Computer Associates International Inc., Gemplus S.A. and several other companies last week announced the formation of a group that is working on open specifications and best practices for integrating information security and physical security.
Two of CAs products, which are in beta, already support the groups specs, and the members hope that other large industry players, such as IBM, will begin adopting the specs as well. The group plans to submit the specs to an industry standards body but has yet to decide which one it will approach. One likely candidate is the Organization for the Advancement of Structured Information Standards.
The Open Security Exchange grew out of CAs own efforts to integrate the management of network and physical security within large enterprises. CAs eTrust 20/20 software was developed to address this problem by using smart cards, network log-ons and other systems to track employee and visitor movements and activities. The software was released for beta testing last week. CAs Security Command Center also adheres to the specs.
Among the problems the new group plans to address are audit and forensics, authentication, and centralized provisioning.
"We want to provide comprehensive security management related to physical access of IT security," said Russell Artzt, executive vice president of eTrust at CA, based in Islandia, N.Y. "This is a very important problem in the industry, and only by adding other members will it really work."
The other founding members of the exchange are HID Corp., which manufactures access control readers and cards, and Software House, a division of Tyco International Ltd.
The need for the kind of collaboration the Open Security Exchange is proposing is clear. But whether competitors and large companies from disparate industries can work together to make the idea work remains to be seen. Still, some experts say there is great potential in the idea.
"There is a lot of money to be saved from this idea," said Robert Rodriguez, a special agent with the Secret Services electronic crimes task force here. "I dont believe from what Im seeing that law enforcement at the state and local level is equipped to tackle this problem. We need to attack it from the front end and not the back end. Part of our success is in developing partnerships with the industry and community."