use by federal agencies is a process closely regulated by the General Services Administration (GSA), which awards contracts to companies that meet its standards. Information technology products are generally covered by a specialized type of contract called Solutions for Enterprise-Wide Procurement (SEWP).
For today’s enterprises, GSA- and SEWP-contracted network-attached storage (NAS) devices and systems offer the best possible solution for their data-management needs. To understand why this is so, it’s important to grasp the growing importance of NAS in the business sector and the need for data management systems that meet the uppermost standards of reliability.
How Modern Organizations Use Network-Attached Storage (NAS)
NAS storage has proven to be a powerfully effective solution for maintaining and making available a wide variety of unstructured data in a secure yet easily accessible manner. For many organizations, NAS provides an acceptable compromise between direct attached storage (DAS), which is dependent on a single device, and a storage area network (SAN), which typically requires a substantially larger investment in devices and office space to accommodate them.
Consequently, NAS storage has found favor in a diverse array of organizations, particularly mid-sized businesses, as well as private individuals who seek a reliable method of preserving data.
Common applications for NAS storage include but are not limited to the following:
Military aircraft and platforms have found NAS an increasingly useful alternative to traditional direct attached storage solutions. One of the main advantages of NAS in a military context is its capacity to reduce size, weight, and power (SWaP) footprints by allowing for the use of a single storage device, rather than multiple installations. In addition, NAS storage capacity can be easily expanded when needed. These considerations are especially important for military aircraft that are subject to extremely strict weight requirements.
More portable than DAS solutions, NAS devices are easier to remove from aircraft and platforms that are not in operation. NAS also simplifies software configuration processes by enabling an entire craft or platform to boot directly from a single device.
Hospitals and other healthcare industry participants are beset by a number of chronic operational problems. For example, the burden associated with properly storing and securing protected health information (PHI); this data is highly sought-after by cybercriminals because it is fundamentally a biographical record composed of personal information. Thus, healthcare organizations are routinely targeted by criminals—a problem aggravated by poor funding and a resultant lack of access to up-to-date data security.
Healthcare organizations are also required to maintain compliance with federal privacy legislation regulating the handling of PHI. The best-known of these laws are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH).
NAS has emerged as a cost-effective security solution for cash-strapped healthcare organizations. While the majority of large hospitals have implemented SAN solutions, NAS is increasingly popular among mid-sized organizations, largely because this system has been shown to be extremely effective at coordinating large amounts of data across multiple facilities.
Because forensics analysis often occurs “in the field,” NAS devices have enormously expanded the options available to professionals in this industry. Portable NAS devices give forensics professionals a way to transport laboratory analytic tools virtually anywhere. Once deployed, these NAS devices can collect and preserve a wide variety of digital evidence, including file fragments, deleted files, and browser artifacts, in a way that conforms to chain-of-custody protocols required by the courts.
One of the main virtues of NAS systems is scalability—this type of storage setup can provide flexible solutions for organizations of all sizes, from sole proprietorships to large multinational corporations that have a presence on several continents. Storage space can be easily expanded without requiring any hardware additions or network shutdowns.
NAS is also well suited to the high-performance demands of the enterprise sector, as these systems can transmit large multimedia files and provide massive amounts of memory storage, all while protecting the integrity of stored data via RAID configurations and similar redundancy safeguards.
This is hardly a comprehensive overview of NAS application; many types of organizations not covered here have found network-attached storage the best possible solution for their data maintenance needs.
The Critical Importance of NAS
NAS-based applications aren’t valued solely due to their convenience and cost-effectiveness; they’re involved in a broad range of mission-critical services in the healthcare, military, and business sectors.
In healthcare, NAS systems are responsible for storing massive amounts of data relating to patient history, such as diagnostic tests, x-ray images, and prescribed medications. This data must be immediately accessible at all times, as emergency situations can be exacerbated by an inability to retrieve this information—e.g., a patient could be accidentally given a medication to which they have had an allergic reaction to in the past.
This is one of the primary reasons why hospitals are often targeted by ransomware attacks: cybercriminals are well aware that these types of organizations cannot afford lengthy downtime.
In the military, NAS systems play an important role in storing sensitive information. Aside from encrypting data effectively, military NAS devices also must conform to precise specifications and physical characteristics in order to avoid decreased performance or downtime.
In business, NAS systems are entrusted with storing vast amounts of customer data. This data needs to be carefully protected. A number of laws require businesses to safeguard personally identifiable information—such as credit card numbers—and impose large financial penalties on companies that fail to comply. Furthermore, data breaches—often the result of inadequate or outdated data infrastructure—can severely damage a company’s reputation and, by extension, its revenues.
