Vendors to Promote Integration of IT, Physical Security

Computerworld - SAN FRANCISCO -- Computer Associates is leading a multivendor initiative to define common standards for integrating the management of physical and IT security systems.
Under the Open Security Exchange effort, CA will work with HID Corp. in Irvine, Calif., Gemplus International SA in Luxembourg and Tyco Fire & Security in Boca Raton, Fla.
HID manufactures physical access control systems, Gemplus makes smart cards, and Tyco is an integrator of physical security systems.
The group has already drafted initial specifications for common administration of users and privileges, common authentication to IT systems and physical facilities, and centralized management and auditing of both functions.
Going forward, the Open Security Exchange will make the interoperability specifications available to standards bodies for consideration as open standards, said CA Vice President Russell Artzt.
Integrating physical and IT security can give companies a more comprehensive view of risk and how to manage it, said Luis Suarez, vice president and manager of PKI and encryption key management at Wachovia. The bank is piloting a project that will enable users to access physical facilities and IT networks via smart cards.
But a lot depends on the extent to which additional vendors support such efforts, said Adam Stanislaus, vice president of physical security at First Data Corp. in Overland Park, Kan.
First Data is testing a CA technology called eTrust 20/20 to see if the product can centrally manage the financial firm's physical and IT access control databases.
For the technology to be really useful to First Data worldwide, it would need to support many more physical access control technologies from more vendors, Stanislaus said.
"We would like to see more partners involved. We hope it is an open architecture and not just [limited to] three or four companies," he said.

Read more about Security in Computerworld's Security Topic Center.