As an enterprise organization, there is one notion you must disabuse yourself of – although it may seem logical, “traditional” commercial enterprise best practices, approaches, and standards do not translate, one-to-one, to the world of the NSA’s Commercial Solutions for Classified (CSfC) program. This is due to its complexity, as well as the fact that solution delivery surrounding it is much less mature than you’re likely used to on the commercial side.
So, when we consider the question of what it takes to truly be enterprise-class in the increasingly complex space of CSfC today, finding an answer isn’t easy. In fact, it’s likely that it feels virtually impossible to implement CSfC-compliant solutions that deliver a commercial-grade customer experience, manageability, and supportability in a manner that is both efficient and cost-effective.
While this may have been historically true, that’s not the case today – it is possible.
Resetting expectations around CSfC compliance for enterprise
One of the greatest challenges around CSfC compliance is time. For example, the registration process through the NSA takes time, the ATO process takes time, IT administration of CSfC-compliant solutions takes time, and so on. Nothing about CSfC feels efficient; waiting is simply part of the process.
That is true, and it is also not true. Yes, processes take time, but if you can take a step back and manage those processes in a different way, you can speed up the overall CSfC ecosystem within your organization.
At Archon, we have standardized a reference architecture. This was an intentional decision, so we can meet the needs of our customers in a more timely manner. What that allows us to do is have 80% of our documentation ready to go upon award rather than having to recreate it every single time for NSA registrations.
Other trusted integrators out there could take a similar approach as we do but, by and large, they have not. Unlike more common IT solution implementations, like VDI for instance, CSfC for enterprise has not been truly embraced with any sort of intentionality at scale. The vast majority of trusted integrators have done less than three rollouts pertaining to CSfC solutions. In many cases, you’ll likely encounter trusted integrators that only have a single CSfC project under their belt, and as a result, each is treated as a one-off.
Whether you choose Archon or a different partner, the key point here is to understand that much more is possible when it comes to your CSfC enterprise solutions than you have likely considered before now. However, realizing that potential will rely on your due diligence in finding a trusted integrator with genuine, deep experience and an intentional approach. Otherwise, you will be trapped within the status quo.
Rethinking the use of pre-existing components and CSfC
Truly bespoke, enterprise-level CSfC solutions traditionally come about when an organization wants to reuse pre-existing infrastructure – “We already have X, Y, Z in-house, please just integrate the solutions into that.” At the surface, that sounds like a wise use of company resources. However, because of CSfC’s inherent complexity, the downward effects can quickly eliminate any financial benefit.
For example, if you add a different component into an already vetted reference architecture, your documentation will need to be updated before sending it to the NSA for registration. Then everything has to be updated in the ATO process. That’s why the more you can standardize upfront, the fewer changes in documentation (and fewer delays) will be required.
And from a deployment and ongoing support perspective, that level of standardization means you’re not changing how components talk to each other; your reference architecture is more controlled.
We understand that if you’ve already spent money on a component, it can feel like you’re saving money for your organization to develop and implement a CSfC solution that works in tandem with it. However, the reality is that hardware represents the lowest cost of this entire transaction. Instead, downward NSA documentation and ATO delays, deployment, and sustainment support impacts will cost you much, much more.
The more you can lockdown, the more you can standardize – even if it means letting go of legacy components – the greater your ultimate ROI of your CSfC solution will be in the long run.
Reevaluating preferred vendor relationships with CSfC
As an organization, it’s not uncommon to develop a preference for particular vendors, and those preferences can often serve you well in a commercial setting. When you find the right vendor who delivers on their promises with a superior product or service, it’s a smart business decision to foster and strengthen those relationships over time.
In the world of CSfC, those relationships may not serve you. Unless you’re running and owning every single aspect of your CSfC solution, you need to let go of those comforts in order to achieve the most desirable, efficient, and cost-effective CSfC setup for your organization.
In a way, it’s very similar to setting up electricity for your home. You don’t tell your service provider how to deliver electricity to your home; instead, your litmus test for success is, “Do my lights turn on when I want them to?” When they do, you’re not concerned with how that happened.
Automation and standardization to meet the complexities of CSfC for enterprise
When faced with the complex nature of CSfC implementation and governance, the reflexive reaction may be to throw more at it – more staff, more infrastructure. With a lesser experienced “trusted” integrator, that may be true and very necessary, but it shouldn’t be.
Throwing people at the problem is not the answer. Instead, we believe standardization and automation can serve you better.
That is the approach we take at Archon. We leverage factory-built processes upfront. For instance, we’ve figured out how to insert our IP for provisioning into the Dell factory process. This greatly reduces the manual labor per device once delivered onsite.
In the realm of certificate renewal – a historically cumbersome, time-consuming annual process necessary to remain compliant – we have leaned into automation. Rather than accepting the “staff surge solution” of returning the devices back to headquarters for the annual rekey process, we’ve created Archon Manager, a fully-automated certificate and device management product that operates entirely with over-the-air (OTA) updates. Anytime, anywhere.
Another way in which you might traditionally consider increasing staff for your CSfC solution is to administer manual efforts on-site. It doesn’t have to be that way. We’ve invested time into virtualizing all components, to expand your abilities to make as much of your solution repeatable, scalable, and automated as possible.
That’s how you truly meet the needs of the large enterprise.
Being more intentional with the customer experience
One of the most important areas of focus for a CSfC solution is the one that’s often the most overlooked – the customer experience.
It can be all too easy to assume that “one-size-fits-all” for your individual use case. You may have individuals working directly on a government network; you may have others who will be working from disconnected locations. Whatever may be true in your organization, your goal is first to understand what customer experience expectations you need to address within your solution.
Once you have deep knowledge of the different use cases you must support in your CSfC solution, your next step is to be intentional in choosing a trusted integrator who can help deliver that customer experience.
Some questions you can ask, as well, include:
- How much CSfC experience do you truly have?
- How close to commercial grade is the user experience?
- What is the login experience like? (How many password entries?)
- How long does it take to log in?
- Can you offer and manage multiple form factors to meet the unique nuances of the way we like to do business?
- Can you offer both a thick client and a thin client experience?
- How long does it take you to move from one system to the next system at the end of the product’s lifecycle?
At Archon, we’re proud of the customer experience. Archon OS presents an elegant, easy-to-use login that walks you through the bootup process.
Archon OS was designed to be extremely portable making it easy to move from one product to the next. Such portability is essential right now, due to the volatility of today’s supply chains. With a portable OS like Archon OS, you aren’t locked into certain approved product lists.
And Archon OS works on almost any x86 device, making it easier for us to meet the needs of users across a wide range of form factors and devices.
At the end of the day, delivering enterprise-class support means providing the end-users with the productivity and experience they demand.
CSfC is complex, but what it takes to be enterprise-class in a CSfC world is simple
Because of the overwhelming nature of CSfC complexity, it can be easy to assume your organization needs to take the legacy approach and that sacrifices in time, manageability, and ultimately the customer experience are just part of the process.
However, in light of CSfC’s inherent complexity, to truly be enterprise-class, one must rethink its approach.
- Take an intentional focus on embracing automation and standardization.
- Trade component vendor relationship comfort for the assurance of solution reference architecture.
- Demand consumer satisfaction with a flexible end-user solution that truly meets their needs.
That’s how you’ll solve for today and tomorrow for your organization and your end-users. That’s how you achieve CSfC compliance and success at an enterprise scale.