In order to function effectively, NAS solutions should ideally provide all of the following capabilities:
Continuous uptime – The data stored within NAS systems must be accessible on demand. For some applications, this means 24/7 uptime.
Data security – Data must be properly encrypted—AES 256 is standard today—to ensure that it cannot be viewed by unauthorized parties.
Data integrity – Data should also be maintained in its intended state, without introducing errors. It should also be protected against accidental deletion or loss.
Physical security – NAS devices should be “ruggedized”—that is, capable of enduring incidental physical contact and jostling. This is especially important in military applications. Physical security also includes protection against intentional intrusions into the device (e.g., locks and gates).
Why It Pays to Be Selective When Choosing NAS Devices
NAS systems have many burdens to shoulder, and a failure at any point can have catastrophic consequences for any organization that relies on them. In certain applications, such as those found in the military and healthcare sectors, an inadequate NAS system can literally cause fatalities.
If you plan to invest in a NAS system, it only makes sense to select first-rate products that can provide all the benefits outlined above. The best way to go about this is to choose products that have been specially certified to ensure their compliance with the highest standards of performance. Among the extended family of network-attached devices, none has been more extensively tested than those that are used in military applications. This is a very select group of devices and accessories that includes the Ciphertex SecureNAS®.
NAS devices that have been certified for military use are not restricted to use in this sector—far from it. You can find “milspec” NAS devices and systems in a wide variety of industries and many types of privately and publicly owned businesses. These kinds of devices are considered desirable because they have been tested against the military’s rigorous standards of data security and physical durability.
Products that are officially designated as “military-approved” cannot be dismissed as mere marketing hype—if these kinds of hardware and software fail to perform, they lose their certification.
In the U.S. military, all product acquisitions are mediated by the General Services Administration (GSA), which spends over $30 billion annually on an extremely broad range of goods and services. While the military can make purchases from virtually any company, it is compelled by the Federal Acquisition Regulation (FAR), which applies to all federal agencies, to give preference to organizations listed in the GSA Schedules Program.
The Program—also called the Federal Supply Schedule or the Multiple Award Schedule Program—lists qualified vendors that can provide one or more of every type of product or service that the military might need to acquire, from toothbrushes to laptop repair.
Every contractor listed in the GSA Schedules Program must provide what is officially known as an “Authorized Federal Supply Schedule Pricelist” that covers all the supplies and services, and associated costs, that they currently offer. It is from this pricelist that federal agencies select the goods and services they wish to acquire.
GSA contracts have indefinite delivery/indefinite quantity (IDIQ) terms: they are intended to allow agencies to acquire as many items or services as necessary within a specific period of time.
A company that earns a GSA Schedule Contract has the right to sell goods and services to federal agencies as well as state and local governments—an enviable position for any business. These vendors can bill themselves as “GSA Approved.” However, the right to this distinction is not easily won.
Companies must undergo a lengthy due diligence process before they can be awarded a GSA Schedule Contract. This process includes not only an analysis of the quality of the goods and services in question but also a determination of prices, warranties, delivery terms, and other conditions attached to the transactions.
The company itself must also comply with various requirements, such as a manufacturing presence in the U.S. and a proven track record of providing high-quality products in the commercial marketplace. To be designated as a “Responsible Prospective Contractor”—a precondition for becoming GSA Approved—a business must be able to prove the following:
- Adequate financial resources
- A satisfactory performance record (generally at least two years of strong sales)
- A demonstrated commitment to integrity and ethics in business
- The technical and organizational capacity to provide contracted products and services
The approval process for GSA contracts is quite rigorous and can take up to a full year to complete. In many cases, finalizing the contract requires multiple rounds of revisions and negotiations with a Contracting Officer.
The effect of a GSA Schedule Contract is to enormously simplify and streamline the ordering process. Federal agencies that need to purchase a certain quantity of laptops, for instance, do not need to negotiate terms and conditions with the seller; all that has been arranged in advance. They can also be assured that any products they order are in compliance with all governmental regulations.
GSA Schedule Contracts can be valid for as long as twenty years (generally an initial five-year term, plus three five-year extensions). These are all reasons why a GSA-Approved product is highly sought-after, even in the private sector.
GSA Schedule 70 is the section devoted to IT products and services. It covers more than 7.5 million products and services offered by more than 4,600 vendors. However, Schedule 70 does not always include every product or service that an agency requires. Sometimes it is necessary to resort to an alternative option known as Solutions for Enterprise-Wide Procurement (SEWP).
