CA, Others Form Open Security Exchange

New group is working to define and implement open specifications and best practices for integrating information security and physical security.

SAN FRANCISCO—Computer Associates International Inc., Gemplus SA and several other companies announced Monday the formation of a group that is working to define and implement open specifications and best practices for integrating information security and physical security.

Two of CAs products, which are currently in beta, already support the groups specification, and the members hope that other large industry players such as IBM will begin adopting the spec as well. The group plans to submit the specifications to an industry standards body, but has yet to decide which one it will approach with the idea. One likely candidate is the Organization for the Advancement of Structured Information Standards, or OASIS.

The Open Security Exchange grew out of CAs own efforts to integrate the management of network and physical security within large enterprises. Its eTrust 20/20 software was developed to address this problem by using smart cards, network log-ons and other systems to track employee and visitor movements and activities. The software was released for beta testing Monday. CAs Security Command Center also adheres to the groups specifications.

The announcement of the groups formation came at the RSA Conference here.

Among the specific problems that the new group plans to address initially are audit and forensics, authentication, and centralized provisioning.

"We want to provide comprehensive security management related to physical access of IT security," said Russell Artzt, executive vice president of eTrust at CA, based in Islandia, N.Y. "This is a very important problem in the industry, and only by adding other members [to the group] will it really work."

The other founding members of the exchange are HID Corp., which manufactures access control readers and cards, and Software House, a division of Tyco International Ltd.

The need for the kind of collaboration that the Open Security Exchange is proposing is clear. But whether competitors and large companies from disparate industries can work together to make the idea work remains to be seen. Still, some experts say there is great potential in the idea.

"There is a lot of money to be saved from this idea," said Robert Rodriguez, a special agent with the Secret Services electronic crimes task force here. "I dont believe from what Im seeing that law enforcement at the state and local level is equipped to tackle this problem. We need to attack it from the front end and not the back end. Part of our success is in developing partnerships with the industry and community."

Making the group viable and relevant will also depend on which other companies and organizations decide to join.

"One of the key thrusts is to find the critical additional partners to make this work," said Alex Mandl, CEO of Gemplus, based in Luxembourg.

The groups specification is available on its Web site, which is

Most Recent Security Stories:

Search for more stories by Dennis Fisher.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.