Solutions for Enterprise-Wide Procurement (SEWP)
The best-known contract that is dedicated to IT products and services for the federal government is known as Solutions for Enterprise-Wide Procurement (SEWP). Administered by NASA, it enables federal agencies to access best-in-class technology, including information and communications tech and audio-visual products.
Established in 1993, SEWP is a type of Government-Wide Acquisition Contract (GWAC), which is intended to make IT acquisitions available to all federal agencies in a speedy, cost-effective manner. With SEWP, agencies can purchase complex IT solutions in a single order (whereas a typical GSA contract would require separate orders). They are indefinite delivery/indefinite quantity contracts, like GSA contracts.
At present, more than 3 million products and services from over 8,000 manufacturers are available through the SEWP program, and the catalog is regularly expanded and updated. The current SEWP contract (SEWP V) went into effect on May 1, 2015 and will expire on April 30, 2025.
SEWP can be used to purchase many types of IT products and services, including but not limited to:
- Data storage systems
- Mobile devices
- Cloud services
- Audio-visual devices
- Telecommunications devices
- Video conferencing systems
- Hardware peripherals
Through SEWP, federal agencies are assured that the products and solutions they acquire conform to the most up-to-date standards. As with GSA-Approved vendors, companies that are allowed to participate in selling to the government through SEWP have passed a thorough vetting process, and are required to keep pace with technological advancements and current trends in order to maintain this status.
The Enterprise Connection
Companies looking for first-rate enterprise IT solutions should turn to companies that have a record of providing GSA- and SEWP-contracted products and services. The reason for this is simple: Companies that sell to the federal government must comply with the highest standards recognized anywhere. These types of IT products are often entrusted with the storage and processing of extremely sensitive data, so they must be able to perform reliably.
These organizations must not only offer top-notch solutions but also demonstrate a commitment to sound business practices—the vetting process is designed in part to filter out “fly by night” companies whose long-term viability is questionable. Therefore, a company that adheres to the practices required to maintain GSA and SEWP approval can be said to have achieved best-in-class status among the business community.
How Ciphertex Maintains GSA Compliance
Just as GSA approval is not easily given, it is also not easily maintained. GSA-Approved companies must undergo yearly audits to ensure continuing compliance with the exacting requirements mandated for equipment and services intended for military usage.
As a GSA-Approved company, Ciphertex participates in these annual audits, which include various types of inspections to ensure that our warehousing, engineering, and administration procedures adhere to current regulations. These audits include the following stages:
- Verifying our use of designated administrators for all relevant company functions, such as contract administration.
- Verifying the use of proper documentation in quality-control procedures, as well as a dedicated administrator responsible for overseeing QC.
- Verifying the quality of our products by various tests.
This last step requires Ciphertex to demonstrate that our products conform to the most up-to-date standards in our industry and have implemented all necessary upgrades to maintain this status. Ciphertex SecureNAS® storage products—dubbed “The Fort Knox of Data Depositories”—come with an array of GSA-compliant features, such as:
- Rugged Portable Design (Environmental Test Lab Certified)
- FIPS 140-2 Level 3 Certification
- NIST 800-88 Compliance
- AES-256 Encryption
- HIPAA Compliance
- Hardware Encryption Key
- Key Management
- Multi-Factor Authentication
All these features add up to a state-of-the-art data storage solution that has been entrusted to safeguard the most confidential levels of governmental and military data. The same qualities that make Ciphertex SecureNAS® the preferred choice of government agencies also make it suitable for a broad range of applications in the private sector as well. The Ciphertex SecureNAS® has been tested rigorously over a period of years and has been found to be more than capable of performing optimally under challenging operating conditions.
The Ciphertex Advantage
Ciphertex is not the only company that supplies GSA- and SEWP-contracted equipment to the U.S. government, but we offer a number of benefits that many other companies at this level cannot match. These benefits include:
One-on-one customer service – When you call Ciphertex, you can talk to a computer engineering expert with years of experience.
Guaranteed products – We can fix your Ciphertex products if they fail to perform as intended or give you a refund.
Customized solutions – If you’re not satisfied with the off-the-shelf solutions that are currently available, we’ll work with you to devise a custom product that meets your particular business needs.
A long-term partnership with customers – With over a decade of experience, Ciphertex has a lengthy track record of providing top-notch solutions and helping customers get the most out of their purchases. You can count on us to be here when you need us.
The Ciphertex SecureNAS® is currently used by many hospitals, law enforcement agencies, and many other types of organizations around the U.S. We also provide RAID systems, rackmount servers, and custom software encryption solutions to businesses in a wide range of industries, including the military, government, healthcare, remote office, forensics, and entertainment/media sectors. Feel free to contact us with any questions you have about the SecureNAS® or any of our other products.